What is hardware-based disk encryption?

Q: Encryption is a critical step for data security, but haven’t all the concerns of Homeland Security made this an extraordinarily tough space within which to introduce a new solution?

After 9-11, security concerns have contributed to the rapid growth in the market for all types of data security. While there has definitely been a large influx of security vendors into the market, the demand for security solutions – especially easy to use and audit solutions – has grown even faster. We’re in the fortunate situation of offering something truly unique in hard drive encryption.

Even in a crowded market, there’s always room for a better way to do things, and that’s what our hardware-based approach to hard drive encryption provides. Not only do we help provide a higher level of security as defined by NIST (SecureD has achieved FIPS 140-2 level 3 validation), but we provide companies with absolute proof of data protection if a computer is lost or stolen. Nobody else can. As regulatory requirements grow throughout the industry, we’ve been finding the “auditability” of our solution is one of our biggest selling points.

Q: Just some nuts and bolts: what kind of encryption are you using? How many “bits” comprise the basic key? Is it public key or some different setup?

SecureD products use a 256-bit AES encryption and a 256-bit key. The key itself is split -- half is on a 64k smart-card, which itself is TDES encrypted. The other half is held onboard our proprietary circuit. There are no passwords to remember, instead, you simply must possess the smart-card token in order to have any access to the hard drive. Without the smart-card, the drive is useless.

Q: Tell us about the actual implementation too: is this something where I can buy a dongle and just plug it in between the hard drive and the computer itself so that anyone who just pulls the drive has unreadable information? If not, exactly how is a hardware encryption system added into a system?

The easiest way to understand our implementation is to add our technology to your desktop. Crack open the case, pop in our PCI card, and then use the small included data cable to wire the PCI card into the middle of the data path (i.e.: it is physically between the mother-board and the HDD). It functions independently of the rest of the computer, encrypting and decrypting data as it goes to and from the hard drive.

For laptop and external storage (USB drive) applications, we've simply packaged our circuitry together with a small form-factor disk drive. We can package it all in the same size module as your original laptop drive, so all you have to do is swap it out.

[In any case, if you are upgrading to our system, you will have to re-image the disk after installation.]

Q: Seagate has a hardware encryption system, but you believe yours is better. Why?

Inexplicably, Seagate gave the end user the ability to turn the drive's encryption completely off, and because of that, they had to layer on a server-based administration package for auditing. So unlike SecureD, if a computer with Seagate’s solution is stolen, there’s still a need to provide evidence that the hard drive encryption was operable at the time of the loss.

Our solution is far more elegant. The end user gets 100% protection with no settings to tweak, and no protocols to follow. As a result, compliance becomes a non-issue. In fact, compliance is as easy as asking the user to confirm that he still has his smart-card. In a worst-case scenario, there is absolutely no question whether the drive was encrypted, is encrypted, and the data is safe -- if you possess the key-card, thieves cannot possess your data.

It’s also important to note that the Seagate drives have not been certified by either FIPS or Common Criteria, the two most important certifications for encryption buyers.

Q: Most vendors are using software-based encryption, which is obviously cheaper. Why use hardware for encryption when it suffers from all the regular problems of hardware, including higher cost, impossibility of upgrades, etc?

Actually, if you look at the total cost of ownership, the hardware-based approach is cheaper and easier – and you can also save dramatically in the event of a lost or stolen computer. On a simple per-seat basis, our product appears to be more expensive to purchase initially, but it quickly makes up for that by eliminating many of the complexities of a software roll-out. We require no user training, no server infrastructure, no annual license fees, no tech support costs, and no endless upgrades each time you patch your OS. Over the computer's life, we think you'll see a significant savings.

Q: Does your hardware solution support Mac OS X? Linux? Windows? If so, does that mean that I could plug and play hardware encrypted devices from the different operating systems without worrying about encryption hiccups?

SecureD is compatible with all operating systems and all file systems…It is “invisible” to the OS/FS because there is no software to cause incompatability. I'm not a file system expert, so I can only answer like this: If you have a SecureD encryption device (desktop, laptop or USB), and if the key-card is present, then your hard drive functions EXACTLY like any other hard drive. When the key-card is not present, the drive cannot be read. Its just that simple.

Q: Do peripherals like thumb or flash drives cause a problem and/or is there a way to have them encrypted using your system?

We do not presently support other media. Stay tuned for new product announcements as our team of cryptologists and circuit designers continues to make encryption simple, safe and effective.

SecureD(r) was developed and is owned by High Density Devices AS (HDD). SecureD has been awarded more than $8 million of congressional funding over the years 2002 - 2006 in the Common Information Centric Security Project (CICS).

CICS is tasked with industrializing the SecureD(r) technology to "Achieve a common method for defence and civil industry to secure data that can utilize the advantages of economy of scale."

The CICS project includes resources from the Space and Naval Warfare Systems Command (SPAWAR), the Office of U.S. Secretary of Defense (OSD), Sun Microsystems (StorageTek), TECHSOFT, Inc., and HDD. The highly prestigious CICS project has received both international and national recognition.

In addition, SecureD(r) has received Federal Information Processing Standards (FIPS) 140-2 Level 3 certification, as well as Common Criteria Evaluation Assurance Level 4 certification.

SecureD(r) is available in laptop, desktop, and portable pocket USB versions. All data is encrypted in real-time, and SecureD(r) utilizes the strongest real-time encryption algorithms available and does not require user interaction or maintenance.

High Density Devices is a member of Trusted Computing Group.

Got all of that? Me, I just wish they had a Mac version where I could pull apart my laptop, install it, and forget about it, knowing that my MacBook Pro was that much more safe and bulletproof...