Seagate: The Hard Drive, Reconsidered

Who benefits, and how soon?

The first big consumer benefit of a DriveTrust-enabled product will be the capability to encrypt its entire contents. "For years, there have been software embodiments of full-disk encryption," said Dr. Willett. "The encryption runs over on the platform in software, running against the [CPU] that's in the platform, typically, and the keys are stored somewhere in software. There are certain inherent vulnerabilities to that. We put the hardware on the drive doing the encryption, we put the key on the drive in a derived-key format in hidden memory, that's never even in the clear, so you get a lot higher protection when this function's over on the drive. So you're going to see a lot of the security function migrating from a sort of higher-risk, lower protection of the operating system, over to some of these hardware enclaves like storage devices, as it becomes widely available."

Dr. Willett explained how that will work: At the factory, a randomly-generated encryption key will be generated, though that process is kept hidden from even the factory machinery. After the drive is purchased, the new owner then initiates the drive by creating a series of master passwords for it. Those master passwords are then mathematically combined with the original encryption key to create a derived key.

The original cryptographic key is then eliminated from the drive, and the derived key put in its place. The master passwords remain necessary to decouple the crypto key from the derived key. When the drive is shut down, the derived key is stored, but without the master passwords, that key is useless.

What happens when the drive gets transferred to another owner, we asked? A handoff process enables the original crypto key, once decoupled from the derived key, to be applied to a new set of passwords, thus creating a new derived key. This process has the added virtue of "cleaning" the drive's contents without having to reformat.

In the Trusted Computing scheme of things, the handoff process -- where the drive changes ownership -- is a critical moment. When any component with an installed TPM is shipped to a customer, it has to be "activated," in a process Dr. Willett describes as very similar to activating a Microsoft software product. He does elevate its importance, though, by describing it as a "handoff ceremony," where the user takes possession of the drive by keying in a security IT number provided to it by the manufacturer - in this case, by Seagate. By signing off on the drive, he said, "it's like an evidentiary chain like on one of these cop shows...so that you don't have any perturbation in the evidence."

What this means is, as hardware starts to take on some of the functions of software, it will end up being activated like software.

Once that handoff takes place, however, a system is initiated whereby the hard drive is not only capable of encrypting everything it writes and decrypting what it reads, but also using cryptographic key functionality to validate that every stream of data it is directed to write has been authorized by a Trusted Application, with the TCG applying the big, capital letters.

A TA in this regard is not, as some have suggested, a selected group of software that has earned - or otherwise acquired - the IT equivalent of the "Good Housekeeping Seal of Approval." It's simply an application that can prove its identity, or otherwise enable another trusted component to vouch for it. Conceivably, every genuine application -- even those that already exist -- could qualify.

One of Windows Vista's new and thus far underappreciated features is its extension of group policy to the local level, enabling even individual users in their home offices to administer Vista using tools the network admins use. With the group policy model in Vista being extensible, a TCG environment could enable the operating system to only run processes that pass the Trusted test for authenticity.

In such an environment, even Web-based scripts may have to prove their validity to the user directly before they can run. At that point, the most clever malware will have to resort to attempting false certification - a process that could conceivably work somewhere, at some time, maybe once.

The TCG Storage Workgroup's current Use Case Whitepaper, version 1.0, addresses this very point: "The TPM is a root of trust that extends to trusted applications running on the host which may then securely manage such resources in the internal SD computing environment. Since such host applications are written by the open community, it is essential that one application cannot affect SD resources that another application depends upon, except in predictable ways. Therefore the system of access controls may be divided among applications that may run on the host."

Yet immediately, the white paper goes on to make this understated point, whose significance is masked by the language's obscurity: "It is precisely this strong notion of SD-enforced host application rights that allows trust to be extended from the TPM-grounded host to the SD. A natural consequence of this is to provide greater opportunities in storage, such as permanent storage areas that are restricted to particular host applications, and exclusive control over the data-at-rest encryption capabilities of the SD."

Ah, wrote Shakespeare so brilliantly, there's the rub.

Next: The Beat of a Different DRM