David Kleidermacher, Chief Technology Officer, Green Hills Software Data protection has become a key concern for many industries such as retail, medical, energy, and military/aerospace. Driven by Machine-to-Machine (M2M) communications, wireless financial transactions, and multimedia applications, system intelligence is rapidly growing in these markets. While these features have important advantages, they also open up more attack channels for smart systems and generate richer data that are more attractive to burglars—including private consumer information and business-critical intellectual property. This article discusses how to apply modern static data protection protocols to intelligent systems, describes how to implement these protocols using the Green Hills Software INTEGRITY family of secure operating systems (OS), and how to use the silicon capabilities of third-generation Intel® CoreTM processors to achieve higher levels Protection and efficiency levels. Static data refers to data stored on the device rather than being transmitted. Static data protection usually involves various protocols, adding encryption to protect data from unauthorized access. The storage medium on the intelligent system that can reside in this data includes hard disk drives, flash memory, and connected USB flash drives. As shown in Figure 1, developers can choose multiple layers in the data storage stack to apply static data protection protocols. With full disk encryption (FDE), the entire media for storage is encrypted. This ensures that hidden files, such as OS temporary files and swap space, are not exposed. When processing FDEs in a storage peripheral, the device is called a self-encrypting drive (SED). Unfortunately, many smart systems cannot use stand-alone SED products because of volume factor limitations. An alternative method is to perform encryption on block-oriented drives at the upper layer (ie, device management layer). This layer of protection can cover the entire managed device (ie using FDE). Developers can build cryptographic facilities that allow device drivers to invoke routine media-independent block-encryption routines to ensure that software is easier to maintain between different generations of products that use different types of storage. Symmetric encryption is often used for static data protection. In symmetric encryption, only one key is used to encrypt and decrypt data. In order to save disk space, the encryption algorithm must not increase the additional storage space when performing work. For this reason, plain text media blocks are encrypted, generating cipher blocks of the same size. Since most symmetric cryptograms require Initialization Vector (IV), vector numbers and block deviations are used to compute IV. However, after reading and writing data for a long time, the same vector and deviation are repeatedly used for the same key. This poses potential weaknesses to the common encryption mode applications for static data protection. The encryption program addresses this challenge with an adjustable block cipher. The basic concept is to apply the IV concept to a single block cipher itself rather than a chain pattern built on a block cipher. As shown in Figure 2, the block cipher converts plain text blocks into cipher text blocks using the conventional key and the input adjustment code. In 2007, the IEEE's Security in Storage Working Group (SISWG) published the standard P1619, which defines the XTS-AES crypto-mode, which is a modulation-based algorithm for static data protection applications. NIST also recommends this algorithm in Special Publication 800-38E. The efficiency of XTS-AES is crucial to the actual deployment of static data protocols in many smart systems. For systems based on the 3rd generation Intel Core processors and Intel Advanced Encryption Standard New Instructions (Intel® AES-NI), superior performance is achieved without additional cryptographic hardware. For these multi-core Intel® processors, further performance improvements are achieved by moving the execution of the AES-XTS algorithm to a core that is not fully running. The combination of Intel AES-NI and multi-core transfer load is also used to provide static data protection for laptops (such as running Mac OSX), demonstrating the wide acceptance of this approach. To ensure optimal performance, when selecting a cryptographic library used by the data protection solution, it is important to ensure that the software is optimized for the platform (and use Intel AES-NI if available if available), FIPS 140-2 certified, and the latest encryption mode (AES). -XTS). Green Hills Software's INTEGRITY Embedded Cryptographic Toolkit (ECT) is an example of such a library. To ensure robust protection, the storage encryption key must not be explicitly stored on the storage medium (that is, the unencrypted area). However, it is usually necessary to store an encrypted copy of the key. When the system is executed in an authorized manner, the key is unlocked for use. For personal computers such as laptops and smartphones, the key is unlocked by the user's successful authentication trigger. A typical method for storing encryption keys is to use a key derivation function (KDF) to convert user credentials into keys. The KDF for common conversion passwords is the password-based key derivation function version 2 2 (PBKDF2). PBKDF2 is defined in the RSA specifications PKCS #5 and RFC 2898. PBKDF2 applies a hash function to the password of the attached "salt" (a salt in the cryptography refers to a set of random bits). When a password is used to generate a storage key, any change to the password will change the encryption key, forcing the entire media to be re-encrypted. To avoid this situation, a permanent unique encryption key is created when the media is first provided, and the key is encapsulated (encrypted) using the password derived key. Under this two-tier mechanism, regular password changes simply repackage the encryption key. The uniqueness of storing the encryption key is critical to the security of the encryption algorithm, which is achieved by generating a key from a truly random bit. For example, Intel® Secure Key, a NIST-compliant key generation tool in the 3rd generation Intel Core processor, provides no source of malware by generating a clean source of random numbers in hardware. The self-contained digital random number generation tool is located in the processor package and therefore has nothing to do with the chipset. Intel Secure Key is a closed system - system state can never be seen, never put into memory, and never "stored anywhere" - but the application is easily accessible at any privilege level using new processor instructions. The user authentication method is suitable for people monitoring systems (such as medical care or retail systems that require people to log in). However, this method is not sufficient for a large number of unmanned systems. In such cases, if the system encounters a failure and restarts automatically, the