Patent Application
20170372085
Maintaining the security of stored data (“data-at-rest”) is important and of increasing concern as attacks become more sophisticated. Today, organizations are susceptible to insider as well as outsider attacks. Storage device manufacturers and storage service providers are expected to have security measures in place to protect stored data in the event of an attack from an unauthorized third party, including insiders. Perimeter security can protect against outside attacks but does not account for internal threats, and thus other mechanisms are needed to protect against inside attackers.
Contemporary storage devices include mechanisms for protecting the data stored on them by encrypting that data using a data encryption key that is generated internally by the storage device using a high-quality random number generator. The data encryption key is protected using a key encryption key that is also generated internally by the storage device. For example, the storage device receives a security key (e.g., a password) from a host system and passes the key through a key derivation function such as PBKDF2 (Password-Based Key Derivation Function 2) to derive the key encryption key. The key encryption key is used with a key wrapping algorithm such as the National Institute of Standards and Technology (NIST) Advanced Encryption Standard (AES) algorithm to securely wrap the data encryption key. The encrypted data and the wrapped data encryption key are stored on the storage device. When the stored data is subsequently retrieved, the wrapped data encryption key is unwrapped by the key wrapping algorithm using the security key, and the unwrapped data encryption key is then used to decrypt the data.
One type of attack occurs by compromising the host system and extracting its security key (e.g., password). Another type of attack occurs by compromising the firmware on the storage device, allowing the storage device to capture and store the host system's security key during a normal firmware-mediated authentication process. These types of attacks can be initiated from the inside or from the outside. Once the security key is extracted or exposed, an inside attacker can remove the storage device from the data center. The security key can then be used with the key derivation function and the key wrapping algorithm on the storage device to determine the data encryption key and decrypt the stored data.
Embodiments according to the disclosed invention strengthen the security of a data encryption key used to encrypt and decrypt data-at-rest and thus strengthen the security of that data. In order to derive the data encryption key and decrypt the data, embodiments according to the invention utilize at least one additional authentication factor relative to conventional approaches. Furthermore, in other embodiments according to the invention, the additional authentication factor(s) are not given to the storage device unless it is demonstrated that at least one condition is satisfied. A condition can be specified such that the storage device is locked or bound to a particular location, so that the storage device is prevented from operating if it is not at or within acceptable range of that location. A condition can be specified such that the storage device is locked or bound to a specific person or persons, so that the storage device is prevented from operating for any user except the authorized user(s). Note these conditions apply to situations in which the storage device is part of another device such as a laptop and the other device (including the storage device) is removed from its proper location or in which an unauthorized person attempts to operate the other device.
In overview, a “first data encryption key” is stored on a storage device. The first data encryption key, a “first key encryption key” obtained from “first information” received from a host system, and “second information” (an additional, second authentication factor) that is received from a source (“second source”) other than the host system are used to generate a final data encryption key (“second data encryption key”) that can be used to encrypt and decrypt data stored on the storage device.
In an embodiment, a wrapped version of the first data encryption key is unwrapped using the first key encryption key, thereby generating an intermediary version of the data encryption key. The second data encryption key is generated using the intermediary version of the data encryption key in combination with the second information that is received from the second source.
Thus, a second authentication factor (the second information) is used in addition to the authentication factor (the first information) that is based on the security key (e.g., password). The use of the second authentication factor as disclosed herein strengthens the security of the data encryption key and hence the security of the stored data.
Furthermore, in an embodiment, the second authentication factor is provided only if one or more conditions are satisfied. The condition may be based on, for example, the location of the storage device, the presence of a particular physical object, or the environment of the storage device, or a combination of conditions. Thus, for example, the condition(s) guard against removal of the storage device from the host system or data center; if the storage device is removed, then one or more of the conditions cannot be satisfied. If the one or more conditions are not all satisfied, then the second information is not sent to the storage device, the second data encryption key cannot be generated, and the stored data cannot be decrypted. Because of the need to satisfy the condition(s) in order to receive additional information (the second information) that is needed to derive the data encryption key and decrypt the data, the storage device is protected against being removed and tampered with by, for example, an inside attacker.
