Choosing-a-Secure-SSD-for-Rugged-Applications-Whitepaper

Introduction

Security of stored data, or information, has become an important criterion for selection of FLASH SSDs. As SSD adoption has proliferated from consumer and enterprise environments to industrial and rugged environmental applications, the need to understand and compare security features offered by the drives available on the market has also grown. This white paper discusses a few of the details when security is a key required factor for your decision.

SSD Security

The term “Security” as it applies to SSDs refers primarily to two things:

• Data Security: Allowing data access only to authorized personnel

• Data Clearance (sometimes called Data Elimination): Clearing or wiping information on the drive so it can no longer be accessed by normal or forensic methods (Typically, before discarding/reusing the drive)

Although some of the security standards include physical requirements, this paper focuses on the technological aspects of security implementation and features based on several common application requirements.

Application Requirements

A few of the most common application requirements are the following:

• Confidentiality: Access to data by authorized personnel only

• Write-Protect: Preserve data through the duration of a “mission”

• Secure Erase: Remove access to data through all means

• Standards compliance as specified in product requirements

Confidentiality: Access to Data by Authorized Personnel Only

Encryption is used to ensure that only authorized personnel can access the data on a drive. Depending on the level of security required, either symmetric or asymmetric encryption/decryption can be implemented. In symmetric implementations, the same key is used for both encryption and decryption.

Asymmetric encryption uses a related pair of “keys,” a public key and a private key. A public key is used to encrypt data, which can only be decrypted by the corresponding private key. The public key can be openly shared to allow anyone to encrypt information, but the private key, used for decryption, must be kept confidential, and is made available only to authorized users. This is analogous to a physical door that can be locked shut by anyone, but only users with the physical key can unlock the door.

In addition to the encryption function, it is critically important how the keys are managed (i.e., stored, transmitted, used). For example, the drive itself should not store the private key because anyone possessing the drive could decrypt its data. The most common standard for key management is TCG Opal. TCG Opal defines a protocol for the encryption interaction between a drive and a host.

There are several encryption standards and key lengths available for use and Self-Encrypting Drives (SEDs) provide encryption/ decryption using on-board hardware to offload computational complexity from the system.

• Method (AES, RSA, etc.): This describes the algorithm used for the encryption. Some algorithms are more secure, i.e., difficult to overcome than others.

• Key strength (128-bit, 256-bit, etc.): The strength of encryption is largely dependent on the size or length of the keys used because of the number of possible keys. Each additional bit doubles the possible number of keys, so generally more is better. The tradeoff is that encrypting and decrypting with more bits is harder computationally. For example, if you used only a 3-bit key, a hacker could simply try all 8 (23) possible keys until they found the right one. Using current supercomputer technology, 128-bit encryption would take over a billion years to crack. Of course, computing technology continues to advance at a rapid pace, so many applications now require 256-bit encryption.

• Key management (TCG Opal, etc.): There are different protocols for decryption/encryption management between a drive and a host. TCG Opal is one of the industry standards. Other proprietary protocols could also be implemented.

Write Protect: Preserving Data through the Duration of a Mission

In some applications, preservation of data can be even more imporant than confidentiality. For example, consider a scenario in which a vehicle has mapping data which cannot change during the mission. Another example is when telemetry is collected during a mission and it is automatically write-protected while being transported to a ground station for download. Applications like these can leverage the hardware Write-Protect feature implemented in certain FLASH drives. For example, SMART RUGGED’s T5E and T5EN drives feature this capability.

Secure Erase: Remove Access to Data through All Means

Although the encryption capabilities described above are designed to protect the confidentiality of data, no encryption is 100% secure; it’s only a question of how difficult it is to defeat. For some applications, it is critical to eliminate all data on a drive such that it cannot be recovered through any means, normal or forensic. These applications can leverage SEDs with Secure Erase capability which completely purge data using specific industry-standard methods (e.g. DOD 5220.22-m, NSA CSS 9-12, etc.), some of which perform media overwrites to prevent forensic recovery. Drives that implement Secure Erase ensure that the erase process cannot be interrupted, even with a power cycle, once initiated, and will run to completion. Again, this feature is found in SMART’s T5E drive.

Standards

There are multiple standards to address the various needs of implementing a secure data access environment. These range from those mandated by government institutions to those developed by industry leaders. Chief among these are:

• FIPS: Federal Information Processing Standards

• CSfC: Commercial Solutions for Classified

FIPS

FIPS is a set of standards defined by NIST (National Institute of Standards and Technology), a United States government organization, for use in computer systems for non-military government computing. Two of the FIPS standards are relevant for SSDs:

• FIPS 197 (Rijndael / AES cipher): This 2001 standard defines how AES encryption works. All self-encrypting drives (SEDs) use AES encryption. Nearly all modern SSDs meet FIPS 197.

• FIPS 140-2/3 (Security requirements for cryptography modules): This standard defines a set of requirements for cryptography modules including both hardware and software components. The current standard is FIPS 140-3, but FIPS 140-2 certification is still acceptable until 2026. FIPS 140-2/3 Level 2 includes requirements for physical tamper evidence and role-based authentication.

CSfC (Commercial Solutions for Classified)

CSfC is an NSA program that defines a set of security requirements for handling classified information. CSfC includes Common Criteria which is an ISO-driven standard that enables computer security certifications to a set of standards. Systems providers can implement testable and certifiable security features and attributes that can be tested by independent laboratories for compliance.

