Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Hardware-based full disk encryption AI simulator
(@Hardware-based full disk encryption_simulator)
Hub AI
Hardware-based full disk encryption AI simulator
(@Hardware-based full disk encryption_simulator)
Hardware-based full disk encryption
Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, and Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.
Hardware-FDE has two major components: the hardware encryptor and the data store. There are currently four varieties of hardware-FDE in common use:
Hardware designed for a particular purpose can often achieve better performance than disk encryption software, and disk encryption hardware can be made more transparent to software than encryption done in software. As soon as the key has been initialised, the hardware should in principle be completely transparent to the OS and thus work with any OS. If the disk encryption hardware is integrated with the media itself the media may be designed for better integration. One example of such design would be through the use of physical sectors slightly larger than the logical sectors.
Usually referred to as self-encrypting drive (SED). HDD FDE is made by HDD vendors using the OPAL and Enterprise standards developed by the Trusted Computing Group. Key management takes place within the hard disk controller and encryption keys are 128 or 256 bit Advanced Encryption Standard (AES) keys. Authentication on power up of the drive must still take place within the CPU via either a software pre-boot authentication environment (i.e., with a software-based full disk encryption component - hybrid full disk encryption) or with a BIOS password. In additions, some SEDs support IEEE 1667 standard.
Hitachi, Micron, Seagate, Samsung, and Toshiba are the disk drive manufacturers offering Trusted Computing Group Opal Storage Specification Serial ATA drives. HDDs have become a commodity so SED allow drive manufacturers to maintain revenue. Older technologies include the proprietary Seagate DriveTrust, and the older, and less secure, PATA Security command standard shipped by all drive makers including Western Digital. Enterprise SAS versions of the TCG standard are called "TCG Enterprise" drives.
Within a standard hard drive form factor case the encryptor (BC), key store and a smaller form factor, commercially available, hard disk drive is enclosed.
Examples include Viasat UK (formerly Stonewood Electronics) with their FlagStone, Eclypt and DARC-ssd drives or GuardDisk with an RFID token.
The inserted hard drive FDE allows a standard form factor hard disk drive to be inserted into it. The concept can be seen on
Hardware-based full disk encryption
Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, and Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.
Hardware-FDE has two major components: the hardware encryptor and the data store. There are currently four varieties of hardware-FDE in common use:
Hardware designed for a particular purpose can often achieve better performance than disk encryption software, and disk encryption hardware can be made more transparent to software than encryption done in software. As soon as the key has been initialised, the hardware should in principle be completely transparent to the OS and thus work with any OS. If the disk encryption hardware is integrated with the media itself the media may be designed for better integration. One example of such design would be through the use of physical sectors slightly larger than the logical sectors.
Usually referred to as self-encrypting drive (SED). HDD FDE is made by HDD vendors using the OPAL and Enterprise standards developed by the Trusted Computing Group. Key management takes place within the hard disk controller and encryption keys are 128 or 256 bit Advanced Encryption Standard (AES) keys. Authentication on power up of the drive must still take place within the CPU via either a software pre-boot authentication environment (i.e., with a software-based full disk encryption component - hybrid full disk encryption) or with a BIOS password. In additions, some SEDs support IEEE 1667 standard.
Hitachi, Micron, Seagate, Samsung, and Toshiba are the disk drive manufacturers offering Trusted Computing Group Opal Storage Specification Serial ATA drives. HDDs have become a commodity so SED allow drive manufacturers to maintain revenue. Older technologies include the proprietary Seagate DriveTrust, and the older, and less secure, PATA Security command standard shipped by all drive makers including Western Digital. Enterprise SAS versions of the TCG standard are called "TCG Enterprise" drives.
Within a standard hard drive form factor case the encryptor (BC), key store and a smaller form factor, commercially available, hard disk drive is enclosed.
Examples include Viasat UK (formerly Stonewood Electronics) with their FlagStone, Eclypt and DARC-ssd drives or GuardDisk with an RFID token.
The inserted hard drive FDE allows a standard form factor hard disk drive to be inserted into it. The concept can be seen on