Data Security CSfC

Military-Grade SSDs Part 4: How Many Licks Does it Take to Get to the Center of a Tootsie Pop: One, Two…

What is the NSA hiding from us???  Hopefully all classified, secret and top secret data!

As part of their recent initiative to leverage commercial technologies in a sophisticated layered approach, the NSA is enabling an alternative to traditional Type 1 security solutions for the protection of data up to the Top Secret level. By adopting these agile commercial innovations, the Commercial Solutions for Classified (CSfC) Program will save time and money for classified programs in all branches of government — from benign data centers to forward-deployed systems in harsh, unsecure environments. While I discuss the CSfC program in this blog post, the CSfC program’s website is the ultimate authority for up to date information.

Read More

Military-Grade Solid State Drives

Military-Grade Secure Solid State Drives Part 3: Diamonds are Forever; Encryption Keys Last Longer

Have you ever forgotten your password for your work laptop and had to go to your IT guy for help to reset it? Imagine if it was that easy when the data on the hard drive was classified or top secret.

Commercial SSDs use basic ATA password to access drive data. Military and government applications require higher security and therefore basic ATA passwords must be strengthened and sophisticated key management techniques employed.  Self-encrypting drives allow for up to 32 character passwords while Mercury drives 64 characters. One technique is to condition the password.  By this you can create a unique suffix to the end of a password that changes with each log-in, making the password impossible to hack.
Read More

AES256bit encryption

Military-Grade Secure Solid State Drives Part 2: Encryption Decoded

In my introduction to military grade SSDs I conjured an image from a familiar movie of a data recorder destroyed by internal combustion to remove evidence of high value data. While the end result is the same, the implementation of self-destruct in the real world can be a bit different than in Hollywood.  In military-grade solid state drives, self-destruction of data or a data storage device happens through sophisticated non-thermal events. Advanced algorithms are used to erase encryption keys, non-volatile NAND flash memory, and controller firmware.  Other mechanisms can be employed to wipe the drive by high powered magnetic exposure. In these scenarios the data and device will be rendered useless with no chance of reverse engineering, but no flames or bodily harm will ensue. Read More