Overview of Data Security Methods: Passwords, Encryption, and Erase

Similar documents
Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

Encrypted SSDs: Self-Encryption Versus Software Solutions

XTREMIO DATA AT REST ENCRYPTION

Industrial Flash Storage Trends in Software and Security

Keep Your Data Secure: Fighting Back With Flash

Industrial Grade Embedded Flash Storage Devices

Solid-State Drives with Self-Encryption: Solidly Secure

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

Serial ATA Flash Drive

Data Security using Encryption in SwiftStack

Serial ATA Flash Drive

Serial ATA Flash Drive

Serial ATA Flash Drive

Challenges and Solutions for Effective SSD Data Erasure

Serial ATA Flash Drive

SECURE USB FLASH DRIVE. Non-Proprietary Security Policy

Measuring Interface Latencies for SAS, Fibre Channel and iscsi

Samsung SED Security in Collaboration with Wave Systems

Serial ATA Flash Drive

Serial ATA Flash Drive

Serial ATA Flash Drive

Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates

CHAPTER 11: Flip Flops

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

HP FutureSmart Firmware Device Hard Disk Security

SSD Server Hard Drives for IBM

FLASH USB Introduction ENGLISH

Strategies for Firmware Support of Self-Encrypting Drives

Destroying Flash Memory-Based Storage Devices (draft v0.9)

Features. SSD370S SATA III 6Gb/s SSD. Advanced Global Wear-Leveling and Block management for reliability

Intel Solid State Drive Toolbox

Using Bitlocker to Encrypt your Flash Drive Information Technology Services July 27, 2012

3.1 Backup and Recovery System

1. System Requirements

DESIGNING SECURE USB-BASED DONGLES

AES 256-BIT HARDWARE ENCRYPTED USB FLASH DRIVES & SSD

Opal SSDs Integrated with TPMs

SOLID STATE DRIVES AND PARALLEL STORAGE

Can Flash help you ride the Big Data Wave? Steve Fingerhut Vice President, Marketing Enterprise Storage Solutions Corporation

Tufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device

This is an example of MFP password entry in the administration mode for hard-disk protection:

256-bit AES HARDWARE ENCRYPTED PRODUCT RANGE

256-bit AES HARDWARE ENCRYPTED PRODUCT RANGE

Quick Reference Guide. Online Courier: FTP. Signing On. Using FTP Pickup. To Access Online Courier.

Intel Solid State Drive Toolbox

APPLICATION NOTE. AT07175: SAM-BA Bootloader for SAM D21. Atmel SAM D21. Introduction. Features

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

1-10 The USB PIC K150 microcontroller programmer Hardware version V2.0 File version V2.0 Product Image

High-Performance SSD-Based RAID Storage. Madhukar Gunjan Chakhaiyar Product Test Architect

This user guide describes features that are common to most models. Some features may not be available on your computer.

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

GSM Smart Switch USER GUIDE

Two Factor Authentication. Software Version (SV) 1.0

Intel Solid-State Drive 320 Series

Imation Clip USB 2.0 Flash Drive. Imation Drive Manager Software. User s Manual

Full Drive Encryption Security Problem Definition - Encryption Engine

IBM Crypto Server Management General Information Manual

Nasir Memon Polytechnic Institute of NYU

HIGHSEC eid App Administration User Manual

Solid State Drive (SSD) FAQ

SecureStore I.CA. User manual. Version 2.16 and higher

PowerProtector: Superior Data Protection for NAND Flash

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Intel RAID Controller Premium Feature Key Training

Calsoft Webinar - Debunking QA myths for Flash- Based Arrays

Seagate Instant Secure Erase Deployment Options

Scaling from Datacenter to Client

Unlock the value of data with smarter storage solutions.

Flash Storage: Trust, But Verify

miniflash User Manual

Active Directory (AD) Self-Service

Configuring Drobo Sync for Offsite Backup with Drobo model B800fs

Advances in Storage Security Standards Jason Cox Intel Corporation

Table of Contents. What is Brute Force Attack? 13 How does the diskashur protect against brute force attack? 13

Using AES 256 bit Encryption

SSDs tend to be more rugged than hard drives with respect to shock and vibration because SSDs have no moving parts.

