User-friendly and secure TPM-based hard disk key management

Abstract

Today, computing platforms contain sensitive data of enterprises and private users. However, simple hard disk encryption solutions are not sufficient: swap areas and hibernation features still allow data leakage; the usage of authentication mechanisms based on passphrases, USB sticks, or other security tokens is cumbersome and of limited security benefit; finally, the encrypted data needs to be bound to the computing platform and/or the system software to prevent data leakage due to reboots and software manipulations. We describe work-in-progress towards using Trusted-Computing technology for hard disk encryption and secure hibernation, allowing to detect integrity breaches of system software. The design of the TPM-based key management scheme considers requirements of both business scenarios and private users to guarantee availability of the encrypted data. The main advantage of our solution is that it protects data at rest while providing a very high degree of user-friendliness: In one setting the system does not require any more user interaction than a completely unprotected system. © 2009 Vieweg+Teubner Verlag | GWV Fachverlage GmbH, Wiesbaden.