Summary

Security considerations are important in the selection of SSDs for most applications and are being addressed by drive manufacturers and the industry. SMART Modular Technologies offers a full range of solutions including RUGGED storage products for a range of applications. Please contact your SMART Sales Representative to learn more about how SMART products can help address your security needs.

(Frequently asked Questions – FAQs)

Security considerations are important in the selection of SSDs for most applications and are being addressed by drive manufacturers and the industry. SMART Modular Technologies offers a full range of solutions including RUGGED storage products for a range of applications. Please contact your SMART Sales Representative to learn more about how SMART products can help address your security needs.

Q: What is SSD Security?

A: Security of stored data (information) primarily refers to two things:

• Data Security: Allowing content (information) access only to authorized personnel

• Data Clearance: Clearing information on the drive so it can no longer be accessed by normal or forensic methods. (For example, if a plane goes down in hostile territory)

Q: What are some common requirements for SSD Security?

A: A few of the most common application requirements for SSD security are the following:

• Access to data by authorized personnel only

• Preserving data through the duration of a mission

• Removing access to data through all means

• Standards compliance as specified in product requirements

Q: How is data protected on the drive?

A: The most common method to protect data on the drive is to encrypt it using a key. Only authorized users are provided with a key to retrieve the data.

Q: Are there standards for encrypting the data?

A: Yes. Standards such as AES, RSA, and others provide mechanisms for encrypting and decrypting data using keys, usually a sequence of numbers, and mathematical algorithms. In addition, there are industry-standards such as FIPS, TCG Opal, CSfC including Common Criteria (CC) etc. to facilitate interoperability of entire system components while preserving the security of data being handled.

Q: What is FIPS?

A: FIPS (Federal Information Processing Standards) is a set of standards defined by NIST (National Institute of Standards and Technology), a United States government organization, for use in computer systems for non-military government computing.

Two of the FIPS standards are relevant for SSDs:

• FIPS 197 (Rijndael / AES cipher): This 2001 standard defines how AES encryption works. All self-encrypting drives (SEDs) use AES encryption.

• FIPS 140-2/3 (Security requirements for cryptography modules): This standard defines a set of requirements for cryptography modules including both hardware and software components. FIPS 140-2/3 Level 2 includes requirements for physical temper-evidence and role-based authentication.

Q: What is CSfC, and how is it different than FIPS?

A: CSfC, or Commercial Solutions for Classified, is a program administered by the United States National Security Agency (NSA) for the handling of classified information. CSfC includes the international standard known as Common Criteria (CC) which is a framework to allow interoperable components in a deployment to be independently tested and certified to certain levels of security performance as specified by their manufacturers.

Although there is some overlap in the subject matter between CS fC and FIPS, they are different standards:

• CSfC is for handling classified information, while FIPS is for handling non-classified information on US government systems

• CSfC is administered by the NSA, while FIPS is administered by NIST (National Institute of Standards and Technology) program

Q: What is TCG Opal 2.0?

A: TCG (Trusted Computing Group) Opal 2.0 is an industry-standard set of specifications for storage devices standardizing security features of self-encrypting drives including key management.

Q: What is an SED?

A: A Self-Encrypting Drive (SED) is a drive that implements at least AES 128-bit encryption within the drive as specified in FIPS 197.

Q: What is drive “hijacking” through firmware?

A: Hackers can be very creative. A team of university researchers in 2018 1 identified a vulnerability that potentially allows a hacker to gain access to encrypted data by hijacking the firmware load process within the drive. The Secure Boot feature combats this vulnerability by validating the firmware load process to prevent untrusted firmware.

Q: What is Secure Boot?

A: Secure Boot is a security feature implemented by drive manufacturers to ensure that the drive firmware is not compromised by hackers during power up.

1https://www.ru.nl/publish/pages/909282/advisory.pdf

Q: What is Write-Protect?

A: Write-Protect is a feature implemented by drive manufacturers to ensure that the data on the drive shall not be overwritten while the feature is enabled, typically through a h ardware jumper.

Q: What is Secure-Erase?

A: Secure-Erase is a feature implemented by drive manufacturers to ensure that data on a FLASH drive is completed purged from a drive in any way. The erase is guaranteed to complete if power is interrupted. Some applications mandate that Secure Erase include specific media overwrite sequences.

Q: How do SSDs differ from traditional magnetic storage devices when it comes to erased data?

A: Erasing on magnetic media leaves behind magnetic “artifacts” that can be used to forensically recover data. These magnetic artifacts can by eliminated by overwriting the media with other data. Various military entities define specific overwrite sequences to ensure that data cannot be recovered.

SSDs are not magnetic, and therefore do not leave behind the artifacts that facilitate forensic data recovery. However, many existing applications still have requirements for military erase sequences—regardless of the storage technology.

Headquarters/North America

T: (+1) 800-956-7627 • T: (+1) 510-623-1231

F: (+1) 510-623-1434 • E: info@smartm.com

Latin America T: (+55) 11 4417-7200 • E: sales.br@smartm.com

T: (+44) 0 7826-064-745 • E: sales.euro@smartm. com

Asia/Pacific T: (+65) 6678-7670 • E: sales.asia@smartm.com Customer Service T: (+1) 978-303-8500 • E: customers@smartm.com