w
w
w.
m
r
c
y.
c
o
m
the host CPU to encrypt every data packet, consuming bandwidth
and limiting the speed of normal computer functions including data
acquisition. The same speed degradation occurs when file encryption
or endpoint encryption software is employed. This functionality can
be moved from the software level and implemented at the hardware
level. The result: The performance of the laptop or work station is
unaffected by the encryption process. Mercury's secure SSD devices
have dedicated hardware to manage the encryption and decryption
processes, leaving the performance of the host system unaffected.
Military systems require reliable high-speed data transfer rates to
capture, process and disseminate sensor data in both benign and harsh
environments. Read and write speeds of a military-grade SSD parallel
that of non-encrypting commercial drives. When used in forward-
deployed defense systems, Mercury's military-grade SSD devices
surpass their commercial counterparts with the ability to maintain
sustained read/write operations rates during (1) extreme temperature
exposure, (2) thermal shock conditions, (3) mechanical shock conditions,
(4) high vibration conditions or any combination of these. Mercury's
secure SSD devices are engineered with rugged enclosures, military-
grade components and NAND flash from trusted sources.
Security
All secure SSD devices use cryptographic algorithms built in to the
controller to encrypt every bit of data stored. Most self-encrypting
drives are designed with Advanced Encryption Standard (AES) 256-bit in
XTS block cipher mode to protect data. With a high entropy key value,
AES 256-bit XTS encryption is virtually impossible to break, even by the
fastest supercomputers today.
Programs securing highly sensitive or classified data require assurance
that the cryptographic algorithms have been correctly implemented.
This assurance process is conducted through validation and certification
at organizations such as the National Institute of Standards and
Technology (NIST) and the National Information Assurance Partnership
(NIAP). These organizations oversee the Federal Information Process
Standards (FIPS) that certify the proper implementation of encryption
algorithms, key management, authentication algorithms and the
Common Criteria certification of encryption protection profiles.
Hardware full disk encryption components obtaining these certifications
can be eligible for the National Security Agency's (NSA) Commercial
Solutions for Classified (CSfC) program for the protection of classified,
secret, and top secret data at rest.
The CSfC program provides solution-level specifications called
Capability Packages (CP) to deliver data security solutions using a
two-layer approach. In the Data at Rest (DAR) CP, data protection is
accomplished by integrating an inner and outer layer of hardware
and software encryption. Mercury's ASURRE-Stor® SSD device is the
inner layer while a file encryption or software full disk encryption
solution is the outer layer. Two independent encryption layers eliminate
the likelihood that a single vulnerability can be exploited in both
simultaneously. Classified, secret and top secret data can be safely
stored when all of the CSfC program requirements are successfully
validated per the CP criteria defined by the NSA, including using
ASURRE-Stor SSD devices and approved software on the NSA's CSfC
component list. For more information on hardware full disk encryption,
please refer to Mercury's whitepaper.
Other security aspects for sensitive military applications should also
be considered. As a hypothetical scenario, consider a commercial SSD
built with a controller designed and manufactured outside of the United
States. This SSD is then integrated into the flight system of a military
UAV. After integration into the platform, all quality checks have passed.
The UAV's flight system is operational. At a later time, this UAV is
executing a mission where a terrorist training facility must be surveyed.
As the drive's total power-on time changes from 0200 to 0201 hours,
a backdoor installed into the SSD's controller is triggered. The flight
system immediately shuts down. The mission is aborted and the UAV is
brought down in unfriendly territory.
Unlike commercial devices, Mercury's ARMOR® processor and its entire
portfolio of secure storage solutions are designed and manufactured
in a Defense Microelectronics Activity (DMEA)-accredited facility for
design, packaging, test and broker services. The ARMOR processor is
designed using Mercury's proprietary BuiltSECURE™ algorithms and
maintains 100% authority over the device programming thus mitigating
the risk of backdoors and unauthorized data access.
Mercury Systems' ASURRE-Stor is the only Full Disk Encryption
hardware eligible for the NSA's CSfC program.
Sanitize
There are a number of advanced methods employed to secure data
and eliminate the possibility of unauthorized access. However, there
are scenarios when data must be rapidly wiped from the drive upon
demand.