In an embodiment, the second data encryption key (which is used to encrypt and decrypt data stored on the storage device) is generated by a key generator (e.g., a random number generator). In an embodiment, the second information (second authentication factor) received from the second source includes a “second key encryption key.” The second data encryption key is wrapped by the first key encryption key (generated using the host system security key) and by the second key encryption key to generate a wrapped version of the first data encryption key. The wrapped first data encryption key can then be stored on the storage device. To retrieve the second data encryption key (in order to encrypt and/or decrypt data), the wrapped first data encryption key is accessed and unwrapped using the first key encryption key and using the second key encryption key. In an embodiment, as noted above, the second key encryption key is provided by the second source only if one or more conditions are all satisfied.
In another embodiment, the second data encryption key that is generated by the key generator is divided into a first share and a second share. The first share is wrapped with the first key encryption key to generate a wrapped version of the first data encryption key, which can then be stored on the storage device. The second share is stored on the second source. The second information received from the second source includes the second share of the second data encryption key. To retrieve the second data encryption key (which is used to encrypt and decrypt data stored on the storage device), the wrapped first data encryption key is unwrapped with the first key encryption key to generate the first share of the second data encryption key, and the first share and the second share are combined to generate the second data encryption key. In an embodiment, as noted above, the second share is provided by the second source only if one or more conditions are all satisfied.
In yet another embodiment, the data encryption key that is generated by the key generator is wrapped with the first key encryption key to generate a wrapped version of the first data encryption key, which can then be stored on the storage device. The second information received from the second source includes a “third data encryption key.” To retrieve the second data encryption key (which is used to encrypt and decrypt data stored on the storage device), the wrapped first data encryption key is unwrapped with the first key encryption key, and the result is combined with the third data encryption key to generate the second data encryption key. In an embodiment, as noted above, the third data encryption key is provided by the second source only if one or more conditions are all satisfied.
In summary, embodiments according to the present invention enhance security measures for protecting data-at-rest in scenarios where the host system becomes compromised and/or has its security keys extracted by an attacker, or in scenarios where the storage device is compromised by malicious firmware that captures and stores the host system's security keys, and then the storage device is removed from the host system or data center. Embodiments according to the invention guard against these scenarios using a second authentication factor that provides an added level of security against both inside and outside attacks. In other embodiments, the second authentication factor is not given to the storage device if one or more conditions are not satisfied, providing yet another level of security.
These and other objects and advantages of the various embodiments according to the present invention will be recognized by those of ordinary skill in the art after reading the following detailed description of the embodiments that are illustrated in the various drawing figures.
The accompanying drawings, which are incorporated in and form a part of this specification and in which like numerals depict like elements, illustrate embodiments of the present disclosure and, together with the detailed description, serve to explain the principles of the disclosure.
Reference will now be made in detail to the various embodiments of the present disclosure, examples of which are illustrated in the accompanying drawings. While described in conjunction with these embodiments, it will be understood that they are not intended to limit the disclosure to these embodiments. On the contrary, the disclosure is intended to cover alternatives, modifications and equivalents, which may be included within the spirit and scope of the disclosure as defined by the appended claims. Furthermore, in the following detailed description of the present disclosure, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. However, it will be understood that the present disclosure may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the present disclosure.
Some portions of the detailed descriptions that follow are presented in terms of procedures, logic blocks, processing, and other symbolic representations of operations on data bits within a computer memory. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. In the present application, a procedure, logic block, process, or the like, is conceived to be a self-consistent sequence of steps or instructions leading to a desired result. The steps are those utilizing physical manipulations of physical quantities. Usually, although not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as transactions, bits, values, elements, symbols, characters, samples, pixels, or the like.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present disclosure, discussions utilizing terms such as “receiving,” “accessing,” “sending,” “wrapping,” “unwrapping,” “generating,” “encrypting,” “decrypting,” “storing,” “combining,” “dividing,” “executing,” or the like, refer to actions and processes (e.g., flowcharts 900, 1000, 1100, and 1200 of
Embodiments described herein may be discussed in the general context of computer-executable instructions residing on some form of computer-readable storage medium, such as program modules, executed by one or more computers or other devices. By way of example, and not limitation, computer-readable storage media may comprise non-transitory computer storage media and communication media. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or distributed as desired in various embodiments.
Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, random access memory (RAM), read only memory (ROM), electrically erasable programmable ROM (EEPROM), flash memory (e.g., an SSD or NVMD) or other memory technology, compact disk ROM (CD-ROM), digital versatile disks (DVDs) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store the desired information and that can accessed to retrieve that information.
Communication media can embody computer-executable instructions, data structures, and program modules, and includes any information delivery media. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared and other wireless media. Combinations of any of the above can also be included within the scope of computer-readable media.
In the discussion to follow, the following terminology is used. In general, terms such as “first,” “second,” and “third” are simply modifiers that are used to distinguish similar terms from one another; any exceptions will be made clear in the discussion.
The “first data encryption key” is the version of the data encryption key that is stored on the storage device. The first data encryption key may be wrapped, in which case it is referred to as the “wrapped version of the first data encryption key” or simply the “wrapped first data encryption key.”
The “second data encryption key” is the version of the data encryption key that is generated by the storage device and is used by the storage device to encrypt and decrypt data stored on the storage device.
An “intermediary data encryption key” is a version of the data encryption key that is between the wrapped version of the first data encryption key and the second data encryption key.
“First information” refers to information, such as a security key, that is received from a host system for the storage device. In an embodiment, the first information is used by the storage device to generate a first key encryption key. In other embodiments, the first information is a cryptographic quality key encryption key. This is discussed further below.
“Second information” refers to information that is received from a source other than the host system. That source is referred to as the “second source.” Depending on the embodiment, the second information includes a second key encryption key, a share of the second data encryption key, or a “third data encryption key.”
In the example of
The host system 120 is coupled to or incorporates a number of storage devices 1 through N (1-N), exemplified by the storage device 130. The storage device 130 includes storage media 132. The storage media 132 may include one or more solid state drives or devices (SSDs), which may also be known as non-volatile memory devices (NVMDs) or as flash memory devices. The storage media may also or alternatively include one or more hard disk drives or devices (HDDs). The storage device 130 is further described in conjunction with
The storage system 100/host system 120 of
Data is encrypted and stored in the storage media 132 on the storage device 130. As will be described in greater detail below, in order for the stored data to be decrypted, embodiments according to the invention utilize at least two authentication factors. The first authentication factor may be, for example, a security key that is password-based. The storage device 130 is communicatively coupled to a source 140 (referred to herein as the second source), which is the source of a second authentication factor.
The second source 140 is separated or separable from the host system 120. Communications between the storage device 130 and the second source 140 do not pass through the host system 120. Specifically, the second source 140 and the host system 120 do not interface; there is no mechanism in the system 100 that allows communications between the storage device 130 and the second source 140 to be received or accessed by the host system 120. In the example of
The storage device 130 receives a first authentication factor (first information) from the host system 120. In an embodiment, the first information is or includes a security key such as a password. The security key is passed through a key derivation function such as, but not limited to, PBKDF2 (Password-Based Key Derivation Function 2) to derive a first key encryption key KEK1. The key derivation function may use random data (a salt) as an additional input in a well-known manner.
In another embodiment, the first information received from the host system 120 is or includes a cryptographic quality key encryption key. In other words, in such an embodiment, the first key encryption key KEK1 is received from the host system 120. In an embodiment, the host system 120 executes a key derivation function to derive the first key encryption key KEK1. Accordingly, the key derivation function may not be present on, or may be bypassed and not executed by, the storage device 130.
In general, the first key encryption key KEK1 is obtained from the first information received from the host system 120.
In an embodiment, the first module 201 accesses a wrapped first data encryption key W_DEK1 stored in the storage media 132 on the storage device 130. The first module 201 can unwrap the wrapped first data encryption key W_DEK1 with the first key encryption key KEK1 to generate an intermediary data encryption key I_DEK.
In another embodiment, the first data encryption key stored in the storage media 132 is not wrapped. Instead, for example, the intermediary data encryption key I_DEK is encrypted with a manufacturer- or device-specific key in a proprietary manner. For instance, the intermediary data encryption key I_DEK can be exclusive-ORed (XORed) with a hardcoded value of equal length, thereby obfuscating the intermediary data encryption key I_DEK in the storage media 132. The first information from the host system 120 thus could be or could include a password that is compared to the authorized, correct password stored in the storage media 132.
