Military-Grade SSDs Part 4: How Many Licks Does it Take to Get to the Center of a Tootsie Pop: One, Two…
July 6, 2018
What is the NSA hiding from us??? Hopefully all classified, secret and top secret data!
As part of their recent initiative to leverage commercial technologies in a sophisticated layered approach, the NSA is enabling an alternative to traditional Type 1 security solutions for the protection of data up to the Top Secret level. By adopting these agile commercial innovations, the Commercial Solutions for Classified (CSfC) Program will save time and money for classified programs in all branches of government -- from benign data centers to forward-deployed systems in harsh, unsecure environments. While I discuss the CSfC program in this blog post, the CSfC program’s website is the ultimate authority for up to date information.
The CSfC program provides solution-level specifications called Capability Packages (CP) to deliver data security solutions using approved components from participating technology leaders. In the Data at Rest (DAR) CP, data protection can be accomplished by integrating an inner and outer layer of hardware and software encryption. A self-encrypting solid state drive, like the Mercury ASURRE-Stor SSD, is the inner layer, while a file encryption or software full disk encryption solution is selected as the outer layer. These two independent components using advanced encryption standard (AES) with 256-bit keys incorporate different encryption algorithms. This approach eliminates the likelihood that a single vulnerability can be exploited in both security layers simultaneously. Classified, secret and top secret data can be safely stored if all of the CSfC program requirements are successfully validated per the CP criteria defined by the NSA. It is absolutely imperative to use only hardware and software solutions approved by the NSA and included on the NSA's CSfC component list.
In my previous posts, I discussed the value of AES256 XTS encryption and the FIPS certifications validating encryption, key management and authentication algorithms. Before applying for CSfC eligibility, a company must certify their hardware or software through NIAPs Common Criteria (CC) program under the proper protection profiles for the capability package they intend to support. The criteria to meet these profiles is complex and rigorous. It is a lengthy and rigorous development and evaluation process, but significantly less than qualifying a Type 1 solution which can take more than 3 years and millions of dollars. Still more than 50% of companies that start down the path for CC drop out before they reach certification because of the difficultly, per a discussion my colleague had with a representative from NIAP.
The process for Mercury wasn’t without challenges, as we were the first and still only hardware full disk encryption (HWFDE) solution to successfully complete the entire process. At the beginning of our development, the implications of some of the protection profile requirements were open to interpretation. It wasn’t until farther along in our development that we reached clarity and changes needed to be made. Our expertise in agile development processes enabled us to quickly implement solutions in our SSD that met all HWFDE requirements. In addition, as some of the requirements evolved over time, we were able to easily adapt and provide changes quickly to the certifying labs. This was possible only because our entire drive, both hardware and software, is developed here in our Phoenix, Arizona Advanced Microelectronics Center. Our hard work paid off! Our security algorithm testing, source code review and operational testing all passed on the first submission. The labs were impressed, which is a testament to our dedicated and skilled engineering team.
Becoming a CSfC component supplier is one part of the CSfC process. Developing, integrating and registering a CSfC solution in accordance to the CPs is the next step. Each CSfC solution must be reviewed and certified by the NSA for each unique end application -- even if the same hardware and software components are used and integrated the same way. To make this process easier, the NSA has established a program for trusted CSfC integrators. These companies, or more precisely their processes and teams, have been approved by the NSA to assemble and integrate components in accordance with the appropriate CP. They are responsible for (1) testing the resulting solution, (2) providing a body of evidence to the solution Authorizing Official (AO)/Designated Approving Authority (DAA), (3) maintaining the solution and (4) serving as the first line of response in troubleshooting or responding to security incidents. Using a CSfC solution integrator removes the burden from the end customer and component suppliers, thereby reducing risk and time to market without compromising security.
Mercury Systems is hosting a DAR-focused CSfC Technology Day forum on Tuesday, October 2, 2018 in Baltimore, MD. This one-day event brings together the CSfC ecosystem of component suppliers, trusted integrators and companies implementing CSfC solutions. If you would like more information about this event, please email us at Secure.SSD@mrcy.com.