DriveTrust: Seagate's Hard Disk Encryption

Seagate's announcement that it was taking another run at encrypted hard drives for notebook PCs is interesting, to say the least.

In a nutshell, what the company said was that in the first quarter of 2007, it would start delivering its Momentus 5400 FDE.2, short for "Full Disk Encryption 2" -- a 2.5-inch drive with hardware-based, full disk encryption. All cryptographic operations and access control are performed by a separate chip within the drive. Only a password will be necessary to authenticate for drive access.

At the heart of the upcoming system is Seagate's DriveTrust technology which is built in part on algorithms that includ AES, TripleDES, public key (RSA), and SHA-1.There are parts of DriveTrust that Seagate touts that I don't get quite yet. For instance, it is a drive-level security that requires no patches, updates, or upgrades, freeing IT organizations from having to distribute software updates or manage software versions. (So what happens if someone breaks the security?) Information stored on DriveTrust drives can be instantly erased (by whom?).

One interesting part is that DriveTrust gives ISVs a platform for building security applications via the DriveTrust SDK. Seagate is also working with the Trusted Computing Group (TCG) standards body to standardizeDriveTrust's encryption, authentication tools, and other security building blocks in a formal TCG storage specification that is scheduled for public release in early 2007. The TCG specification will enable manufacturers of hard drives and devices that use them to easily deploy security capabilities such as encryption and user authentication.

Posted by Jon Erickson at 10:23 AM  Permalink