The trust matrix

We hear a great many people talk about what a trust architecture will prevent. A lot less about what it can enable.

Seems to me that running a network for information - some of which has considerable personal or exchangeable value - without any kind of integrity mechanisms in place is rather like trying to run an economy without a reliable currency.

Sure, there are numerous things you can do without reliable identity of a user and their machine. Just as you can barter physical goods in the marketplace without money in your pocket.

But there are other things which are enabled via a hardened trust system. Techie types of things, like making sure network access is properly and reliably authenticated and that spyware isn't running alongside an application; economic ones, like making transactions enforceable; and personal ones, like making sure your resume isn't treated by someone else as if it was not confidential information.

So the architecture of trust - and I use the term broadly to include not just the hardened system, but the software applications which run within it - which in and of itself appears to be a rather dull set of building blocks and software stacks, actually allows the networks' users to glean all kinds of optional benefits in the use, storage and exchange of information.

Which tangibly changes the way we use the network and the society which operates through it.

The most secure laptop in the world...

During the December 2007 and January 2008 timeframe Dell, in conjunction with Seagate and Wave Systems Co. ran a series of advertisements in major US publications.

The Dell Latitude series of notebooks is available with the Seagate MOMENTUS FDE.2 hardware based self encrypting hard disk. Encrypting and decrypting at full interface speed this is a new and safer approach to protecting data-at-rest. Unfortunately - and unexplainably - Hewlett Packard does not offer hardware based disk encryption solution. Lenovo and NEC Europe do.

Interesting here, that Wave Systems Co. not only builds the client application but also offers a full complement of enterprise grade central management tools for such platforms. Wave's ERAS server integrates into active directory and allows the simultaneous central management of FDE.2 and/or TPM configured clients.

Comment on hardware security...

Comment by Steven Sprague, CEO, Wave Systems Corp.

Hardware Security the key to keeping your data safe

The fundamental problem with software security is that it is executed on the main processor so any secrets that are part of the "security" get exposed as part of the main memory of the system.

Most of the articles on this memory vulnerability fail to mention that this problem can be just as acute for Authentication Keys used by the VPN or Wireless infrastructure. The bad news is that you can't easily fix this with software, The good news is that solutions are available that leverage hardware security to protect the secrets.

Let me try to break the problem down and explain the tools and approaches which are available to address the memory attack problem.

The memory attack that was described by Declan McCullagh works because the secret keys used to encrypt the data need to be used by the processor and as a result must be available in the main processor memory. This is a systemic problem of an open programmable PC. The memory attacks described to find encryption keys was not all that surprising as an approach, however, the ease with which the attack could be successfully achieved was clearly unforeseen.

To address these two security challenges security hardware can be used to not just store keys securely but also use those keys for the function that needs to be executed. Let's focus on two security related functions first, authentication and second, bulk data encryption.

For VPN keys, a chip can securely create store and use the keys without the operation requiring any processing of the data within the main processor memory. A good example is the TPM (Trusted Platform Module). This is a security chip that can be found on millions of business laptops and desktops. The TPM creates a public/private key pair for securing the VPN and keeps the private key secured so that it is never exposed outside of the chip. The TPM can be asked to use this private key as an identity for authentication of the PC or the user. When used for authentication the TPM can complete the secure portion of the authentication transaction completely inside the TPM chip. This is important because the TPMs are tamper resistant and would require a significant attack effort to extract a secret key from a TPM. This is the same type of protection that is used in millions of cell phone SIM modules, smart cards and other security chips. While the TPM that is used with the Microsoft BitLocker FDE application is used to protect the keys when the PC is turned off, while the system is either running or in standby mode, the encryption keys are still exposed within the main processor of the system. The TPM is not a bulk encryption device, only a key generation and secure key storage device. Therefore, Bitlocker and other software FDE solutions, even if they support TPMs are still going to expose the encryption keys to these kinds of memory attacks.

The Seagate Momentus 5400.2 FDE drive provides an entirely different approach to the encryption solution. The disk drive controller, a powerful and secure processor, generates its own encryption keys and then encrypts/decrypts all data sent to or requested from the disk drive. In addition, the strong authentication of users using passwords is integrated directly into the drive and is performed before any foreign software, including the operating system are ever loaded. The means that all access control and encryption take place within the highly secure hardware of the disk drive. The keys which encrypt the data are not accessible and never leave the drive, so there is no exposure from the kinds of memory attacks described.

The additional benefit of integrating encryption directly into the hard drive is that system performance is never affected and main processor cycles are never used to perform the computationally intense tasks of encryption and decryption. Encryption directly in the hard drive is a win-win solution for both security and performance.

Consequently, the data protection answer is clear, enterprises should be ordering all new laptops with the highly secure Seagate Momentus 5400.2 FDE drives. Laptops with these drives are currently sold by Dell, Lenovo, NEC Europe and ASI. These solutions have robust security management software available in order to provide remote management, including full audit logging for the FDE drives in order assist in meeting compliance to the numerous data protection regulations.

Wave Systems' Embassy Trust Suite software provide the software that enable central management of both the TPM and the Seagate FDE drives. These tools make it easy to leverage these hardware security technologies to secure the enterprise.

Actions any IT department can take to reduce vulnerabilities

- Utilize the TPM chip to store any client side certificates for more secure network access and user authentication

- Specify and purchase laptops with Seagate FDE drives in all new laptops.

- Install an integrated centralized management solution for the hardware security features currently in most laptops including the TPM, FDE drives, finger print readers and smart card readers

There is no magical SW. All of the software solutions today have the same vulnerabilities to secrets being held in memory so that the processor can use them. The greater the complexity of the software the more likely there are vulnerabilities. Hardware security is a well known solution. Industry has invested to bring inexpensive robust hardware security to millions of PCs. It is time for Every VPN and every Wifi connection to leverage hardware to secure the enterprise.

Conduct an audit of the machines in your enterprise and see how many already have a TPM. Ask your network vendors for documentation on how the TPM can be used (if your network supports MSCAPI it will support a TPM) and begin to explore the use of hardware to secure your enterprise. Seagate's FDE drive is a must for anyone buying a laptop. The reduction in liability for the corporation is more than enough ROI for any IT department. It is an easy to deploy, Very secure, and easy to manage device for full disk encryption. Ask your OEM to supply you one or feel free to call Wave so we can help you evaluate the solution.