The second module 202 generates a second data encryption key DEK2 using the intermediary data encryption key I_DEK and a second authentication factor (second information) that is received from the second source 140. The second data encryption key DEK2 is used by the encryption/decryption engine 210 to encrypt and decrypt data stored in the storage media 132.
The second information stored on or provided by the second source 140 may itself be encrypted and/or wrapped. If so, it can be decrypted/unwrapped before it is sent to the storage device 130, or it can be decrypted/unwrapped by the storage device.
The second authentication factor (second information) provides an additional level of security to protect the stored data. As will be described further below, in embodiments according to the invention, the second authentication factor (second information) is only sent from the second source 140 to the storage device 130 if one or more conditions are satisfied. In those embodiments, the requirement that the condition(s) be satisfied provides yet another level of security to protect the stored data.
The second authentication factor (second information) may be subject to a policy that defines when and how the second authentication is to be used. For example, the same policy basis that governs the first authentication factor (the host system's security key) may be used, or a different policy can be used. Options range from presenting and checking the second authentication factor once at power-on to requiring it be presented and checked periodically (where “periodically” includes continuously). In the latter option, a hardware mechanism can be used to discard the second data encryption key DEK2 unless it is authenticated by the second authentication factor.
The storage media 132 or the storage device 130 can be logically or physically separated into multiple sections, with different access requirements for each section. For example, the first information required from the host system 120 and/or the second information required from the second source 140 may be different for each section. Thus, for example, a storage device or storage media with multiple sections may have one section accessible within one location, another section accessible within another location, and so on.
As described above, the storage device 130 receives first information from the host system 120. In an embodiment, the first information includes a security key such as a password, which is passed through a key derivation function derive the first key encryption key KEK1. In another embodiment, the first information received from the host system 120 includes the first key encryption key KEK1. In an embodiment, the host system 120 executes a key derivation function to derive the first key encryption key KEK1. Accordingly, the key derivation function may not be present on, or may be bypassed and not executed by, the storage device 130.
In the
In this embodiment, the second information received from the second source 140 includes a second key encryption key KEK2. To protect the second data encryption key DEK2, it is wrapped by the first key encryption key KEK1 and by the second key encryption key KEK2 to generate the first wrapped data encryption key W_DEK1. More specifically, in the
In this embodiment, to retrieve the second data encryption key DEK2 (in order to encrypt new data and/or decrypt stored data), the wrapped first data encryption key W_DEK1 is accessed from the reserved area of the storage media 132. The first module 201 unwraps the wrapped first data encryption key W_DEK1 using the first key encryption key KEK1. The output I_DEK of the first module 201 is input to the second module 302 and is unwrapped by the second module using the second key encryption key KEK2 to recover the second data encryption key DEK2. In an embodiment, as previously noted herein, the second key encryption key KEK2 is provided to the second module 302 by the second source 140 only if one or more conditions are all satisfied.
As described above, the storage device 130 receives first information from the host system 120. In an embodiment, the first information includes a security key such as a password, which is passed through a key derivation function to derive the first key encryption key KEK1. In another embodiment, the first information received from the host system 120 includes the first key encryption key KEK1. In an embodiment, the host system 120 executes a key derivation function to derive the first key encryption key KEK1. Accordingly, the key derivation function may not be present on, or may be bypassed and not executed by, the storage device 130.
In the
In the
In this embodiment, to retrieve the second data encryption key DEK2, the wrapped first data encryption key W_DEK1(S2) is accessed from the reserved area of the storage media 132. The first module 201 unwraps the wrapped first data encryption key W_DEK1(S2) using the first key encryption key KEK1. The output I_DEK (which is the first share S1) of the first module 201 is input to the second module 402. The second module 402 combines the second share S2 from the second source 140 and the first share S1 to produce the second data encryption key DEK2. In an embodiment, as previously noted herein, the second share S2 is provided to the second module 402 by the second source 140 only if one or more conditions are all satisfied.
