Security in Storage Systems
June 18, 2019
Data security breaches are now high up the corporate agenda and ensuring that any product, process or system is secure is vital.
Microprocessors are now an everyday part of our lives, integrated into all kinds of devices from phones to cars, and computers to TVs. These microprocessors will all contain flash memory and in the modern world of hacks and data breaches, security is a growing concern.
Developing a data storage security strategy can be a very multifaceted task taking in legal requirements as well as affecting the system architecture and data protection. Most systems have security at each level, often referred to as layered security. The top level will look after the communication protocols and human interfaces while the application software level will provide encryption and user authentication. But when defining a security strategy for a device it is important to consider individual use cases, there is no one size fits all security solution.
Identification and Authentication
The security protocols need to start with the device identifying itself. There are various ways of authenticating this information, the most common being a password; biometric (for example fingerprint) forms of authentication are also becoming more common. A helpful security solution to combat the threat associated with memory is component authentication. Any device or system that fails to utilise some manner of component authentication can be at risk of having critical system components swapped out with unapproved components, which can compromise the design.
The vulnerability of a standard password approach can be addressed by adopting two factor or multi-factor authentication (MFA). This adds another layer of security, supplementing the username and password model with a code, often a one-time code or biometric information, to which only a specific user has access.
The next step is authorisation. Once a user has identified themselves they can be verified against an authorised dataset and if they are on the list, access can be granted.
Access control refers to the control over access to system resources; after a user's account credentials and identity have been authenticated, they have access to the system. There are various types of access control in use, including mandatory, discretionary, role based and rule based.
Mandatory Access Control (MAC) is the strictest of all levels of control taking a hierarchical approach to controlling access to resources. Under a MAC enforced environment, access to all resource objects (such as data files) is controlled by settings defined by the system administrator. It is by far the most secure form of access control but there are challenges, such as extensive forward planning and extensive system management requirements.
Unlike MAC, where access to system resources is controlled by the operating system, Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access control mechanism for most desktop operating systems.
Access under Role Based Access Control (RBAC) is based on a user's job function with permissions granted to job functions in an organisation. Finally, under Rule Based Access Control (RBAC) access is allowed or denied to resource objects based on a set of rules defined by a system administrator.
But at the heart of every drive is the data itself and the ultimate barrier is in protecting this should a breach occur. The best way to protect the data is to encrypt it at the hardware level. A Self-Encrypting Drive (SED) automatically and continuously encrypts the data on the drive without any user interaction. If the storage drive has a built-in controller that supports hardware encryption, such as a 256-bit AES encryption controller, you can use full disk encryption.
The foremost worldwide standard is Advanced Encryption Standard (AES), a substitution permutation network (SPN) block cipher algorithm. This works by taking a block of plain text and applying alternating rounds of substitution and permutation boxes to it at 128, 192 or 256 bits, depending on how strong the encryption needs to be. An encryption key is generated during the substitution-permutation process, allowing the data to be deciphered and read by the intended recipient. Without the key, though, the data are completely scrambled and unintelligible.
An additional benefit of a SED is the ability to cryptographically erase the drive. This means that an authenticated command can be sent to the drive to change the 256-bit encryption key stored on the drive, wiping the drive clean.
So far, the security methodologies have all been based on cryptography. Any cryptography system needs keys, and the challenge in such systems is to protect the key when they are on the system, but also during the key provisioning.
Successful key management is critical to the security of a cryptosystem. Keys can be symmetric or asymmetric. In symmetric key cryptography, the same encryption key is used to both encrypt and decrypt the data. Asymmetric keys, on the other hand, are a pair of keys for the encryption and decryption of the data, respectively. A key management system will be required to manage these keys throughout the lifecycle of the system.
As discussed earlier, solutions need to be tailored to each specific use case. For secure applications such as mobile payments, secure mobile communications and digital rights management (DRM), a dedicated proprietary firmware will be required in order to utilise the ISO 7816 interface to implement encryption key management, and to communicate securely and reliably with a host application. To achieve this on any SD Card controller and NAND flash it is possible to integrate a Smart Card IC like those integrated in any credit or SIM card. Optionally, NFC functionality including an antenna can be integrated.
Other interfaces supported by Hyperstone controllers can be driven directly through the customer firmware extension (CFE). For example, featuring 16 GPIOs, Hyperstone’s S8 offers additional interfaces such as SDIO3.0, SPI or I2C. Proprietary commands of a host application can be transported via SD/MMC protocol. A software development kit is made available to develop applications.
The Hyperstone application programming interface (API) is a solution enabler for flash memory controllers as it increases the realm of possibilities available for customer designs. These custom applications can be developed independently of the flash memory controller firmware. As a result, the CFE will be part of the firmware code and will be integrated alongside other firmware features. Most of them are executed in the background and are transparent to the user but associated with the safety, the endurance and the performance of the flash memory.
Hyperstone’s flash controller API enables the development of dedicated proprietary features through a user-friendly kit. Several functions have already been implemented into the standard firmware to ease CFE development and enable advanced features. Continuous enhancements to the standard firmware ensure that the potential to add additional functions continues to grow.
By using the API, a CFE can be developed under the strict control of the API User. This is essential to implement security or key feature differentiators. A full set of utilities and examples is delivered with the API documentation, which enables a quick ramp up to implement proprietary firmware extension.
With greater use of data and hence memory in future devices the challenges of maintaining security will become ever more important. However, by ensuring that you have a structured approach to security at every level and a strategy that is fit for the application, security of storage devices can be maintained. But one thing is clear: security can no longer be an after thought or add on, it must be at the heart of the entire design process.
Damien Col is the Technical Marketing Manager for Hyperstone and is responsible for technical papers, application notes and detailed technical information for customers and to support sales force (competitive analysis, performance benchmarking, communication of unique selling points and customer benefits). He also participates in new product specifications as well as defining and implementing Go-to-Market strategies, and representing Hyperstone in standardization committees. A seasoned professional with 20 years of experience with technical positions across the globe (France, Germany, USA, U.K., Israel), he previously held positions with various companies (ES2, Atmel, Synopsys, Sondrel). He holds a MScEE from ESIEE (Paris), and a MBA from EDHEC Business School (Nice, France).