1. Field of the Invention
The present invention relates to disk drives for computer systems. More particularly, the present invention relates to a secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network.
2. Description of the Prior Art
Security is of primary concern in network communications, particularly transactions taking place over the Internet. Highly sophisticated encryption algorithms have been employed to protect the integrity of sensitive data while in transit over public lines (transmission lines subject to inspection). The encryption algorithms are typically so reliable that it has become extremely difficult for an attacker to decipher a message that has been intercepted without access to the secret keys used to decrypt the message. Thus, attackers have focused their efforts on the destination or source computers and software involved in the transaction, either by attempting to intercept the message before encryption or after decryption, or by attempting to discover the secret keys used to decrypt the messages.
For example, an attacker may attempt to steal a disk drive from a network and then read the stored data at their leisure. Storing the data in encrypted form protects against this type of attack since the data cannot be deciphered even if the disk drive is stolen. This, however, does not protect against an attacker monitoring the encryption process as it takes place on a computer connected to the disk drive. Computers and the software running thereon are typically susceptible to various types of probing, such as with debuggers or logic analyzers, as well as virus programs which may allow access to otherwise protected information. For example, a virus program may be introduced into a computer's operating system by attaching the virus to an email.
A paper by H. Gobioff, G. Gibson, and D. Tygar entitled “Security for Network Attached Storage Devices”, Oct. 23, 1997, School of Computer Science, Carnegie Mellon University, suggests to implement the cryptographic circuitry and secret keys in tamper resistant circuitry within a disk drive where it is less susceptible to probing and virus attacks. These types of disk drives, referred to as NASD disk drives, are intended to be attached directly to a network in order to avoid the overhead associated with an intervening file server.
An overview of the security aspects suggested for a NASD disk drive is shown in FIG. 1A. A NASD disk drive 2 implements cryptography to communicate securely with a client computer 4 over a public network. Secret keys are used to encrypt and decrypt messages passed between the NASD disk drive 2 and client computer 4 so that any message intercepted in transit cannot be deciphered. In addition, the secret keys are used to transmit message authentication codes (MACs) which are used to verify the authenticity of the received messages.
To access the NASD disk drive 2, the client computer 4 sends a request 8, together with certain capability arguments, over a secure, private interface (not subject to inspection) to a file manager computer 6. The file manager computer 6 generates a secret client key 10 based on a secret working key together with the capability arguments received from the client computer 4. The secret client key 10 is transferred to the client computer 4 over the secure interface. The client computer 4 constructs an encrypted message 12 together with a MAC using the secret client key 10, and the encrypted message 12, including the capability arguments, is transferred to the NASD disk drive 2 over a public interface. The NASD disk drive 2 uses the secret working key and the capability arguments received in the message in order to reconstruct the secret client key which is then used to decrypt the encrypted message 12 as well as verify its authentication using the MAC. The NASD disk drive 2 then uses the secret client key to construct an encrypted reply 14 (including a MAC) which is transferred to the client 4. The file manager computer 6 may send a command 16 to the NASD disk drive 2 in order to change the secret working key, thereby decommissioning all of the previously issued secret client keys.
The above referenced paper suggests to implement the encryption, decryption, and message authentication facilities within the NASD disk drive 2 using tamper resistant circuitry to provide protection against probing attackers. However, the key management facilities implemented by the file manager computer 6 are still susceptible to attack, including physical probing attacks as well as attacks using virus programs which manipulate the operating system in order to reveal protected information concerning the secret keys.
The Digital Transmission Content Specification or DTCP discloses a cryptographic protocol for protecting audio/video (A/V) content from unauthorized copying as it traverses digital transmission mechanisms from device to device. Only compliant devices manufactured to support the DTCP protocol are capable of transmitting or receiving the protected A/V content. Each device is manufactured with a unique device ID and a public/private key pair which facilitate authentication and encryption/decryption of the A/V content. When a source device receives a request to transmit protected A/V content to a sink device, the source and sink devices engage in an authentication transaction. If the authentication transaction is successful, the source device generates an exchange key which is communicated to the sink device. The exchange key is used by the sink device to generate a content key associated with each A/V stream which is used to decrypt the A/V stream.
A problem with the DTCP protocol is that the A/V content is decrypted as it is received by the sink device and then stored on a storage medium in plaintext form. When the content is transferred to another device, the plaintext data is recovered from the storage medium, re-encrypted, transmitted, and again decrypted by the sink device for storage in plaintext form. Thus, the A/V content is only encrypted during transmission, which renders it susceptible to discovery by an attacker probing the devices. For example, an attacker may monitor the encryption or decryption process as they execute on a device, or an attacker may evaluate the storage medium in order to recover the A/V content in its plaintext form.
U.S. Pat. No. 5,931,947 discloses a network storage device for use in a secure array of such devices to support a distributed file system. Each device is an independent repository of remotely encrypted data to be accessed by authorized network clients. All encryption is done by the clients, rather than by the devices, and the encrypted data is stored in encrypted form. Each network storage device comprises an owner key used to generate authentication keys within the device for authenticating messages received from the clients. However, the keys used by the clients for encrypting data and generating the message authentication codes are generated external to the devices by a system administrator which is susceptible to attack.
There is, therefore, the need to improve security in network communications, particularly with respect to probing attacks and virus attacks on computer operating systems.