As described above, the storage device 130 receives first information from the host system 120. In an embodiment, the first information includes a security key such as a password, which is passed through a key derivation function to derive the first key encryption key KEK1. In another embodiment, the first information received from the host system 120 includes the first key encryption key KEK1. In an embodiment, the host system 120 executes a key derivation function to derive the first key encryption key KEK1. Accordingly, the key derivation function may not be present on, or may be bypassed and not executed by, the storage device 130.
In the
In this embodiment, the first module 201 wraps the output I_DEK of the key generator 310 with the first key encryption key KEK1 to generate the wrapped first data encryption key W_DEK1. The wrapped first data encryption key W_DEK1 can then be stored in a reserved area of the storage media 132 on the storage device 500.
In this embodiment, to retrieve the second data encryption key DEK2, the wrapped first data encryption key W_DEK1 is accessed from the reserved area of the storage media 132. The first module 201 unwraps the wrapped first data encryption key W_DEK1 using the first key encryption key KEK1. The output I_DEK of the first module 201 is input to the second module 502. The second module 502 combines the output of the first module 201 with the third data encryption key DEK3 to generate the second data encryption key DEK2. In an embodiment, as previously noted herein, the third data encryption key DEK3 is provided by the second source 140 to the second module 502 only if one or more conditions are all satisfied.
The embodiments just described are particularly advantageous when keys provided by the second source 140 such as the second key encryption key KEK2 (
As mentioned above, in an embodiment, the second authentication factor (the second information from the second source 140) is provided to the storage device 130 only if one or more conditions are satisfied. The condition may be based on, for example, the location of the storage device 130, the presence of a particular physical object, or the environment of the storage device, or a combination of such conditions. In general, the conditions guard against removal of the storage device 130 from the host system 120 or data center; if the storage device is removed, then one or more of the conditions cannot be satisfied. The conditions can also be used to prevent operation of or access to data on storage devices on mobile devices such as laptops that have been stolen, for example. If the one or more conditions are not all satisfied, then the second information is not sent to the storage device 130, the second data encryption key cannot be generated, and the stored data cannot be decrypted.
In the embodiment of
Verification of the location of the storage device 130 through geolocation and/or geofencing may be performed when the storage device is powered on and remain valid for the duration of the power-on time of the storage device, or it may be repeated at periodic intervals. Advantages to the former approach are that it reduces exposure to the possibility of unreliability and can save power, while an advantage to the latter approach is that it reduces the risk of tampering.
The second information/authentication factor may be information that is stored on the second source 140 or it may be information that is derived from the mechanism used for location awareness and detection. In the embodiment of
As illustrated by
For a GPS-based authentication mechanism, operation of the storage device 130 can be allowed in certain geographical regions, or operation within a certain distance from a centralized point can be allowed, with the data stored on the storage device remaining inaccessible if the storage device is outside those regions or outside the permitted distance from the centralized point.
For authentication mechanisms based on RF measurements, such as the use of broadcast signals, a number N of local broadcasters in a certain frequency band can be identified, and a signal of a certain threshold strength would need to be received from some number M of those broadcasters (M less than N) in order for data to be accessed from the storage device 130. This allows for outages while effectively locking the storage device's location at a point where the RF fields from the various broadcasters are within a specified tolerance of a measured baseline, and will allow access to the stored data if there is a change to the number of broadcasters. Similarly, signals from M of N fixed sources (e.g., WiFi access points or dedicated beacons) would be required for data to be accessed from the storage device 130, so that access to stored data is still possible if there is a change in configuration at the data center.
For authentication mechanisms based on a device such as an RFID or a smart card, the device would need to be within range of the storage device 130 in order for the stored data to be accessed. Also, for example, an employee badge could incorporate the RFID or smart card, and a number (e.g., an employee badge number) can be built into the RFID or smart card and used as a seed to hash the second information/authentication factor such as the second key encryption key KEK2 and the third data encryption key DEK3. Authentication mechanisms based on an RFID or smart card or the like can be particularly useful for storage devices housed in mobile systems.
For authentication mechanisms that utilize a beacon, a synchronized clock signal, or transmitter operated at the data center site, the storage device 130 would need to receive a signal on a periodic basis from those types of devices in order for the stored data to be accessed.
