White Paper

w w w. m r c y. c o m WHITE PAPER Introduction Guns and guards alone can be used to protect high-value data, but it is only a matter of a time before a sufficiently skilled and determined enemy will find a way around these physical defenses. This method is also impractical in situations where data is unattended outside the walls of physical protection. The military system architect must design for the worst-case scenario by assuming a storage device will eventually fall into the hands of an enemy. Once this assumption is accepted, it is the system architect's duty to implement a strategy where unauthorized data access is impractical or impossible. In a previous white paper, Mercury Systems defined the requirements for a secure military-grade SSD device 1 for such a scenario. Readers of that white paper learned of the critical need to leverage Advanced Encryption Standard (AES-256) XTS technology to encrypt and protect data at rest (DAR) in the NAND media of the device. This white paper continues the discussion of holistically integrating security into the design of a secure SSD device by: 1. Clearly articulating the fundamentals of encryption and key classifications, thereby demystifying a highly complex subject for the typical systems architect with no specialized security training 2. Clarifying various encryption key management mode strategies for DAR protection, while highlighting relevant use-case scenarios for each strategy 3. Providing a simple, easy-to-use framework to guide the reader towards the optimal key management mode strategy 2 It is also important to note that there is no universal key management mode strategy that is ideal for every military data storage application. Only by understanding the mechanics of the various key management mode methodologies can the military system architect choose the optimal strategy for each particular mission or program. We maintain that an effective understanding of encryption principles is critical to designing and implementing the most effective key mode strategy for DAR protection. Fundamentals of Encryption and Key Management Security is by no means a simple subject to describe and even more challenging to implement. Therefore, readers without an extensive background in encryption and key management mode philosophies will benefit from a brief explanation of a few key terms and concepts. A basic understanding of this terminology removes the stigma behind the complexity of these topics. To facilitate understanding, we have grouped these topics into logical categories for easy reference of the reader. Assurance: When protecting high-value data with encryption, a user must have assurance that the encrypting hardware or software is effectively securing the stored data. Standards and certifications for encryption algorithms and key management are in place to ensure just that. The National Institute of Standards and Technology (NIST) oversees the Federal Information Processing Standards (FIPS) that provide criteria for the proper implementation of cryptographic algorithms. FIPS 197 validates the correctness of the AES-256 algorithms while FIPS 140-2 provides the standards for key management and authentication algorithms. The National Information Assurance Partnership (NIAP) oversees evaluations of commercial Information Technology (IT) products for use in national security systems. Hardware and software products must meet the criteria established in the relevant Protection Profiles (PP) and pass evaluation by the Common Criteria (CC). Encrypted SSD devices must meet the Authorization Acquisition (AA) and Encryption Engine (EE) protection profiles prior to evaluation for the Commercial Solutions for Classified 3 (CSfC) program. The CSfC program was launched by the National Security Administration (NSA) and the Central Security Service (CSS) to protect classified, secret and top secret data by simultaneously implementing two compliant commercial security components in layers. For more information, readers may refer to Mercury's white paper on hardware full disk encryption technology 4 for the CSfC program. The single goal of a CSfC security solution is to emphatically ensure that no unauthorized user obtains access to highly sensitive data. The CSfC program is particularly relevant for this white paper discussion as only two key management modes are approved for use in devices integrated into fully compliant CSfC solutions. These two modes, introduced later in this paper, include compliance to the aforementioned standards while also incorporating the most stringent key generation, storage, distribution and destruction methods. Encryption Algorithm Types There are two fundamental types of encryption algorithms – symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt data; it is employed for DAR protection. Asymmetric encryption uses different keys for encryption and decryption; it is utilized to protect data in transit (DIT). This white paper discusses key management modes for symmetric encryption (i.e. DAR) only. Asymmetric key management modes for DIT is a subject matter worthy of its own white paper discussion. 2 Cipher Text Plain Text Encryption Symmetric Encryption Decryption Asymmetric Encryption Cipher Text Plain Text Encryption Decryption

• Cover