Deciphering the DeCrypti Code
Storage security has been talked about for years. Several vendors specialize in nothing else, and EMC began securing its storage arrays just last week. A handful of standards bodies have sprung up devoted to the subject. Yet headlines continue at an alarming pace about identity loss and general data insecurity.
"While the current standards initiatives are good in their own regard, the end user community is either largely ignorant or not interested in them," says Ashish Nadkarni, principal consultant at GlassHouse Technologies.
The reasons behind such ignorance are not hard to fathom. Robert Langdon of "Da Vinci Code" fame traced clues contained within esoteric religious symbology, yet he would be hard-pressed to decipher the DeCrypti Code of storage security standards. No fewer than four separate groups are at work on the issue.
The Trusted Computing Group (TCG), for example, has a trusted storage initiative (see Can Your Storage Be Trusted?). TCG's focus is on standards for security services on dedicated storage systems.
The Institute of Electrical and Electronics Engineers' (IEEE) Computer Society sponsors security standards. One of these projects resulted in an approved standard last December, IEEE 1667, "Standard Protocol for Authentication in Host Attachments of Transient Storage Devices." This affects hundreds of millions of mobile phones, iPods, PDAs, mp3 players and many other transient storage devices. In addition, IEEE has the P1619 project on encryption and key management.
To make the picture even more complex, the American National Standards Institute (ANSI) has its SCSI storage interfaces (T10) technical committee. T10's first effort on the security of stored data is in the Object-based Storage Devices (OSD) standard published in 2004. It has a follow-on project called OSD-2 that is in development. Another T10 effort is in the draft SCSI Stream Commands-3 (SSC-3) standard. This document is adding features to encrypt the data on tapes while in transit.
And then there is the Storage Networking Industry Association (SNIA), whose Security Industry Forum (SSIF) has its own storage security efforts.
One Big Happy Family
So who's who among these groups? Who are the angels and who are the demons? Far from representing warring factions in an eternal struggle, it appears they manage to get along.
"Various groups have standardized the basic building blocks of security, like cryptographic algorithms and aspects of life cycle key management," says Michael Willett, a TCG board member who is also part of Seagate's security research team. "TCG draws on those basic building blocks to create more complete security systems."
For example, TCG has a subgroup working on key management for storage devices to satisfy the IEEE's P1619 storage specs. It also has members involved with SNIA's SSIF.
Matt Ball of Quantum tells a similar tale. He is acting chair of IEEE's Security in Storage Workgroup (SISWG). He says that IEEE P1619 is one standard within a family of standards currently in development by SISWG. The others are P1619.1, Authenticated Encryption with Length Expansion for Storage Devices; P1619.2, Wide-Block Encryption for Shared Storage Media; and an upcoming standard, tentatively P1619.3, Key Management Infrastructure for Cryptographic Protection of Stored Data. You can find more information on these standards at http://ieee-p1619.wetpaint.com/. P1619 is scheduled for final approval and publication this July, followed by P1619.1.
"Hard disk vendors typically use relatively weak encryption modes," says Ball. "P1619 calls for the use of the only publicly available cipher suitable for encrypting top secret government information."
He notes that the other standards groups largely intend to use P1619 instead of duplicating it. But for other SISWG standards, such as P1619.3, the picture may not be as clear. TCG has a subgroup named the Key Management Services Subgroup (KMSS) that has some overlap with the P1619.3 scope. Even so, Ball believes these two groups will work closely with one another to minimize the overlap.
Meanwhile, ANSI T10 is concerned with the SCSI interface, primarily for talking to tape drives. Ball reports that ANSI T10 generally steers clear of security and is only including enough security infrastructure to support cryptographic key entry for tape drives that support native encryption. Part of the ANSI mission, after all, is to represent the U.S. at ISO. ANSI therefore can take standards from other U.S. based groups and forward those to ISO. Thus, ANSI has active liaisons with TCG, IEEE 1667, IEEE 1619, and SNIA.
"Both of T10's OSD standards projects were done in coordination with the SNIA OSD working group," says John Lohmeyer, chair of the INCITS SCSI Storage Interfaces (T10) Technical Committee, who also works for LSI Logic.
Even the vendors appear to be on board with most, if not all, of these entities. NetApp's Decru unit, for example, participates on several of these standards committees. It co-authored P1619, contributed proposals for enhancing key security and authentication in ANSI T10, and is a contributor member of TCG. You'll find EMC, Quantum and other major storage players involved in multiple committees, as well as SNIA security bodies.
Watching and Waiting
Will all this, then, lead to a digital fortress of storage impregnability? Perhaps eventually, but users will have to wait as the proposals wend their way slowly through the approval process.
Ball says that by the end of this year, tape drives will start to appear that support P1619.1 encryption. Look for IBM, HP, Sun Microsystems and Quantum to release such products. Around the same timeframe, P1619-compliant hard disks will start to emerge. P1619.2 (wide-block encryption), however, won't affect the market until mid-2008 at the earliest, and P1619.3 (key management) will probably be available at the beginning of 2009.
Willett says TCG's spec should be published this spring. As all major hard drive, flash and optical drive vendors have been contributing to it, it should take no more than a year for most storage vendors to either offer or announce compliant products. A couple have already issues press releases on the subject.
What about T10's OSD-2? Lohmeyer admits that it is behind schedule and should have been out last fall, but it should be out imminently. ASNI SSC-3 should be ready for approval by November 2007 and SPC-4 by November 2009.
"I think the need for secure storage is inevitable, but I hesitate to predict when it will actually be deployed," says Lohmeyer. "OSD, for example, is not widely adopted as yet, so it has had minimal impact on storage security."