Using AES 256 bit Encryption



Similar documents
How To Use Atmel'S Atmel Crypto Device For A Year On A Computer Or Cell Phone

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

Opal SSDs Integrated with TPMs

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

Trusted Platforms for Homeland Security

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Security Policy for FIPS Validation

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Secure Network Communications FIPS Non Proprietary Security Policy

YubiKey Integration for Full Disk Encryption

Trusted Platform Module

PROXKey Tool User Manual

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

Pulse Secure, LLC. January 9, 2015

Introducing etoken. What is etoken?

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Microcontrollers Security Modules Secure System on Chip Reader chips CryptoAuthentication Secure Memories CryptoController.

SLE66CX322P or SLE66CX642P / CardOS V4.2B FIPS with Application for Digital Signature

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

SECURE USB FLASH DRIVE. Non-Proprietary Security Policy

Secure Cloud Storage and Computing Using Reconfigurable Hardware

WIBU-SYSTEMS CodeMeter a Revolutionary Digital Rights Management System

BitLocker Encryption for non-tpm laptops

WebSphere DataPower Release FIPS and NIST SP a support.

8-Bit Flash Microcontroller for Smart Cards. AT89SCXXXXA Summary. Features. Description. Complete datasheet available under NDA

Trustworthy Computing

SkyRecon Cryptographic Module (SCM)

TrustKey Tool User Manual

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Disk Encryption. Aaron Howard IT Security Office

SSD Firmware Update Utility Guide

Secure Storage. Lost Laptops

The Impact of Cryptography on Platform Security

Penetration Testing Windows Vista TM BitLocker TM

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Managed Portable Security Devices

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

UEFI Implications for Windows Server

ACS-3 Reporting Security Compliance

How to Encrypt your Windows 7 SDS Machine with Bitlocker

ACER ProShield. Table of Contents

The PC Boot Process - Windows XP.

Index. BIOS rootkit, 119 Broad network access, 107

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Smart Card Technology Capabilities

Recover Tab & RecoverAssist User Guide

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

256-bit AES HARDWARE ENCRYPTED SOLID STATE DRIVES

SUSE Linux Enterprise 12 Security Certifications Common Criteria, EAL, FIPS, PCI DSS,... What's All This About?

Intel architecture. Platform Basics. White Paper Todd Langley Systems Engineer/ Architect Intel Corporation. September 2010

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Firmware security features in HP Compaq business notebooks

Data At Rest Protection

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

KeyStone Architecture Security Accelerator (SA) User Guide

AC-PG-USBASP USBASP AVR Programmer

AD Image Encryption. Format Version 1.2

How To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS Security Policy

SecureDoc Disk Encryption Cryptographic Engine

Atmel AT97SC3204. Trusted Platform Module LPC Interface SUMMARY DATASHEET. Features. Description

TPM. (Trusted Platform Module) Installation Guide V2.1

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

256-bit AES HARDWARE ENCRYPTED SOLID STATE DRIVES

Using BroadSAFE TM Technology 07/18/05

FIPS SECURITY POLICY FOR

FIPS Documentation: Security Policy 05/06/ :21 AM. Windows CE and Windows Mobile Operating System. Abstract

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

Protection Profile for Full Disk Encryption

Atmel Norway XMEGA Introduction

CS 155 Spring TCG: Trusted Computing Architecture

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 1 Introducing Hardware

FIPS Security Policy. for Motorola, Inc. Motorola Wireless Fusion on Windows CE Cryptographic Module

Single 2.5V - 3.6V or 2.7V - 3.6V supply Atmel RapidS serial interface: 66MHz maximum clock frequency. SPI compatible modes 0 and 3

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

Atmel Crypto Elements Atmel Corporation

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone

Dual-boot Windows 10 alongside Windows 8

AN3270 Application note

Disk encryption... (not only) in Linux. Milan Brož

FLYPORT Wi-Fi G

ColdFire Security SEC and Hardware Encryption Acceleration Overview

TPM Key Backup and Recovery. For Trusted Platforms

Ingar Fredriksen AVR Applications Manager. Tromsø August 12, 2005

Virtual KNX/EIB devices in IP networks

EUDAR Technology Inc. Rev USB 2.0 Flash Drive. with Card Reader. Datasheet. Rev. 1.0 December 2008 EUDAR 1

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Transcription:

Using AES 256 bit Encryption April 16 2014 There are many questions on How To Support AES256 bit encryption in an Industrial, Medical or Military Computer System. Programmable Encryption for Solid State Disks Accelerated Memory Productions, Inc. www.ampinc.com

