Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mt Fuji Meeting June 5th/6th, 2007 SecurDisc. Nero action items SecurDisc 1.DUID redundancy 2.Drive and host Revocation 1. Revocation mechanism 1. Authentication.

Published byClarence Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "Mt Fuji Meeting June 5th/6th, 2007 SecurDisc. Nero action items SecurDisc 1.DUID redundancy 2.Drive and host Revocation 1. Revocation mechanism 1. Authentication."— Presentation transcript:

1 Mt Fuji Meeting June 5th/6th, 2007 SecurDisc

2 Nero action items SecurDisc 1.DUID redundancy 2.Drive and host Revocation 1. Revocation mechanism 1. Authentication 2. Writer application 3. Reader application 2. Updating revocation information 3.Command set changes 1. SecurDisc Feature Descriptor, CPA bit 2. Send Key, Key Format 0

3 1. DUID redundancy The Disc Unique ID (DUID) is written in an unused Lead-In area. In order to increase the reliability against scratches, defects etc it is written in different ECC blocks.

4 2. Drive and host revocation Drive and host revocation can be performed in two steps: 1.During authentication process 2.Before reading and decrypting SecurDisc protected user data In order to perform revocation following elements are needed:  Drive Revocation Block (DRB): build in host, used to revoke compromised drives during authentication  Application Authentication Revocation Block (AARB): stored in the drive, used to revoke compromised applications during authentication  Application Revocation Block (ARB): stored in the user data area of the disc, used to revoke compromised applications before reading and decrypting SecurDisc protected user data

5 2. Drive and host revocation – revocation mechanism 1. Authentication During authentication the drive checks if the application identified by his Application Unique ID (AUID) is valid using the AARB stored in the drive. The host checks if the drive identified by his Device Unique ID (DEVID) is valid using the DRB included in the application.

6 2. Drive and host revocation – revocation mechanism 2. Writer application Before writing starts, the host writes his build-in ARB into the user data area of the disc and uses the ARB as a key ingredient for encrypting user data.

7 2. Drive and host revocation – revocation mechanism 3. Reader application In order to decrypt the SecurDisc protected user data on a written disc the host needs to read the ARB from the disc and build a key ingredient for decrypting the user data using the ARB and the Application Unique ID (AUID).

8 2. Drive and host revocation – updating can revokelocationupdated DRB Drive Revocation Block DriveHost application Update of host application AARB Application Authentication Revocation Block Host application DriveDrive firmware update ARB Application Revocation Block Host application DiscUpdate of host application …which writes an updated ARB on a new disc. Compromised reader applications cannot build the key ingredient for decrypting data.

9 3. Command Set changes 1. SecurDisc Feature Descriptor, CPA bit Bit Byte 76543210 0 (MSB)Feature Code = 113h (LSB) 1 2 ReservedVersion = 0hPersistentCurrent 3 Additional Length = 04h 4 CPA 5 Reserved 6 7 CPA bit will be removed for version 0 (Version = 0) of this Feature Descriptor. Future versions may have this or additional bits in case additional drive features will be added and specified.

10 3. Command Set changes 2. SEND KEY, Key Format 0 Key Format code definitions for SEND KEY command (Key Class = 21h) Key FormatSent DataDescriptionAGID Use 000000b 000001b Host Key Contribution Send host random number and protocol version Valid AGID required 111111bNone Invalidate Specified AGID. Invalidating an invalid AGID shall not be considered an error. An AGID that has not been granted shall be considered invalid. All other values Reserved In order to be conform with the SEND KEY definitions in Mt. Fuji where each Key Format number of REPORT KEY has a functional equivalent for SEND KEY, we changed the Key Format for Host Key Contribution from 000000b to 000001b.

Download ppt "Mt Fuji Meeting June 5th/6th, 2007 SecurDisc. Nero action items SecurDisc 1.DUID redundancy 2.Drive and host Revocation 1. Revocation mechanism 1. Authentication."

Similar presentations

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
+======-========-========-========-========-========-========-========-========+ | Bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |Byte | | | | | | | | | |======+=======================================================================|

+======-========-========-========-========-========-========-========-========+ | Bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |Byte | | | | | | | | | |======+=======================================================================|
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’

A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT

CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.

Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features 4.0.5 Voicemail Interoperability – 4.0(5) Voice Connector features Rahul Singh.

1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features Voic Interoperability – 4.0(5) Voice Connector features Rahul Singh.
Dan Boneh Authenticated Encryption Case study: TLS Online Cryptography Course Dan Boneh.

Dan Boneh Authenticated Encryption Case study: TLS Online Cryptography Course Dan Boneh.

Similar presentations

Ads by Google