Techniques for secure storage hijacking protection

摘要

A hijack-protected, secure storage device requires proof that the user has actual physical access to the device before protected commands are executed. Examples of protected commands include attempts to change storage device security credentials of the device, erasure of protected portions of the device, and attempts to format, sanitize, and trim the device. Various techniques for proving the actual physical possession include manipulating a magnet to control a magnetic reed switch located within the device, operating a momentary switch located within the device, altering light reaching a light sensor located within the device (such as by opening or shutting a laptop cover to change ambient light reaching the sensor), and manipulating a radio-transmitting device (such as a cell phone) near the storage device for detection of the manipulation by a compatible radio receiver located within the device.

主权项

1. A method comprising:
in a storage device, receiving a storage command from a host; and in response to the storage command being one of a plurality of types of protected storage commands, conditionally performing the storage command such that the storage command is only performed in response to a predetermined Proof of Physical Access (PPA) of the storage device being present during a predetermined window of time, and not performed otherwise, the plurality of types of protected storage commands comprising at least two of changing security credentials, formatting the storage device, sanitizing the storage device, erasing contents of a designated portion of the storage device, or a solid-state drive TRIM command.