Trusted Computing Group Releases Trusted Storage Specification to Enable Security in Storage Devices

Business Wire, June 19, 2007

TCG Forms Group to Address Key Management

TCG to Host Webinar on Storage Security

PORTLAND, Ore. -- Trusted Computing Group (TCG) today announced it has published a draft specification for trusted storage. This specification, building on previously released storage security use cases, provides the architecture for implementing trust and security services directly on storage devices and is being made available to the industry for review.

The draft specification is complete and can be used by storage and application vendors to begin to design products that enable the defined trust and security functions. A final specification will be published in the near future. Vendors interested in participating in the evolution of the specification are encouraged to join the TCG.

TCG also has formed a subgroup under the Storage Work Group to focus on key management services for storage devices based on the TCG specification and will host a free webinar on the topic of storage security on June 21.

Noted David Hill, principal, Mesabi Group, "The public media blares the loss of confidential information on large numbers of individuals on what seems a daily basis, and that is only the tip of the data breach iceberg for not having trusted storage. Trusted storage will soon be seen as a necessity -- not just a nice to have -- by all organizations. The TCG storage specification is therefore welcome news as helping point the way to trusted storage."

The storage specification, developed by more than 60 of TCG's 175 member companies, supports security services for a variety of storage devices including hard drives, flash, tape and optical devices. Security functions in the specification include cryptography, public key cryptography and digital signature, hashing functions, random number generation (RNG) and secure storage. It is available at www.trustedcomputinggroup.org/groups/storage/ for review.

Devices based on the new specification can interact with a trusted element in host systems. This trust element could be the TPM embedded into most enterprise PCs or a trust element authorized by the platform owner. The trust and security functions from the specification could be implemented by a combination of firmware and hardware on the storage device. Platform-based applications can then utilize these functions through a trusted command interface negotiated with the SCSI and ATA standards committees.

In addition to making the draft specification available, the Storage Work Group has chartered the new Key Management Services Subgroup (KMSS) to provide a specific method to manage the cryptographic keys needed by storage devices based on the draft TCG storage specification. The subgroup may, for example:

* Develop a uniform approach to managing keys across a variety of storage devices.

* Define an extensible set of key management operations to nurture and sustain encrypted data and its associated keys.

* Define key management audit operations that may be required to securely record all key management operations.

More information on this effort will be made available at https://www.trustedcomputinggroup.org/groups/storage.> Industry Support

Companies already are working to implement the TCG storage specification and to support its advancement.

"In today's environment, data security continues to receive attention as confidential information is compromised or lost," said David James, vice president, advanced product engineering, Fujitsu Computer Products of America, Inc. "We're excited to assist in the spec development and address this need in the HDD market."

"We look forward to the public discussion and customer feedback that will come from the release of the Trusted Storage specification, and welcome the trend toward greater adoption of security capabilities," said Marcia Bencala, vice president, marketing and strategy, Hitachi Global Storage Technologies. "Hitachi's Travelstar mobile hard drives support bulk data encryption today and we intend to incorporate the final Trusted Storage Specification as a vital part of our future-generation products."

"As chair of the Storage Work Group and an elected Board member of the Trusted Computing Group, Seagate was an early leader and active participant in the development of the new trusted storage Specification," said Mark Re, senior vice president of Seagate Research. "Putting trust and security functions directly in the storage device is a novel idea, but that is where the sensitive data resides. Implementing open, standards-based security solutions for storage devices will help ensure that system interoperability and manageability are greatly improved, from the individual laptop to the corporate data center."

TCG to Host Webinar for More Information

Anyone interested in learning more about the topic and the TCG storage specification can attend a free webinar on Thursday, June 21, 11 a.m. Pacific/2 p.m. Eastern. The webinar will include discussion of the storage environment and security challenges as presented by David Hill, Mesabi Group, and an overview of the storage specification and its implementation from members of the Storage Work Group.