Topics –Peerless –Peerless Latent Data Security Features –Data Security Applications for Removable Storage • Peerless DRM Solution Discussion • Peerless Enterprise/Government Centric Data Security Solution Discussion –Synopsis of message
About Fred C Thomas III
Fred Charles Thomas III - Engineer and Inventor
Fred Thomas received a BS in Mechanical Engineering with a Minor in Physics from Bucknell University in 1982. In 1990 he received a MS in Mechanical Engineering specializing in Control Systems and Non-linear Dynamics.
His awards include the International Design Excellence Award in 2009, Industrial Forum Product Design Award in 2008, "Nano50 Award" for "Subwavelength Optical Data Storage" in 2005, Lemelson-MIT "Inventor of the Week" Award in 2004, Iomega "Exceptional Invention Award" in 1999, and Laser Focus World "Electro-Optic Application of the Year Award" in 1994.
Peerless DRM and
Enterprise Security-
Enabled Removable
Data Storage Cartridges
A discussion of security issues
and architectures for removable
data storage.
!"#$%&'()*+,%-'.#/%�'1(2(3.+4,%5$67%89:,%89:
RSA Conference 2002
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
2
• The Presenter – Fred Thomas
• Iomega Involvement – Who is Iomega?
• Topics
–Peerless
–Peerless Latent Data Security Features
–Data Security Applications for Removable Storage
• Peerless DRM Solution Discussion
• Peerless Enterprise/Government Centric Data Security Solution
Discussion
–Synopsis of message
Overview of Today’s Presentation
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
3
Peerless Description
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
4
General
•
Disk Storage Capacity
•
Operating System Compatibility
– USB
– IEEE 1394
•
External Connections
– USB
– IEEE 1394
10GB or 20GB
Windows 98 / Me / 2000, Mac OS 8.6 - 9.x
Windows 98 SE/ Me / 2000, Mac OS 8.6 - 9.x
USB connector
(2) 6-pin 1394 connectors
Peerless Specifications
Performance
•
Average Seek Time
•
Typical Start/Stop time
•
Average Data Transfer Rate
– USB
– IEEE 1394
•
Segmented Buffer with write cache
•
Rotational Speed
112 ms (read), 13 ms (write)
3.0 sec
Up to 1 MB/sec
Up to 15 MB/sec
2MB - Upper 174KB is used for Firmware
4200 RPM
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
5
Peerless Latent Security Features
• Secure Memory Device (SMD) with cryptographic authentication
(SmartCard Technology) in Peerless data storage cartridge.
• Asymmetric encryption keys and strings embedded in SMD.
• Drive µP capable of host PC isolated asymmetric string
encryption.
• Factory encryption of cartridge unique media serial number with
private key series for cartridge seeding.
• Unalterable media serial number – In SMD and on media.
• Cartridge based latent irradiance tag authentication system.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
6
Peerless Block Diagram
Inertial
Latch
Voice
Coil
Motor
Spin
Motor
Pre-
Amp
Secure
IC
ESD
Protectio
n
Eject
Mechanis
m
Motor
ID
Tag
ID
Circuitry
External
Memory
Read
Channel
VCM
Driver
Spindle
Driver
Micro-
Cntrlr
ROM
RAM
LCD
Micro-
Cntrlr
Logi
c
RAM
Power
Supply
IDE Slave
I/O
Expansion
LED
Power
Electronics
ROM
Logi
c
Peerless
Cartridge
Jasper DE
Cartridge
Flex
HDD PCA
Drive PCA
Connector
PCA
Peerless Drive
Interface
Module
Bus
Switch
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
7
Data Security Applications for
Removable Data Storage
• DRM (Digital Rights Management)
• Enterprise Secure Drive Product
– Address the data security needs of the
enterprise/government organization, not the
individual.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
8
What is DRM?
• Digital Rights Management.
• In this context, DRM means the use of technology to protect
copyrighted information in digital form.
– e.g. Music, Video, Publications
– Technology Objectives: Check-in Check-out, Limited device play
capability, tracking of content owners, limited digital copying, tying
content to limited hardware, etc.
• The industry players driving DRM are the “Content Providers.”
– BMG Entertainment, Sony, EMI Capitol Records, Universal Music Group,
… etc.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
9
• DRM Roles:
– Content Providers
– Security Technology providers (H/W, encryption: RSA, Certicom, Atmel,
DigiMarc, etc.)