In the event that maintenance activity will significantly modify the location of the storage device 130 or the location awareness and detection mechanisms used to determine the location of the storage device for authentication purposes, a second security key provided by the host system 120 can be used to “re-home” the storage device. To re-home the storage device 130, the set of geolocation/geofencing parameters and associated tolerances can be updated to account for any changes introduced by the maintenance activity.
In the embodiment of
Verification of the location of the storage device 130 through environmental monitoring may be performed when the storage device is powered on and remain valid for the duration of the power-on time of the storage device, or it may be repeated at periodic intervals. If performed at periodic intervals, then the measured environment needs to satisfy the established environmental parameters at each interval in order for the second information to be provided to the storage device 130. Advantages to the former approach are that it reduces exposure to the effects of short-term environmental transients, while an advantage to the latter approach is that it reduces the risk of tampering. A moving average can be used for long-term transients; if a change in a monitored characteristic changes too fast, then the second information is not given to the storage device 130.
In a manner similar to that discussed above with regard to location-based conditions, the second information/authentication factor may be information that is stored on the second source 140 or it may be information that is derived from the mechanism used for environmental characterization. Values that are derived from environment-based information can either be generated ahead-of-time and stored on the second source 140 or generated on-the-fly when requested by the storage device 130. If the values are stored on the second source 140, they can be encrypted or wrapped.
As illustrated by
A baseline and a baseline change threshold can be established in the operating environment. Optionally, a tolerance can be specified for each characteristic. As another option, a moving average of the monitored characteristics can be used for long-term transients as mentioned above.
In the event that maintenance activity will significantly modify the operating environment of the storage device 130, a second security key provided by the host system 120 can be used to characterize the new operating environment or to temporarily disable the use of the second authentication factor until the configured operating environment is restored. Optionally, a warning may be signaled to an operator if the environment is approaching a level that is outside the permitted tolerances so that the environmental parameters can be preemptively characterized to match the current (new) environment.
In the embodiment of
The presence of the object 802 for authentication purposes can be required all of the time, periodically, once at power-on, or on a per-session basis. In the first case, the object 802 can transmit the second information/authentication factor directly to the appropriate modules of the storage device 130, while in the latter three cases, that information can be cached in the second module 202 until power-off or the session expires.
The object 802 of
A code generator can communicate a key to the second source 140 or the storage device 130 via a vendor-unique mechanism.
A TPM chip can be inserted into the drive bay in which the storage device 130 is mounted. The TPM chip can be a non-removable component of the drive bay such that removal of the storage device 130 from the drive bay separates the storage device from the TPM chip. The TPM chip can be electrically interfaced to the storage device 130 via, for example, extra or unused interface pins or by multiplexing with an existing signal.
An interposer is, in general, an object that is located between the storage device 130 and the host system 120. The interposer is a non-removable component that can be integrated with the host system 120 or permanently attached to the host system, without requiring modification to or redesign of the host system. The interposer can contain a volatile key that is erased if power is removed from the interposer. The interposer can contain a TPM chip, for example.
The various authentication mechanisms and conditions described above in conjunction with
In block 902 of
In block 904, a second data encryption key DEK2 that can be used to decrypt data stored in the storage media 132 on the storage device 130 is generated using: the first data encryption key W_DEK1; a first key encryption key KEK1 obtained from the first information received from the host system 120; and second information (a second authentication factor) that is received from the second source 140. Additional information with regard to the operations of block 904 is described below, in conjunction with
In block 906, in an embodiment, the second information is sent from the second source 140 to the storage device 130 in response to at least one condition being satisfied. The at least one condition can be one or more of the following (see the discussions of
With reference now to
In block 1004, the second data encryption key DEK2 is wrapped with the second key encryption key KEK2 to produce an intermediary version of the data encryption key, I_DEK. The second key encryption key KEK2 is received from the second source 140 and constitutes the second information mentioned in block 904 of
In block 1006 of
In block 1008, in an embodiment, the wrapped first data encryption key W_DEK1 is stored in the storage media 132 on the storage device 130.
In block 1010, to decrypt stored data in an embodiment, the wrapped first data encryption key W_DEK1 is read from the storage media 132 and unwrapped with the first key encryption key KEK1 to generate the intermediary data encryption key I_DEK, which is a wrapped version of the second data encryption key DEK2.
