Loading ...
Fred C Th...
Technology & Engineering
Misc Engineering and Innova...
31
0
Try Now
Log In
Pricing
Peerless DRM and Enterprise Security- Enabled Removable Data Storage Cartridges A discussion of security issues and architectures for removable data storage. !"#$%&'()*+,%-'.#/%�'1(2(3.+4,%5$67%89:,%89: RSA Conference 2002 Feb. 21, 2002 Fred Thomas, RSA Conference 2002 2 • The Presenter – Fred Thomas • Iomega Involvement – Who is Iomega? • Topics –Peerless –Peerless Latent Data Security Features –Data Security Applications for Removable Storage • Peerless DRM Solution Discussion • Peerless Enterprise/Government Centric Data Security Solution Discussion –Synopsis of message Overview of Today’s Presentation Feb. 21, 2002 Fred Thomas, RSA Conference 2002 3 Peerless Description Feb. 21, 2002 Fred Thomas, RSA Conference 2002 4 General • Disk Storage Capacity • Operating System Compatibility – USB – IEEE 1394 • External Connections – USB – IEEE 1394 10GB or 20GB Windows 98 / Me / 2000, Mac OS 8.6 - 9.x Windows 98 SE/ Me / 2000, Mac OS 8.6 - 9.x USB connector (2) 6-pin 1394 connectors Peerless Specifications Performance • Average Seek Time • Typical Start/Stop time • Average Data Transfer Rate – USB – IEEE 1394 • Segmented Buffer with write cache • Rotational Speed 112 ms (read), 13 ms (write) 3.0 sec Up to 1 MB/sec Up to 15 MB/sec 2MB - Upper 174KB is used for Firmware 4200 RPM Feb. 21, 2002 Fred Thomas, RSA Conference 2002 5 Peerless Latent Security Features • Secure Memory Device (SMD) with cryptographic authentication (SmartCard Technology) in Peerless data storage cartridge. • Asymmetric encryption keys and strings embedded in SMD. • Drive µP capable of host PC isolated asymmetric string encryption. • Factory encryption of cartridge unique media serial number with private key series for cartridge seeding. • Unalterable media serial number – In SMD and on media. • Cartridge based latent irradiance tag authentication system. Feb. 21, 2002 Fred Thomas, RSA Conference 2002 6 Peerless Block Diagram Inertial Latch Voice Coil Motor Spin Motor Pre- Amp Secure IC ESD Protectio n Eject Mechanis m Motor ID Tag ID Circuitry External Memory Read Channel VCM Driver Spindle Driver Micro- Cntrlr ROM RAM LCD Micro- Cntrlr Logi c RAM Power Supply IDE Slave I/O Expansion LED Power Electronics ROM Logi c Peerless Cartridge Jasper DE Cartridge Flex HDD PCA Drive PCA Connector PCA Peerless Drive Interface Module Bus Switch Feb. 21, 2002 Fred Thomas, RSA Conference 2002 7 Data Security Applications for Removable Data Storage • DRM (Digital Rights Management) • Enterprise Secure Drive Product – Address the data security needs of the enterprise/government organization, not the individual. Feb. 21, 2002 Fred Thomas, RSA Conference 2002 8 What is DRM? • Digital Rights Management. • In this context, DRM means the use of technology to protect copyrighted information in digital form. – e.g. Music, Video, Publications – Technology Objectives: Check-in Check-out, Limited device play capability, tracking of content owners, limited digital copying, tying content to limited hardware, etc. • The industry players driving DRM are the “Content Providers.” – BMG Entertainment, Sony, EMI Capitol Records, Universal Music Group, … etc. Feb. 21, 2002 Fred Thomas, RSA Conference 2002 9 • DRM Roles: – Content Providers – Security Technology providers (H/W, encryption: RSA, Certicom, Atmel, DigiMarc, etc.) – DRM Secure Delivery providers (Host Software: Liquid Audio, InterTrust, MicroSoft) – DRM Enablers (Device Mfgrs: Iomega, MicroSoft, SanDisk, Diamond Rio, etc.) – DRM Killers (Napster, open environment computers, internet, hackers ..) • Iomega perspective: Iomega should address the basic DRM problem from a removable media provider’s perspective in a robust manner, but also in a manner that is as user/customer non-intrusive as possible. What is the Role of Removable Data Storage Drive/Media Manufacturer In the DRM Landscape? Feb. 21, 2002 Fred Thomas, RSA Conference 2002 10 • Removable Data Storage Drive/Cartridge’s DRM Role: Pass a unique*, unaltered and authenticated media serial number (MSN) from an Iomega data cartridge to a third-party DRM Software application upon an invoked authenticated MSN transfer call by the third- party DRM Software application. This should be done without the requirement for Internet connectivity. *At present all Iomega removable magnetic media has a unique media serial number encoded on it. What is the Requirement of DRM from Removable Data Storage? Feb. 21, 2002 Fred Thomas, RSA Conference 2002 11 The Removable Data Storage Secure Pipe Problem Feb. 21, 2002 Fred Thomas, RSA Conference 2002 12 Peerless SMD Contents MS# - Peerless Media Serial # DK - Drive Private Key # (1 of numerous loaded at factory off of trade-secret list) DKI# - Drive Private/Public Key Index number FEMS# - Factory Encrypted MS# (asymmetrically encrypted at Factory with trade-secret private key list L4) FKI# - Factory Private/Public Key Index Number Feb. 21, 2002 Fred Thomas, RSA Conference 2002 13 A DRM Protocol for Peerless 1 ) U s e D K I # t o g e t D K t o d e c r y p t E S 1 . 2 ) C h e c k f o r R # 1 i n E S 1 . 3 ) U s e F K I # t o g e t F K t o d e c r y p t F E M S # . 