– DRM Secure Delivery providers (Host Software: Liquid Audio, InterTrust,
MicroSoft)
– DRM Enablers (Device Mfgrs: Iomega, MicroSoft, SanDisk, Diamond
Rio, etc.)
– DRM Killers (Napster, open environment computers, internet, hackers ..)
• Iomega perspective:
Iomega should address the basic DRM problem from a removable media
provider’s perspective in a robust manner, but also in a manner that is as
user/customer non-intrusive as possible.
What is the Role of Removable Data Storage
Drive/Media Manufacturer In the DRM Landscape?
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
10
• Removable Data Storage Drive/Cartridge’s DRM Role:
Pass a unique*, unaltered and authenticated media
serial number (MSN) from an Iomega data cartridge to
a third-party DRM Software application upon an
invoked authenticated MSN transfer call by the third-
party DRM Software application. This should be done
without the requirement for Internet connectivity.
*At present all Iomega removable magnetic media has a unique
media serial number encoded on it.
What is the Requirement of DRM
from Removable Data Storage?
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
11
The Removable Data Storage Secure
Pipe Problem
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
12
Peerless SMD Contents
MS# -
Peerless Media Serial #
DK -
Drive Private Key # (1 of numerous loaded at
factory off of trade-secret list)
DKI# -
Drive Private/Public Key Index number
FEMS# -
Factory Encrypted MS#
(asymmetrically encrypted at Factory
with trade-secret private key list L4)
FKI# -
Factory Private/Public Key Index Number
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
13
A DRM Protocol for Peerless
1 ) U s e D K I # t o g e t D K t o d e c r y p t E S 1 .
2 ) C h e c k f o r R # 1 i n E S 1 .
3 ) U s e F K I # t o g e t F K t o d e c r y p t F E M S # .
4 ) C o m p a r e r e s u l t w i t h M S # .
5 ) I f m a t c h - A T i s c o m p l e t e !
D R M C a p a b l e
T h i r d - P a r t y
S o f t w a r e
A p p lic a t io n w i t h
I o m e g a A M C
T o o l k i t
I o m e g a
S o f t w a r e D r i v e r
I o m e g a
R e m o v a b l e
M e d i a D r i v e
I o m e g a D a t a
S t o r a g e M e d ia
D o w n t h e P i p e E v e n t s
U p t h e P i p e E v e n t s
1 ) G e n e r a t e R # 1 ( R a n d o m # 1 )
& s t o r e
2 ) I n v o k e A T ( A u t h e n t i c a t e d
T r a n s f e r )
A T , R # 1
1 ) G e n e r a t e R # 2
2 ) S t o r e R # 1 & R # 2
A T , R # 1 , R # 2
1 ) R e c i e v e s A T r e q u e s t .
2 ) C h e c k s c a r t r i d g e p h o p h o r t a g .
3 ) A u t h e n t i c a t e s w i t h S M D .
4 ) F e t c h e s M S # , D K , D K I # ,
F E M S # & F K I # f r o m S M D .
S M D a u t h e n t i c a t i o n
v a r i a b l e s .
S M D a u t h e n t i c a t i o n
v a r i a b l e s f o l l o w e d b y
M S # , D K , D K I # , F E M S # & F K I #
1 ) S M D a u t h e n t i c a t i o n r e s p o n s e
c a l c u l a t i o n .
2 ) P h y s i c a l r e a d in g o f m e d ia M S #
b y a c t u a t o r .
3 ) P h o s p h o r t a g g l o w s i n
a p p r o p r i a t e m a n n e r .
1 ) C o m p a r e s S M D M S # w i t h m e d ia
M S # .
2 ) A s m m e t r i c a l l y e n c r y p t M S # , R # 1 ,
R # 2 , F E M S # & F K I # u s i n g D K t o
p r o d u c e E S 1 .
3 ) P a s s E S 1 & D K I # t o I D S .
E S 1 , D K I #
1 ) U s e D K I # t o g e t D K t o d e c r y p t E S 1 .
2 ) C h e c k f o r R # 1 & R # 2 i n E S 1 .
3 ) P a s s E S 1 & D K I # t o T P S .
E S 1 , D K I #
A P e e r l e s s P a t h t o R o b u s t D R M S u p p o r t C a p a b i l i t y
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
14
Why a Enterprise Centric Secure
Removable Data Storage Product?
• Allows utility of cartridge-based removable data
storage technology into corporate, university &
government computing environments where
removable storage is seen as a liability at present
due to information security considerations.
