Issue link: https://read.uberflip.com/i/1173416
www.mrcy.com INNOVATION THAT MATTERS ® Corporate Headquarters 50 Minuteman Road • Andover, MA 01810 USA (978) 967-1401 • (866) 627-6951 • Fax (978) 256-3599 Future Directions in Key Management Modes In Modes 0 through 6, the secure SSD operates as a data drive, independent of the host operating system. The host BIOS sends the ATA password and key to the SSD device to authenticate and access the drive after the system has booted. We now introduce the concept of secure boot for a secure SSD. In secure boot mode, the host system will be configured to boot from an external device such as a USB flash drive containing a secure boot operating system and necessary encryption key. After the initial firmware is loaded with key and soft boot initiated, the drive operates normally. As an example of practical secure boot implementation, consider a CO designing a new security implementation. A secure SSD with secure boot functionality is installed into a laptop as a boot drive. Because the laptop is easily portable, it would be a security risk to enable the laptop BIOS to initiate secure boot functionality. Instead, the CO loads a special secure boot operating system onto a USB flash drive. This secure boot operating system is designed to work only with the particular secure SSD installed in this laptop. The end user is required to insert the USB flash drive and boot a small authentication-collecting program from the flash drive. The flash drive, containing the authentication firmware, challenges the user for authentication parameters such as a strong passphrase or even an encryption key value. The authentication information collected by the firmware is then conditioned and filled into the SSD. After this, a soft boot is applied and the SSD is then able to perform normal read and write operations. It is important to note that the encryption key is filled into the device through the secure boot operating system. Readers interested in the implementation of secure boot mode are encouraged to contact Mercury Systems at Secure.SSD@mrcy.com. Conclusion Properly securing military data can be a daunting task, particularly for those with no formal background in encryption and key management mode methodologies. In this white paper, we have introduced these principles, in addition to a simple reference guide to facilitate the key management mode selection process. Not every question can be answered in a white paper such as this, nor can every mission be clearly defined along the parameters discussed. For more assistance selecting and implementing the right key management mode for a specific application or mission, readers are encouraged to contact Mercury Systems at Secure.SSD@mrcy.com for direct assistance. Table of Acronyms Acronym Abbreviation AES Advanced Encryption Standard CC Common Criteria CO Crypto Officer CSfC Commercial Solutions for Classified Program CSS Central Security Service DAR Data at Rest DEK Data Encryption Key DIT Data in Transit EE Encryption Engine FIPS Federal Information Processing Standards IT Information Technology KEK Key Encryption Key NIAP National Information Assurance Partnership NIST National Institute of Standards and Technology NSA National Security Administration PP Protection Profile SKL Secure Key Loader SSD Solid State Drive About The Authors Jennifer Keenan is the Product Marketing Manager for the Microelectronics Secure Solu- tions group in Phoenix, Arizona. Jennifer has a Bachelor's Degree in Marketing from Florida State University. Philip Fulmer is the Senior Director of Product Marketing for the Advanced Microelectronics Solutions group in San Jose, California. Philip has a Bachelor's degree in Chemistry from the University of Scranton and a Master's Degree in Materials Science & Engineering from the University of Texas at Austin. Mercury Systems and Innovation That Matters are registered trademarks of Mercury Systems, Inc. Other products mentioned may be trademarks or registered trademarks of their respective holders. Mercury Systems, Inc. believes this information is accurate as of its publication date and is not responsible for any inadvertent errors. The information contained herein is subject to change without notice. Copyright © 2018 Mercury Systems, Inc. 3465.00E-1018-wp-key-mgmt 1 See https://bit.ly/2KXGEHf 2 These guidelines are provided for reference only. Readers are encouraged to consult with key management experts to determine the optimal strategy. Nonetheless, the principles outlined in this white paper can greatly facilitate key management philosophical discussions. 3 See https://www.nsa.gov/resources/everyone/csfc/ 4 See https://bit.ly/2MG3fsW