In military environments, seconds can be the difference between life or death and mission success or failure. A soldier in hostile territory needs their mobile system to rapidly process sensor data to accurately analyze threats and take action. Intelligent sensor systems using artificial intelligence (AI) to make automatic critical decisions without human intervention rely on sophisticated algorithms to process sensor data real-time at the point of generation to ensure a rapid and accurate decision can be made. This real-time processing of data at the point of generation and consumption, decentralized from a data center or the cloud, is Edge Processing. Each local system or device at the “edge” is self-sufficient to collect, process, store and disseminate data into action enabling the intelligent sensor and effector mission systems our military needs to carry out daily operations. These systems that enable mobile computing and artificial intelligence could be part of an unmanned aerial vehicle (UAV),unmanned ground vehicle (UGV) or a base camp collecting surveillance data of its surroundings to warn of incoming threats.
In my prior three posts, I provided an overview of encryption key fundamentals and the various encryption key mode strategies that can be implemented in a Mercury secure SSD. If you did not read those, stop everything and go back to them now! Or, stay here, keep reading and you’ll find a simple, easy-to-use process flow diagram to guide you to the best key management mode for your application.
It is important to note, these are only general guidelines. If you have questions or doubts, consult with a security implementation expert. In this entry, I will also share our new key management mode for secure boot which is under development and releasing soon.
The first question to ask when getting started: will the data be stored on an end user device for a CSfC-approved implementation? If so, the key management mode options are limited to either Mode 1 or Mode 6. If the program is a black key program, Mode 6 is required.
If your data storage implementation is not intended for the CSfC program, answering these questions below will help in your decision:
- Is data recovery after key purge required? The answer to this question determines whether you need a self-generated key (Mode 1) or a user-generated key (Modes 2 through 6).
- Is the program a black key program? If so, Modes 5 and 6 are appropriate. Mode 6 includes an ATA password authentication, which is recommended unless there is a specific justification to avoid doing so.
- If not a black key program, is automatic key purge beneficial or required for the mission? Session keys provide automatic key purge when power is removed from the device.
- Is the added security layer of an ATA password required for the specific security implementation? If unsure of the answer to this question, it is best to err on the side of caution and implement an ATA password.
In the first two posts of this series, I reviewed fundamental terms and concepts of encryption key classifications and discussed roles of passwords versus keys and hash algorithms. In this post, I will provide detail on each key management mode available on a Mercury secure SSD, not all of which may be supported by other SSD manufacturers.
Encryption Key Modes
While the complexity of implementation increases from one mode to the next in the following discussion, end user responsibility also increases. It is imperative to ensure that end users have the proper knowledge, training and infrastructure to successfully create, store, protect and distribute encryption keys and passwords. With these capabilities, the flexibility and security benefits of the more complex modes can be fully realized. Read More
In my first post of this series, I explained terms relating to encryption keys and the standards that exist governing encryption key algorithms. Now I will spend some time on ATA passwords and how they correlate to encryption keys.
Clarifying the Functions of an Encryption Key and ATA Password
The role of an encryption key is commonly confused with the role of an ATA password.
The only purpose of an encryption key is to convert data to cipher text so it is illegible to anyone accessing the data without proper authorization and to then decrypt data back to plain text.
Imagine a US operative on a covert mission is comprised in enemy territory. His laptop, now in the hands of the enemy, contains highly sensitive data stored on the factory-installed SSD and protected only by his 12-character Windows password. A skilled adversary using a brute force attack will quickly gain access to this data. Would you feel safe having our national interests stored on the same type of drive as your laptop? Without the use of a secure storage device with properly implemented encryption and encryption keys, data could easily fall into the enemy’s hands.
Don’t believe what they say…Size DOES Matter!
In this case the smaller the better – especially in the constrained spaces of an aircraft cockpit or an unmanned vehicle where every inch is precious real estate needed for additional functionality, including massive amounts of sensor processing. These applications require the latest field-programmable gate array (FPGAs), graphics processing units (GPUs), and Intel Xeon processors with the support of high-speed dense memory to ensure peak performance with extremely low latency for mission success.
I used to work for a company that required us to remove any proprietary data from our laptop hard drive prior to traveling to some countries overseas. I didn’t know if it was because they could secretly access my hard drive as soon as I passed through immigration, or maybe a government-run internet meant any foreign user access would be monitored, recorded, and analyzed! I didn’t understand the multitude of threats to data security, which also includes backdoors designed into untrusted hardware that can lie dormant until triggered by an outside force. At the time, I did not have access to classified or top secret data, as I was working for a commercial company, but imagine if I did have high value data. What if a backdoor was triggered once I logged onto an unsecure foreign network? What if that backdoor initiated a complete download of my hard drive without my knowledge? All because my employer trusted a commercial SSD without strict supply chain management of foreign-made components.
What is the NSA hiding from us??? Hopefully all classified, secret and top secret data!
As part of their recent initiative to leverage commercial technologies in a sophisticated layered approach, the NSA is enabling an alternative to traditional Type 1 security solutions for the protection of data up to the Top Secret level. By adopting these agile commercial innovations, the Commercial Solutions for Classified (CSfC) Program will save time and money for classified programs in all branches of government — from benign data centers to forward-deployed systems in harsh, unsecure environments. While I discuss the CSfC program in this blog post, the CSfC program’s website is the ultimate authority for up to date information.
Have you ever forgotten your password for your work laptop and had to go to your IT guy for help to reset it? Imagine if it was that easy when the data on the hard drive was classified or top secret.
Commercial SSDs use basic ATA password to access drive data. Military and government applications require higher security and therefore basic ATA passwords must be strengthened and sophisticated key management techniques employed. Self-encrypting drives allow for up to 32 character passwords while Mercury drives 64 characters. One technique is to condition the password. By this you can create a unique suffix to the end of a password that changes with each log-in, making the password impossible to hack.
In my introduction to military grade SSDs I conjured an image from a familiar movie of a data recorder destroyed by internal combustion to remove evidence of high value data. While the end result is the same, the implementation of self-destruct in the real world can be a bit different than in Hollywood. In military-grade solid state drives, self-destruction of data or a data storage device happens through sophisticated non-thermal events. Advanced algorithms are used to erase encryption keys, non-volatile NAND flash memory, and controller firmware. Other mechanisms can be employed to wipe the drive by high powered magnetic exposure. In these scenarios the data and device will be rendered useless with no chance of reverse engineering, but no flames or bodily harm will ensue. Read More