Securing Data at Rest

This paper describes a highly original and new approach to securing data on workstations (desktops and laptops) that has been implemented by Secure Systems Ltd, into a product called the Silicon Data Vault (SDV). Over the past twenty years, a variety of Security Policy Models (SPMs), and products that implement the various SPMs have attempted to address the security needs of users processing sensitive or classified information on workstations. Invariably, to achieve the required level of security, these security products have been functionally restrictive and/or have introduced usability constraints. The distinctive data security features of the SDV provide a functionally rich product with no usability constraints. This paper commences by considering the user and security business requirements for a workstation that is used to process sensitive or classified information. The distinctive security functionality of the SDV is presented, supported by operational models and use scenarios. The paper concludes by enumerating the benefits the SDV can deliver. REQUIREMENTS FOR A SECURE WORKSTATION Through market research, feedback from clients and knowledge of the ICT security marketplace, Secure Systems has identified the following set of requirements that are considered mandatory by many users of workstations holding sensitive information: 1. Provide the highest level of security possible without impacting usability. 2. Only authorised users are allowed access to the workstation; i.e., users must identify and authenticate prior to the workstation being available. 3. Access to data is based on security clearance and/or need to know. 4. Data is protected such that removal or theft of the workstation hard disk does not allow data to be accessed. 5. Protection is provided against brute force attacks. 6. A record/log of workstation/data access/activity is generated. 7. The workstation can be restored to its original state following de-installation of the data security functionality. 8. Support is provided for forensic investigation. 9. There is no or minimal performance impact. 10. Allow an authorised user to dynamically change access rights to data. 11. The data security mechanisms are embedded in a Commercial Off the Shelf (COTS) product, i.e. no special integration work is required. 12. Data security mechanisms integrate seamlessly within a workstation Common Operating Environment. 13. An Administrator is able to configure the data security mechanisms both locally on the workstation and remotely over a network. 14. The workstation data security mechanisms have been independently evaluated and certified against internationally recognised standards. Secure Systems believes a secure solution that addresses the above requirements must have all the attributes modelled in Figure 1. Figure 1: Components of a secure solution The SDV has been designed to include all of the attributes detailed in Figure 1, incorporating pre-boot user authentication, hard disk partitioning, differentiated user access rights, and strong data encryption and key management. THE SILICON DATA VAULT The SDV consists of several components; hard disk partitioning, user access control based upon defined user profiles including, access right limitations, user authentication on power-up, a physically encrypted data vault and second stage encryption key module. Due to its activation early in the boot process, it is operating system independent. The device can be used on shared desktop environments or laptops where different user profiles can be established. Hardware Based Solution The SDV is a hardware security device that encrypts the entire hard disk. The SDV acts as a ‘gateway’ between the workstation central processing unit (CPU) and the hard disk. All data either retrieved or sent to the hard disk must pass through the ‘gateway’ with the ‘gateway’ encrypting/decrypting the data. Figure 2 provides a basic representation of this process. Figure 2: Gateway process SDV Hard Disk Encrypted/Protected Decrypted/Plain Text Workstation (CPU, RAM, BUS) Hardware based cryptosystems are recognised as the most secure and efficient implementation of cryptographic protection. The benefits include the capacity for larger processing ability and tamper resistant implementations. Although the design could potentially be reverse engineered, generally, it does not expose the encryption algorithm. Hardware systems are susceptible to tempest attacks, but as this requires specialised skill sets and tools, it would be considered a minute risk in comparison to software reverse engineering of the encryption algorithm (Rae & Wildman 2003). A solution comprising solely software poses a greater risk of successful hacking than a hardware solution. Many software-implemented cryptosystems have been circumvented by operating systems or other software running parallel to the cryptosystem (Cerberus 1999).