• A seamless solution which supports a spectrum of
data security solutions as a core building block.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
15
Specific Enterprise Secure Drive
System Objectives
•
Provide enterprise centric security solution, not individual centric solution
• Data transportability within the enterprise while addressing the
“Dedicated Insider Threat”
• Maintain ability to physically secure data and enhance this attribute
•
Incorporate linkage and support of user authentication and tracking in
disk file management
•
Secure and authenticated drive data transfers
• Manage “possible” security lapses in future - updateable system
• Provide enterprise centric Digital Rights Management (DRM) – Secure
Pipe
• Transparent compatibility with other data encryption software
•
Low cost solution / do not re-invent the wheel / use existing technology
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
16
Enterprise Secure Drive Building
Blocks
• Encryption (Symmetric vs. Asymmetric)
• Authentication (Hash Function, Digital Signatures &
Biometric)
• Distribution of security
• Physical linkage (Smart Card Secure Memory
Devices)
• Migration capable
• RF tag technology
• “Non-exposed” security mechanisms
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
17
The “Cash in the Bag” Problem
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
18
Peerless Enterprise Drive Distributed
Encryption Key Implementation
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
19
Conclusions about Security Market from the
Perspective of Removable Data Storage
• Hard to see path to DRM revenues from removable data storage
supplier perspective at present.
• Enterprise Secure Drive product may be a large niche market for
Iomega with long legs into the future.
• From a technology development perspective, both robust DRM
and Enterprise security for removable data storage can be
addressed with many of the same tools and resources. Co-
development recommended.
• To most effectively address and sell to this market, Iomega should
seek an appropriate E-Security partner.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
20
Objectives of Today’s Talk
• Create an awareness of Peerless and other Iomega removable
storage devices fielded data security technologies within the E-
security community.
• Explore possible routes to commercializing this new class of
security features embedded within removable data storage
devices. We are looking for a partner/partners with a strong
presence in the enterprise/government data security marketplace,
with a focus on hardware solutions. This partner/partners would
provide resources to help evaluate, develop and sell a secure
removable data storage solution for this market.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
21
Iomega Contact Information
Business Contact:
Tim Dammon
Product General Manager
Iomega Corporation
4435 Eastgate Mall
San Diego, CA 92121
Phone: 858-795-7049
Fax: 858-795-7004
Email: dammon@iomega.com
Technical Contact:
Fred Thomas
Chief Technologist, Adv. R&D, R&D
Iomega Corporation
1821 West Iomega Way
Roy, UT 84067
Phone: 801-332-4662
Fax: 801-332-1030
Email: thomasf@iomega.com
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
22
Have a Good Day!
Enterprise Security-
Enabled Removable
Data Storage Cartridges
A discussion of security issues
and architectures for removable
data storage.
!"#$%&'()*+,%-'.#/%�'1(2(3.+4,%5$67%89:,%89:
RSA Conference 2002
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
2
• The Presenter – Fred Thomas
• Iomega Involvement – Who is Iomega?
• Topics
–Peerless
–Peerless Latent Data Security Features
–Data Security Applications for Removable Storage
• Peerless DRM Solution Discussion
• Peerless Enterprise/Government Centric Data Security Solution
Discussion
–Synopsis of message
Overview of Today’s Presentation
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
3
Peerless Description
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
4
General
•
Disk Storage Capacity
•
Operating System Compatibility
– USB
– IEEE 1394
•
External Connections
– USB
– IEEE 1394
10GB or 20GB
Windows 98 / Me / 2000, Mac OS 8.6 - 9.x
Windows 98 SE/ Me / 2000, Mac OS 8.6 - 9.x
USB connector
(2) 6-pin 1394 connectors
Peerless Specifications
Performance
•
Average Seek Time
•
Typical Start/Stop time
•
Average Data Transfer Rate
– USB
– IEEE 1394
•
Segmented Buffer with write cache
•
Rotational Speed
112 ms (read), 13 ms (write)
3.0 sec
Up to 1 MB/sec
Up to 15 MB/sec
2MB - Upper 174KB is used for Firmware
4200 RPM
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
5
Peerless Latent Security Features
• Secure Memory Device (SMD) with cryptographic authentication
(SmartCard Technology) in Peerless data storage cartridge.
• Asymmetric encryption keys and strings embedded in SMD.
• Drive µP capable of host PC isolated asymmetric string
encryption.
• Factory encryption of cartridge unique media serial number with
private key series for cartridge seeding.