amount of encryption must be able to go back online without manually entering credentials. For such systems, a practical approach is to use a secure network connection with a remote server to retrieve the symmetric key over the air. The server maintains a database of data encryption keys provided. When the data encryption key must be unlocked (if it is started), the system starts the server connection. Common commercial operating systems have vulnerabilities that allow malware and hackers to gain "root" access. This allows them to destroy the storage encryption layer, for example by stealing encryption keys or turning off encryption services. The solution to this problem is to add data protection services to the trusted firmware that is separately protected from the main OS, thereby providing a significantly higher level of protection in the data protection solution without requiring any additional hardware components. One way is to use system virtualization. The security management program starts the main OS in the virtual machine and executes the storage encryption component outside the virtual machine, thereby creating a virtual self-encrypting drive (vSED). All security-critical aspects of static data protection - unlocking the authentication of the SED, encryption/decryption protocols, and key management - all occur outside of the main OS environment, thus protecting the stored data from external attacks that may be encountered by the main OS environment or malicious software. Intelligent systems based on the 3rd generation Intel Core processors and Intel® Virtualization Technology (Intel® VT) provide the ideal environment for this architecture. Green Hills Software's INTEGRITY Multivisor is an example of a security management program that provides this virtualization and vSED technology (Figure 3). A unique aspect of the INTEGRITY Multivisor is its ability to host local safety-critical applications that do not require a full virtual machine and can achieve a very high level of assurance. In this case, the hypervisor provides block drivers (flash, SD, disk, etc.) and virtualizes physical storage. When the OS writes a block of data, the trusted application encrypts the block and stores it in the corresponding block of the physical device. The reading process is the opposite. Because encryption is performed in a trusted secure partitioned application, untrusted software on the platform does not access the data encryption key or perform a direct cryptanalysis attack. Note that Intel AES-NI password acceleration (if available) also helps prevent side channel attacks. Similar to SED, unlocking vSED requires a safe passphrase. To prevent keystroke logging and screen capture of malware attacks in the main OS environment, passphrase entry and related graphic screen management (if applicable) can be performed in native applications. If we assume that the hypervisor and data encryption facilities are trustworthy, then we must also ensure that any programs previously executed by this software are trustworthy and that the vSED components are properly started. This is a good example of a safe start. Systems equipped with the 3rd generation Intel Core processor with Intel® Trusted Execution Technology (Intel® TXT) can measure pre-boot hardware and firmware status and compare the measurement results with a known good run-time environment whitelist stored and protected in hardware . If the attacker successfully installs malware in the firmware boot sequence, Intel TXT will detect the fault measurement and prevent the system from starting. Cold start attacks are examples of such advanced threats. The above-described architecture requires that the system store the encryption key stored in memory (plaintext) and invoke encryption and decryption algorithms to access the data. After the system is shut down, RAM is not available and only the copy of the encryption key is itself encrypted. In some systems, RAM is not cleared immediately. The attacker uses a malicious OS that intercepts the plain text key in RAM to boot the system. The attack has been successfully implemented. See the report “Lest We Remember: Cold Boot Attacks on Encryption Keys†in the USENIX Security 2008 proceedings. Intel TXT does not allow malicious OS booting to prevent this attack. Removing protected media and booting on other computers that lack a secure environment can still defeat systems equipped with secure boot and trusted hypervisors to protect against remote attacks. Bind the storage encryption key with the target system platform to avoid this attack. In this case, the permanent storage encryption key is derived from the platform-specific key (whole or combined with user credentials), such as a combined one-time programmable key or the Trusted Platform Module (TPM) on platforms supporting Intel TXT. Key (if applicable). Even if the user's credentials are stolen, the storage encryption key cannot be derived outside of the target platform. The execution disabling bits previously implemented by many generations of Intel processors help thousands of computing devices guard against buffer overflow attacks by preventing the execution of malicious code from data memory. However, the threat inserts itself into the application memory space and executes under the privilege layer assumed by the application. The third-generation Intel Core processor includes Intel® OS Guard, which is the next generation that implements disabling bits. In addition to data memory, it also prevents the execution of malicious code outside the application memory space, thereby preventing such privileged attack escalation. This protection under the OS protects against more complex viruses and their possible damage. Electronic product developers seeking to include static data protection in next-generation designs face excessive design choices and constraints. This article aims to give designers a brief overview of the main issues to consider. Special attention to static data protection includes the use of government-approved symmetric encryption algorithms designed specifically for such applications and proper management of long-term keys that are typically used for this purpose. Developers are strongly encouraged to make the most of the silicon technology described here, enabling secure boot, efficient encryption, and the use of virtualized security to isolate the data protection subsystem. Control Cable,Shield Control Cable,Sta Pvc Control Cable,Cts Pvc Control Cable Baosheng Science&Technology Innovation Co.,Ltd , https://www.cablebaosheng.com
Choose a storage layer for security
Figure 1. Static data protection selection by layers
Symmetric encryption algorithm selection
Figure 2. Overview of adjustable block passwords.
Manage storage encryption keys
Virtual Self-Encrypting Drive (vSED)
Figure 3. Intel® Virtualization Technology and Security Manager Implementing Virtual Self Encrypting Drive (vSED).
The importance of safe start
Protection layer under OS
Protect static data effectively