SLC vs MLC: Proper Flash Selection for SSDs in Industrial, Military and Avionic Applications. A TCS Space & Component Technology White Paper

KT-1 Key Chain Token. QUICK Reference. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Firmware Update Instructions for Crucial Client SSDs

How To Set Up A Hard Drive With A Harddrive With A 2Gb Hard Drive (I386) And 2Gb Drive (Amd64) On A Hardrive (I219) (Iee) (Amd66) (Ai219

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

Importing your personal certificate(s) to Microsoft Internet Explorer from a Back-up (or export) file

USB Secure Management for ProCurve Switches

MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia.

Technologies Supporting Evolution of SSDs

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

OmniAccess 3500 Nonstop Laptop Guardian. Release 2.2. What s New?

NAND Flash Memories. Using Linux MTD compatible mode. on ELNEC Universal Device Programmers. (Quick Guide)

SecureD Technical Overview

Transcription:

Overview of Data Security Methods: Passwords, Encryption, and Erase Chris Budd SMART High Reliability Solutions Santa Clara, CA 1

Overview of Data Security Methods Introduction Data Protection Passwords Encryption Write Protect Questions to Ask Conclusion Data Elimination Erasing Overwrite External Triggers Santa Clara, CA 2

Introduction Data security important in all areas of storage Data security has two main components Data Protection Data Elimination Opposites? No. Both guard data from unauthorized access Santa Clara, CA 3

Introduction Data protection guards data from access First step of data security Keeps data for use only by authorized users Includes passwords and encryption Santa Clara, CA 4

Introduction Data elimination guards data from access Must be last step before adversary obtains drive Removes data before adversary can access it Includes erasing encryption key, and possibly data Santa Clara, CA 5

Introduction Additional features for military and industrial Write protect Overwrite after an erase External erase triggers Santa Clara, CA 6

Data Protection Passwords Passwords are similar to combination lock on storage shed ATA specifies 32-byte password Binary: 1 in 256 32 or 1 in 1.16 x 10 77 ASCII: 1 in 95 32 or 1 in 1.94 x 10 63 Automatically locks after reset or power cycle 5 attempts to unlock; then drive must be reset Santa Clara, CA 7

Data Protection Encryption Self-Encrypting Drives (SED) No user or host intervention Could erase encryption key in milliseconds If user did not erase before adversary acquires the drive, then encryption is worthless without a password Santa Clara, CA 8

Data Protection Encryption If no password, adversary has access to data If password set, adversary must break password or remove flash chips Wear leveling places data randomly Similar to jigsaw puzzle with picture distorted Santa Clara, CA 9

Data Protection Write Protect Reasons Protect collected data after mission Protect map data during flight Activation Vendor specific ATA command External pins, but implementation varies Santa Clara, CA 10

Data Elimination Erase First step for SED is erase encryption key Crypto or cryptographic erase Normal read/write access useless Encrypted data remains in NAND Santa Clara, CA 11

Data Elimination Erase Some SSDs may erase data blocks If user set a password, and if SSD includes crypto and block erase Adversary removing flash chips is similar to jigsaw puzzle with all pieces same shape and same blank picture Santa Clara, CA 12

Data Elimination Overwrite Crypto and block erase not always sufficient Some agencies require overwrite IRIG 106-13, Chapter 10 Two overwrites: 0x55, then 0xAA All blocks processed; no exclusions Santa Clara, CA 13

Data Elimination External Triggers If cannot rely on SW erase command Erase based on hardware input Push button or electrical switch Implementation varies Front or back Shorted or power Santa Clara, CA 14

Questions to Ask Crypto or block erase? If block erase, which blocks? Mapping information? User data? Entire contents of NAND flash? Overwrite blocks? Santa Clara, CA 15

Questions to Ask How does user know when drive done? LEDs for states: normal, erasing, initializing? Software commands (S.M.A.R.T. attributes)? Does the drive resume after power cycle? Can end user read entire contents of NAND flash to verify? Santa Clara, CA 16

Conclusion Data protection Passwords and encryption Keeps data only for authorized users Data elimination Crypto erase and block erase No more data; not even for authorized users Santa Clara, CA 17

Conclusion Additional requirements For military and industrial applications Write protect, overwrite, & external erase triggers Ask your SSD vendor tough questions Complete your overall system security design Pass the scrutiny of IA security officer Santa Clara, CA 18

Conclusion SMART High Reliability Solutions Has over 20 years of experience in solid-state storage Knows well the data security requirements of military and industrial applications Ask us your data security questions See us in booth #627 Santa Clara, CA 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information