Military-Grade Secure Solid State Drives Part 2: Encryption Decoded
June 4, 2018
In my introduction to military grade SSDs I conjured an image from a familiar movie of a data recorder destroyed by internal combustion to remove evidence of high value data. While the end result is the same, the implementation of self-destruct in the real world can be a bit different than in Hollywood. In military-grade solid state drives, self-destruction of data or a data storage device happens through sophisticated non-thermal events. Advanced algorithms are used to erase encryption keys, non-volatile NAND flash memory, and controller firmware. Other mechanisms can be employed to wipe the drive by high powered magnetic exposure. In these scenarios the data and device will be rendered useless with no chance of reverse engineering, but no flames or bodily harm will ensue. Other security features unique to military-grade secure drives are:
- the cryptographic algorithms
- key management
- fast erase
- sanitization protocols
Self-encrypting drives use an encryption engine built into the SSD’s controller to encrypt every file stored on the drive. Most self-encrypting drives are designed based on Advanced Encryption Standard AES 256-bit in XTC block cipher mode to encrypt and protect data at rest. AES 256 bit XTC encryption is used worldwide and virtually impossible to decode even by the fastest computers.
This is because the key is 256 bits long which means with each added bit the number of possible keys double. So the number of keys is 2256, which if you do the math, the possible number of key combinations is this 78 digit number 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936. This number is so enormous that our human brains cannot comprehend its magnitude. It is exponentially bigger than the number of atoms in the perceivable universe.
So back to security in solid state drives; now you see why AES256 XTC is so important to encryption of data and key management in a solid state drives. However, even if a drive uses an AES265 XTC designed encryption engine, how do you know if the cryptographic algorithms have been implemented properly?
Envision a typical defense scenario of a UAV collecting surveillance data of an enemy camp from its on-board sensors. The video and inferred data collected will be used to identify high value targets. The data recorder may also contain details of the mission, location of operatives and maps. The ground team needs assurance that if this UAV is detected and captured, that data is safe from enemy forces. Security must be guaranteed or the mission and lives will be jeopardized.
Military systems get this assurance through validation and certification. The National Institute of Standards and Technology (NIST) oversees the Federal Information Process Standards (FIPS) that certify the implementation of encryption algorithms. FIPS-197 is the certification that verifies that AES256 has been implemented correctly. Mercury was the first to market with a FIPS-197 certified encrypted drive with our TRRUST-Stor family.
Data secured by AES256 XTC is safe from hackers and enemies alike for now, possibly until quantum computers are capable of the task which could be sooner than we’d like to think. Quantum computers aside, can you guess how long it would take to decrypt a 256bit key with today’s supercomputers? I’ll reveal the answer in my next blog when I continue our look at data security in military-grade solid state drives.