• Unalterable media serial number – In SMD and on media.
• Cartridge based latent irradiance tag authentication system.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
6
Peerless Block Diagram
Inertial
Latch
Voice
Coil
Motor
Spin
Motor
Pre-
Amp
Secure
IC
ESD
Protectio
n
Eject
Mechanis
m
Motor
ID
Tag
ID
Circuitry
External
Memory
Read
Channel
VCM
Driver
Spindle
Driver
Micro-
Cntrlr
ROM
RAM
LCD
Micro-
Cntrlr
Logi
c
RAM
Power
Supply
IDE Slave
I/O
Expansion
LED
Power
Electronics
ROM
Logi
c
Peerless
Cartridge
Jasper DE
Cartridge
Flex
HDD PCA
Drive PCA
Connector
PCA
Peerless Drive
Interface
Module
Bus
Switch
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
7
Data Security Applications for
Removable Data Storage
• DRM (Digital Rights Management)
• Enterprise Secure Drive Product
– Address the data security needs of the
enterprise/government organization, not the
individual.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
8
What is DRM?
• Digital Rights Management.
• In this context, DRM means the use of technology to protect
copyrighted information in digital form.
– e.g. Music, Video, Publications
– Technology Objectives: Check-in Check-out, Limited device play
capability, tracking of content owners, limited digital copying, tying
content to limited hardware, etc.
• The industry players driving DRM are the “Content Providers.”
– BMG Entertainment, Sony, EMI Capitol Records, Universal Music Group,
… etc.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
9
• DRM Roles:
– Content Providers
– Security Technology providers (H/W, encryption: RSA, Certicom, Atmel,
DigiMarc, etc.)
– DRM Secure Delivery providers (Host Software: Liquid Audio, InterTrust,
MicroSoft)
– DRM Enablers (Device Mfgrs: Iomega, MicroSoft, SanDisk, Diamond
Rio, etc.)
– DRM Killers (Napster, open environment computers, internet, hackers ..)
• Iomega perspective:
Iomega should address the basic DRM problem from a removable media
provider’s perspective in a robust manner, but also in a manner that is as
user/customer non-intrusive as possible.
What is the Role of Removable Data Storage
Drive/Media Manufacturer In the DRM Landscape?
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
10
• Removable Data Storage Drive/Cartridge’s DRM Role:
Pass a unique*, unaltered and authenticated media
serial number (MSN) from an Iomega data cartridge to
a third-party DRM Software application upon an
invoked authenticated MSN transfer call by the third-
party DRM Software application. This should be done
without the requirement for Internet connectivity.
*At present all Iomega removable magnetic media has a unique
media serial number encoded on it.
What is the Requirement of DRM
from Removable Data Storage?
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
11
The Removable Data Storage Secure
Pipe Problem
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
12
Peerless SMD Contents
MS# -
Peerless Media Serial #
DK -
Drive Private Key # (1 of numerous loaded at
factory off of trade-secret list)
DKI# -
Drive Private/Public Key Index number
FEMS# -
Factory Encrypted MS#
(asymmetrically encrypted at Factory
with trade-secret private key list L4)
FKI# -
Factory Private/Public Key Index Number
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
13
A DRM Protocol for Peerless
1 ) U s e D K I # t o g e t D K t o d e c r y p t E S 1 .
2 ) C h e c k f o r R # 1 i n E S 1 .
3 ) U s e F K I # t o g e t F K t o d e c r y p t F E M S # .
4 ) C o m p a r e r e s u l t w i t h M S # .
5 ) I f m a t c h - A T i s c o m p l e t e !
D R M C a p a b l e
T h i r d - P a r t y
S o f t w a r e
A p p lic a t io n w i t h
I o m e g a A M C
T o o l k i t
I o m e g a
S o f t w a r e D r i v e r
I o m e g a
R e m o v a b l e
M e d i a D r i v e
I o m e g a D a t a
S t o r a g e M e d ia
D o w n t h e P i p e E v e n t s
U p t h e P i p e E v e n t s
1 ) G e n e r a t e R # 1 ( R a n d o m # 1 )
& s t o r e
2 ) I n v o k e A T ( A u t h e n t i c a t e d
T r a n s f e r )
A T , R # 1
1 ) G e n e r a t e R # 2
2 ) S t o r e R # 1 & R # 2
A T , R # 1 , R # 2
1 ) R e c i e v e s A T r e q u e s t .
