Aerospace and Defense Technology Product Guides, Tech Briefs, and Technical Content
Issue link: https://read.uberflip.com/i/1173296
www.mrcy.com Built-in encryption and key management AES-256 (Advanced Encryption Standard) encryption is the industry standard for sensitive data protection using an encryption/decryption key to transform plain text into cipher text and vice versa. XTS (cypher text stealing) block cipher ensures unique cipher text is produced when encrypting identical blocks of data. Mercury was the first SSD provider to attain NIST FIPS 197 certification for our AES-256 XTS encryption algorithm and XTS is built-in to all our Secure Military Grade SSDs. Common implementations of secure, commercial off-the-shelf (COTS) SSDs require a user to enter a password (ATA password) for drive access. Under this scenario, security is limited to a simple, low-strength, user-defined password. Although effective for some applications, defense solutions require much stronger protection using flexible key management methods. Mercury adds this strength requirement by augmenting ATA password access with: • Random self-generated keys • User-defined permanent keys • Session keys (which are purged if the power is removed) • BLACK keys with KEK featuring encrypted BLACK and key decrypion key (KEK) • External keys fill through SSD ports (RS-232 and DS-101) These additional security implementations ensure that the encryption key is the gating factor that grants access to the stored data. No backdoors A fundamental component of any SSD is its controller which is usually an ASIC device designed and produced in volume by foreign manufacturers. When these controllers are integrated into a SSD there is no reliable way to verify that it is free of "backdoors" or encryption bypass capabilities to thwart security features. In contrast, Mercury's in-house developed ARMOR® drive controller is designed and manufactured in the United States. Mercury has 100% authority over our controller's implementation. Data purge and sanitization When a drive falls in to the wrong hands, the contents of the drive should be wiped or sanitized quickly. In the simplest purge scenario, a remote trigger will initiate and complete a cryptographic erase and the encryption key will be purged in less than 30 milliseconds. Although the cipher text remains on the drive, the cipher text cannot be decrypted without the encryption key. For more sensitive data, additional steps may be necessary to ensure that data is absolutely not accessible. These additional steps may include overwriting of all the data on the drive with non-sensitive data. All storage cells, including spare cells for factory defaults, worn out blocks, wear-leveling and garbage collection should be overwritten. Especially sensitive data may need the assurance of multiple over-write cycles. No two user scenarios are the same. Defense and aerospace applications may require user-configurable sanitization protocols based on the type of data being stored and the application environment. A family of trusted tools Mercury offers multiple user-definable sanitization protocols, including: • TRRUST-Purge® to wipe the encryption key in less than 30ms. • Fast clear with encryption key purge and overwriting of all data in 3 to 8 seconds. • And other common military purge protocols – please contact Mercury for more information. SSD building blocks SSDs are built using NAND flash memory of which there is two types, single-level cell (SLC) and multi-level cell (MLC). Each has its advantages and disadvantages. SLC-based NAND flash offers the highest level of endurance and temperature robustness for the preservation of critical data. SLC NAND is ideally suited to applications that write continually or that run remotely/unattended and where service is difficult at best. MLC-based NAND flash offers lower levels of read/write endurance by a factor of 10 or more. MLC NAND is ideally suited to large volume storage for a limited time (e.g. flight data recorders). Mercury's offers both SLC, MLC, and TLC flash memory variants of our Secure Military Grade SSDs. Data preservation COTS SSDs are engineered to last at least as long as their warranty and may not provide extended-term data retention. Some COTS SSDs include firmware algorithms to reduce read/write speeds under high utilization conditions to minimize early failures. This may cause critical data to be lost during record. Mercury has full authority over our controller which we optimize for read/write performance, even under sustained and heavy loading.