4 ) C o m p a r e r e s u l t w i t h M S # . 5 ) I f m a t c h - A T i s c o m p l e t e ! D R M C a p a b l e T h i r d - P a r t y S o f t w a r e A p p lic a t io n w i t h I o m e g a A M C T o o l k i t I o m e g a S o f t w a r e D r i v e r I o m e g a R e m o v a b l e M e d i a D r i v e I o m e g a D a t a S t o r a g e M e d ia D o w n t h e P i p e E v e n t s U p t h e P i p e E v e n t s 1 ) G e n e r a t e R # 1 ( R a n d o m # 1 ) & s t o r e 2 ) I n v o k e A T ( A u t h e n t i c a t e d T r a n s f e r ) A T , R # 1 1 ) G e n e r a t e R # 2 2 ) S t o r e R # 1 & R # 2 A T , R # 1 , R # 2 1 ) R e c i e v e s A T r e q u e s t . 2 ) C h e c k s c a r t r i d g e p h o p h o r t a g . 3 ) A u t h e n t i c a t e s w i t h S M D . 4 ) F e t c h e s M S # , D K , D K I # , F E M S # & F K I # f r o m S M D . S M D a u t h e n t i c a t i o n v a r i a b l e s . S M D a u t h e n t i c a t i o n v a r i a b l e s f o l l o w e d b y M S # , D K , D K I # , F E M S # & F K I # 1 ) S M D a u t h e n t i c a t i o n r e s p o n s e c a l c u l a t i o n . 2 ) P h y s i c a l r e a d in g o f m e d ia M S # b y a c t u a t o r . 3 ) P h o s p h o r t a g g l o w s i n a p p r o p r i a t e m a n n e r . 1 ) C o m p a r e s S M D M S # w i t h m e d ia M S # . 2 ) A s m m e t r i c a l l y e n c r y p t M S # , R # 1 , R # 2 , F E M S # & F K I # u s i n g D K t o p r o d u c e E S 1 . 3 ) P a s s E S 1 & D K I # t o I D S . E S 1 , D K I # 1 ) U s e D K I # t o g e t D K t o d e c r y p t E S 1 . 2 ) C h e c k f o r R # 1 & R # 2 i n E S 1 . 3 ) P a s s E S 1 & D K I # t o T P S . E S 1 , D K I # A P e e r l e s s P a t h t o R o b u s t D R M S u p p o r t C a p a b i l i t y Feb. 21, 2002 Fred Thomas, RSA Conference 2002 14 Why a Enterprise Centric Secure Removable Data Storage Product? • Allows utility of cartridge-based removable data storage technology into corporate, university & government computing environments where removable storage is seen as a liability at present due to information security considerations. • A seamless solution which supports a spectrum of data security solutions as a core building block. Feb. 21, 2002 Fred Thomas, RSA Conference 2002 15 Specific Enterprise Secure Drive System Objectives • Provide enterprise centric security solution, not individual centric solution • Data transportability within the enterprise while addressing the “Dedicated Insider Threat” • Maintain ability to physically secure data and enhance this attribute • Incorporate linkage and support of user authentication and tracking in disk file management • Secure and authenticated drive data transfers • Manage “possible” security lapses in future - updateable system • Provide enterprise centric Digital Rights Management (DRM) – Secure Pipe • Transparent compatibility with other data encryption software • Low cost solution / do not re-invent the wheel / use existing technology Feb. 21, 2002 Fred Thomas, RSA Conference 2002 16 Enterprise Secure Drive Building Blocks • Encryption (Symmetric vs. Asymmetric) • Authentication (Hash Function, Digital Signatures & Biometric) • Distribution of security • Physical linkage (Smart Card Secure Memory Devices) • Migration capable • RF tag technology • “Non-exposed” security mechanisms Feb. 21, 2002 Fred Thomas, RSA Conference 2002 17 The “Cash in the Bag” Problem Feb. 21, 2002 Fred Thomas, RSA Conference 2002 18 Peerless Enterprise Drive Distributed Encryption Key Implementation Feb. 21, 2002 Fred Thomas, RSA Conference 2002 19 Conclusions about Security Market from the Perspective of Removable Data Storage • Hard to see path to DRM revenues from removable data storage supplier perspective at present. • Enterprise Secure Drive product may be a large niche market for Iomega with long legs into the future. • From a technology development perspective, both robust DRM and Enterprise security for removable data storage can be addressed with many of the same tools and resources. Co- development recommended. • To most effectively address and sell to this market, Iomega should seek an appropriate E-Security partner. Feb. 21, 2002 Fred Thomas, RSA Conference 2002 20 Objectives of Today’s Talk • Create an awareness of Peerless and other Iomega removable storage devices fielded data security technologies within the E- security community. • Explore possible routes to commercializing this new class of security features embedded within removable data storage devices. We are looking for a partner/partners with a strong presence in the enterprise/government data security marketplace, with a focus on hardware solutions. This partner/partners would provide resources to help evaluate, develop and sell a secure removable data storage solution for this market. Feb. 21, 2002 Fred Thomas, RSA Conference 2002 21 Iomega Contact Information Business Contact: Tim Dammon Product General Manager Iomega Corporation 4435 Eastgate Mall San Diego, CA 92121 Phone: 858-795-7049 Fax: 858-795-7004 Email: dammon@iomega.com Technical Contact: Fred Thomas Chief Technologist, Adv. R&D, R&D Iomega Corporation 1821 West Iomega Way Roy, UT 84067 Phone: 801-332-4662 Fax: 801-332-1030 Email: thomasf@iomega.com Feb. 21, 2002 Fred Thomas, RSA Conference 2002 22 Have a Good Day!