In block 1012, the intermediary data encryption key I_DEK is unwrapped using the second key encryption key KEK2 (the second information received from the second source 140) to recover the second data encryption key DEK2, which can be used to decrypt the stored data.
With reference now to
In block 1104, the second data encryption key DEK2 is divided into the first share S1 and the second share S2.
In block 1106, the second share S2 is stored on the second source 140. The second share S2 constitutes the second information mentioned in block 904 of
In block 1108 of
In block 1110, in an embodiment, the wrapped first data encryption key W_DEK1 is stored in the storage media 132 on the storage device 130.
In block 1112, to decrypt stored data in an embodiment, the wrapped first data encryption key W_DEK1 is read from the storage media 132 and unwrapped with the first key encryption key KEK1 to generate the intermediary data encryption key I_DEK, which is the first share S1 of the second data encryption key DEK2.
In block 1114, the second share S2 (the second information received from the second source 140) and the first share S1 are combined to generate the second data encryption key DEK2, which can be used to decrypt the stored data.
With reference now to
In block 1204, in an embodiment, the intermediary data encryption key I_DEK is wrapped with the first key encryption key KEK1 to generate a wrapped version of the first data encryption key W_DEK1.
In block 1206, in an embodiment, the wrapped first data encryption key W_DEK1 is stored in the storage media 132 on the storage device 130.
In block 1208, to decrypt stored data in an embodiment, the wrapped first data encryption key W_DEK1 is read from the storage media 132 and unwrapped with the first key encryption key KEK1 to generate the intermediary data encryption key I_DEK.
In block 1210, the intermediary data encryption key I_DEK is combined with the third data encryption key DEK3 to generate the second data encryption key DEK2, which can be used to decrypt the stored data. The third data encryption key DEK3 is received from the second source 140 and constitutes the second information mentioned in block 904 of
Thus, embodiments according to the present invention enhance security measures for protecting data-at-rest in scenarios where the host system becomes compromised and has its security keys extracted by an attacker, or in scenarios where the storage device is compromised by malicious firmware that captures and stores the host system's security keys, and then the storage device is removed from the host system or data center. Embodiments according to the invention guard against these scenarios using a second authentication factor that provides an added level of security against inside as well as outside attacks. In other embodiments, the second authentication factor is not given to the storage device if one or more conditions are not satisfied, providing yet another level of security.
While the foregoing disclosure sets forth various embodiments using specific block diagrams, flowcharts, and examples, each block diagram component, flowchart step, operation, and/or component described and/or illustrated herein may be implemented, individually and/or collectively, using a wide range of hardware, software, or firmware (or any combination thereof) configurations. In addition, any disclosure of components contained within other components should be considered as examples because many other architectures can be implemented to achieve the same functionality.
The process parameters and sequence of steps described and/or illustrated herein are given by way of example only and can be varied as desired. For example, while the steps illustrated and/or described herein may be shown or discussed in a particular order, these steps do not necessarily need to be performed in the order illustrated or discussed. The various example methods described and/or illustrated herein may also omit one or more of the steps described or illustrated herein or include additional steps in addition to those disclosed.
While various embodiments have been described and/or illustrated herein in the context of fully functional computing systems, one or more of these example embodiments may be distributed as a program product in a variety of forms, regardless of the particular type of computer-readable media used to actually carry out the distribution. The embodiments disclosed herein may also be implemented using software modules that perform certain tasks. These software modules may include script, batch, or other executable files that may be stored on a computer-readable storage medium or in a computing system. These software modules may configure a computing system to perform one or more of the example embodiments disclosed herein. One or more of the software modules disclosed herein may be implemented in a cloud computing environment. Cloud computing environments may provide various services and applications via the Internet. These cloud-based services (e.g., storage as a service, software as a service, platform as a service, infrastructure as a service, etc.) may be accessible through a Web browser or other remote interface. Various functions described herein may be provided through a remote desktop environment or any other cloud-based computing environment.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the disclosure is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the disclosure.
Embodiments according to the invention are thus described. While the present disclosure has been described in particular embodiments, it should be appreciated that the invention should not be construed as limited by such embodiments, but rather construed according to the following claims.