2 ) C h e c k s c a r t r i d g e p h o p h o r t a g .
3 ) A u t h e n t i c a t e s w i t h S M D .
4 ) F e t c h e s M S # , D K , D K I # ,
F E M S # & F K I # f r o m S M D .
S M D a u t h e n t i c a t i o n
v a r i a b l e s .
S M D a u t h e n t i c a t i o n
v a r i a b l e s f o l l o w e d b y
M S # , D K , D K I # , F E M S # & F K I #
1 ) S M D a u t h e n t i c a t i o n r e s p o n s e
c a l c u l a t i o n .
2 ) P h y s i c a l r e a d in g o f m e d ia M S #
b y a c t u a t o r .
3 ) P h o s p h o r t a g g l o w s i n
a p p r o p r i a t e m a n n e r .
1 ) C o m p a r e s S M D M S # w i t h m e d ia
M S # .
2 ) A s m m e t r i c a l l y e n c r y p t M S # , R # 1 ,
R # 2 , F E M S # & F K I # u s i n g D K t o
p r o d u c e E S 1 .
3 ) P a s s E S 1 & D K I # t o I D S .
E S 1 , D K I #
1 ) U s e D K I # t o g e t D K t o d e c r y p t E S 1 .
2 ) C h e c k f o r R # 1 & R # 2 i n E S 1 .
3 ) P a s s E S 1 & D K I # t o T P S .
E S 1 , D K I #
A P e e r l e s s P a t h t o R o b u s t D R M S u p p o r t C a p a b i l i t y
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
14
Why a Enterprise Centric Secure
Removable Data Storage Product?
• Allows utility of cartridge-based removable data
storage technology into corporate, university &
government computing environments where
removable storage is seen as a liability at present
due to information security considerations.
• A seamless solution which supports a spectrum of
data security solutions as a core building block.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
15
Specific Enterprise Secure Drive
System Objectives
•
Provide enterprise centric security solution, not individual centric solution
• Data transportability within the enterprise while addressing the
“Dedicated Insider Threat”
• Maintain ability to physically secure data and enhance this attribute
•
Incorporate linkage and support of user authentication and tracking in
disk file management
•
Secure and authenticated drive data transfers
• Manage “possible” security lapses in future - updateable system
• Provide enterprise centric Digital Rights Management (DRM) – Secure
Pipe
• Transparent compatibility with other data encryption software
•
Low cost solution / do not re-invent the wheel / use existing technology
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
16
Enterprise Secure Drive Building
Blocks
• Encryption (Symmetric vs. Asymmetric)
• Authentication (Hash Function, Digital Signatures &
Biometric)
• Distribution of security
• Physical linkage (Smart Card Secure Memory
Devices)
• Migration capable
• RF tag technology
• “Non-exposed” security mechanisms
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
17
The “Cash in the Bag” Problem
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
18
Peerless Enterprise Drive Distributed
Encryption Key Implementation
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
19
Conclusions about Security Market from the
Perspective of Removable Data Storage
• Hard to see path to DRM revenues from removable data storage
supplier perspective at present.
• Enterprise Secure Drive product may be a large niche market for
Iomega with long legs into the future.
• From a technology development perspective, both robust DRM
and Enterprise security for removable data storage can be
addressed with many of the same tools and resources. Co-
development recommended.
• To most effectively address and sell to this market, Iomega should
seek an appropriate E-Security partner.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
20
Objectives of Today’s Talk
• Create an awareness of Peerless and other Iomega removable
storage devices fielded data security technologies within the E-
security community.
• Explore possible routes to commercializing this new class of
security features embedded within removable data storage
devices. We are looking for a partner/partners with a strong
presence in the enterprise/government data security marketplace,
with a focus on hardware solutions. This partner/partners would
provide resources to help evaluate, develop and sell a secure
removable data storage solution for this market.
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
21
Iomega Contact Information
Business Contact:
Tim Dammon
Product General Manager
Iomega Corporation
4435 Eastgate Mall
San Diego, CA 92121
Phone: 858-795-7049
Fax: 858-795-7004
Email: dammon@iomega.com
Technical Contact:
Fred Thomas
Chief Technologist, Adv. R&D, R&D
Iomega Corporation
1821 West Iomega Way
Roy, UT 84067
Phone: 801-332-4662
Fax: 801-332-1030
Email: thomasf@iomega.com
Feb. 21, 2002
Fred Thomas, RSA Conference
2002
22
Have a Good Day!