1. Technical Field
The present invention relates generally to electronic data storage systems and in particular to security of electronic file systems on a data storage medium. Still more particularly, the present invention relates to a method and system for enabling secure storage of and access to an encryption key for an electronic file system located on a data storage medium within a trusted computer platform.
2. Description of the Related Art
The protection of sensitive data is very important to users of computer systems. For example, data such as personnel records or customer credit card numbers may be stored on a computer, and if that computer (or even just the storage media) is stolen, the thief has access to the sensitive information. This is especially troublesome with laptop computers, which are frequently stolen. Moreover, information may be misappropriated even when the storage media is not physically taken, such as when an unauthorized individual gains access to a computer (possibly when that computer is simply online) and copies information from some or all of its files.
To protect information, one type of security procedure involves encrypting the data, so that even if the data falls into the wrong hands, it cannot be read without a key. Encryption of file systems (i.e., utilization of encrypting file systems (EFS) is becoming a common requirement to enable security of components saved on hard disks of computer systems that are accessible by multiple users or are subject to theft, etc. Many application level programs provide some form of such encryption. While better than nothing, however, such existing encryption schemes suffer from a myriad of problems. Most notable among the problems is that the encrypted data is still susceptible to a number of attacks.
Although encryption of EFS protects the files from unsophisticated hackers/attacks, more experienced/sophisticated attackers have found ways to crack into encrypted file systems. During encryption an encryption key is generated and saved within a register on the disk. This encryption key is required to later gain access to the EFS. Possible attacks to the EFS include opening up the hard disk and looking at the files bit by bit to find the key. Thus, keys that are hidden on the hard disk or merely hashed for comparison are not likely to work. Even with advanced EFS and encryption measures, a sophisticated attacker is still able to gain access to the EFS on the hard disk by scanning the hard disk for the key. One approach to providing added protection to EFSs involves the creation of the trusted computer platform, which is typically operated with Linux operating system.
The standards governing the trusted computer platform are promulgated by the Trusted Computer Platform Alliance (TCPA). Specifications for TCPA may be found at the URL (universal resource locator) address on the world-wide web (www) page “trustedpc.org,” relevant contents of which are hereby incorporated by reference. TCPA provides a trusted platform module (TPM) chip, which enables data to be encrypted along with password/encryption key, both of which are stored within the TPM chip. The TPM chip is able to read/decipher the encryption key and the blob internally. Entry of the correct authorization/password will cause the TPM to decrypt the encryption key and/or blob and export the key and/or the file.
FIG. 5A illustrates a simple configuration of a TPM chip 507 and internal data, which includes an encrypted file (i.e., the blob) 506, the encryption key 508, and control code (or logic) 510. Control code 510 responds to the receipt of correct authorization data by decrypting and exporting the encryption key 508, and later exporting the encrypted file 506 from the TPM chip 507. The encryption process is controlled by an encryption algorithm 509, which receives the file and encryption request from the application 501 and operating system (OS) 503. OS 503 operates via the OS kernel 505.
FIG. 5B illustrates the process by which the encryption key is returned to the OS (or OS kernel) when a correct user password is provided to the TPM chip 507. Analysis of the password and other encryption processes are controlled by the EFS 504, which encompasses the encryption algorithm of FIG. 5A. FIG. 5C then depicts the exporting of the files after being decrypted from the blob 506 within the TPM.
One security measure utilized with TCPA is secure hashing. Secure hashing is a one-way, non-linear, encryption method in which 2 or more data values are “hashed” (or combined) to create a new value. Once hashing is completed, the original data values cannot be obtained from the new value because there is no reverse-hashing process available. Thus, for example, a secure hashing algorithm (SHA) takes two 20 byte values and produces a unique 20 byte output. SHA is thus utilized in cryptographic/encryption processes.
With TCPA and EFS, one primary security issue is providing secure storage of the encryption key to prevent the key from being found and utilized by someone for whom access to the file system is not authorized. Often, the user of a multi-user or networked computer system may desire to access the EFS remotely, and he/she may keep the authorization key/password on his person to be able to do so. However, this means that the system must be booted without the password (i.e., in an un-secure fashion) and is not necessarily a trusted/secure system. Any person who acquires the password can then access the file system after the computer system is booted and the person provides the password.
Providing complete security for an EFS utilizing standard encryption techniques has not been possible. With TCPA, the user typically wishes the platform to boot unattended, i.e., without human intervention/input. Having the key made available on the hard drive during the boot sequence is one option. It is not difficult for an operating system (OS) to encrypt data with a secure algorithm and store the data and the encryption key on the hard disk. Currently, however, there is no method to create a file system that encrypts files on a hard disk without exposing the key stored on the hard drive. As indicated above, there is no secure way to store the key on the hard drive because anyone can simply analyze the hard drive to find the key and thereby gain access to the file system.
The present invention thus recognizes that it would be desirable to provide a method and system for securely storing and/or hiding the encryption key required for accessing encrypted file systems on a data processing system. A method and system that utilizes SHA with the platform control registers (PCRs) of a computer system during a boot process to provide secure/trusted access to an encryption key required for accessing an EFS on a trusted computer platform would be a welcomed improvement. These and other benefits are provided by the invention described herein.