Programmable Encryption for Solid State Disks There are many questions that are being asked on how to use AES256 bit encryption and what is needed in the system to support a Solid State Drive (SSD). Most commercial SSD use self generating keys that encrypt the data contents. The method to protect this data is by enabling the SSD password feature. When a programmable encryption key is used, it replaces the need for a password and only requires the correct 32 byte code sequence to be written to the SSD to enable the SSD and the encryption/decryption functionality. While this is a short answer, the security requirement of how the SSD is utilized in the system deserves the most attention. What are the security requirements and how will they be implemented? The encryption capabilities that are being described here are for the amp inc SATAprime product series SSD where the entire drive is encrypted, and utilizes a managed programmable encryption key. Each individual drive has self encryption capabilities and can be keyed identical or individually. Each SSD encrypts data written to minimize the loss of system data transfer performance. The purpose of encrypting the SSD is to protect the data stored on the SSD from being accessed by nonauthorized individuals. The management of the authorization of who can access the system must be determined. Most computer systems utilize a BIOS during the power on cycle of a computer system. The BIOS is responsible for managing the authorization process based on the method defined by the security parameters established by the system designer. The BIOS will challenge the user to enter the correct security sequence for access. Depending on the type and method of challenge, the BIOS is notified that the challenge is valid or invalid, and if valid, the BIOS would load the correct encryption key sequence stored in a protected location. Once the key is written to the SSD, the data is accessible or system OS is bootable. What is needed to support a SSD data encryption The main focus of the document is to identify the different component pieces that you need to review and determine what is needed for your application. Here are some questions to be answered. 1. What are your security requirements? 2. How are the Keys Issued, Authorized and Managed? 3. Is there Physical Presence Interface required and where is it located? Review the documentation provided on our USB thumb drive or download them from Trusted Computer Group (TCG) www.trustedcomputinggroup.org Introduction The Trusted Computer architecture is platform independent and intended to enhance trust in computing platforms. As such, the TPM Main Specification is general in specifying both hardware and software requirements. The goal of the TCG member companies is to ensure compatibility among implementations within each type of computing architecture. WP 0200 Page 1 of 4

Below is a list of documents available from www.trustedcomputinggroup.org, PP_TPM_spec12_rev116_final TPM Main Part 1 Design Principles_v1.2_rev116_01032011 TPM Main Part 2 TPM Structures_v1.2_rev116_01032011 TPM Main Part 3 Commands_v1.2_rev116_01032011 To help in the review process, I have included additional references to documents that will help in understanding the requirements for implementing the security features. Review the document Physical Presence Interface Specification Version 1.2. This document discusses the Physical Presence of hardware and BIOS interface requirements. Summary of Physical Presence Interface Specification. Table of Contents 1 TPM Management Overview 2 2 Physical Presence Interface 3 2.1 ACPI Functions 7 2.1.1 Get Physical Presence Interface Version 8 2.1.2 Submit TPM Operation Request to Pre OS Environment 9 2.1.3 Get Pending TPM Operation Requested By the OS 11 2.1.4 Get Platform Specific Action to Transition to Pre OS Environment 12 2.1.5 Return TPM Operation Response to OS Environment 13 2.1.6 Submit preferred user language 15 2.1.7 Submit TPM Operation Request to Pre OS Environment 2 16 2.1.8 Get User Confirmation Status for Operation 18 2.2 Parameter Passing 20 3 Operation Definitions 21 4 Confirmation Dialogs and Keys 25 5 Physical Presence Interface Pseudo Code 31 WP 0200 Page 2 of 4

Example of a Trusted System amp inc is evaluating the Atmel AT97SC3205 Trusted Platform Module LPC Interface component to validate our feature requirements. An interface is provided on many motherboard solutions and is readily available for purchase. WP 0200 Page 3 of 4

The AT97SC3205 short form data sheet is included on our USB thumb drive and some of the features are highlighted. See Atmel 8883AS_TPM AT97SC3205T I2C DataSheet 0220. The complete document is available under NDA. Compliant to the Trusted Computing Group (TCG) Trusted Platform Module (TPM) Version 1.2 Specifications Single chip Turnkey Solution Hardware Asymmetric Crypto Engine Atmel AVR RISC Microprocessor Internal EEPROM Storage for RSA Keys 400kHz Fast Mode/100kHz Standard Mode I2C Operation Secure Hardware and Firmware Design and Device Layout FIPS 140 2 Module Certified Including the High quality Random Number Generator (RNG), HMAC, AES, SHA, and RSA Engines NV Storage Space for 2066 bytes of User Defined Data 3.3V Supply Voltage 28 lead Thin TSSOP or 32 pad QFN Packages Offered in Commercial (0 C to 70 C) and Industrial ( 40 C to +85 C) Temperature Range To summarize how the technology is utilized for an embedded system, your BIOS will need to be modified to challenge the user for the correct security phase. If authorized, the BIOS would access a secure data storage location that contains the encryption keys. The BIOS would then write the keys to their specific SSD to enable access. Remember that when the system is powered off, the key should be cleared and when in standby state, the user must be challenged to access the system. WP 0200 Page 4 of 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information