Encryption in NAND Storage Devices – Data Safety as a PriorityBy X PHY / December 3, 2021 March 14, 2023 Data Protection with Encryption It’s been a long while that cyberattacks have been disrupting operations of organizations. It is often reported that a threat actor got access to a system, stole and/or encrypted all the files and left a threatening message. All the data stored on the drive is vulnerable to theft if the drive itself isn’t secure. What should be the solution if it keeps happening despite tens of security layers outside the system? Here’s what we think. The drive should be secure at the firmware level. It should have a self-locking feature that protects the data in motion even when the external security layers fail to protect it. Moreover, enabling the commonly available hardware level encryption works only when data is at rest, so it’s not a promising option for when the drive is in use. Advanced Encryption Methods AES Algorithm For modern encrypted SSDs, a 128- or 256-bit AES algorithm is used along with two symmetric encryption keys. The first key is the Encryption Key, that functions for encrypting the drive data. If it’s an AES-256 bit encryption in a drive, the encryption key would be a 256-bit number generated randomly. This encryption key is always stored on the drive in an encrypted form, hidden and unknown to even the manufacturer. The hardware-based AES disk encryption is performed by the SSD drive controller, following which the host is relieved from crypto processing duties. RSA Algorithm RSA security is another cryptographic algorithm. It is Asymmetric, which means it works on two keys, public and private. RSA uses the fact that a large integer is difficult to factorize. Hence, its public key comprises two numbers, one of which is achieved by multiplication of two prime numbers. The private key is also generated from the same large prime numbers, so if the large integer is factorized, the keys may be compromised. Considering the possibility of factorization, the encryption is as strong as the length of the key. Moreover, if the key size is doubled, the encryption strength gets multiplied. A typical RSA key can be 1024 or 2048 bits long. TCG OPAL 2.0 software ATA security is a great tool, but it lacks some advantages of OPAL 2.0-compliant SSDs. ATA security also has limited availability, as not all motherboards have it, and without access to BIOS code, the security level of the authentication process can’t be determined. Certified third-party encryption software are also used for better encryption. An Opal drive layout includes the MBR Shadow and multiple user ranges. Encrypted SSDs should be OPAL 2.0-compliant for optimal performance and they are designed to minimize write amplification. An OPAL support software must also be used because the specification is not backwards-compatible. Firmware Level Security for SSDs and NAND products Solid-State Drives have proven to be the replacement for HDDs. Therefore, it’s inevitable that SSDs should have an encryption feature to prevent data loss at all costs. Such a drive is also called a Self Encrypting Drive (SED). Considering the SSDs, the host data travels through the controller and firmware for the inbound and outbound data stream with no close communication between the software defenses and device firmware. Hence, it opens loopholes for cyber-threats that can bypass the software defense and attack the firmware. Therefore, SSDs need security at the firmware level, as neither hardware level nor software level security suffices for the protection of data stored in an SSD. Flexxon Encryption Algorithms Flexxon also uses the most advanced encryption algorithms other than the standard algorithms. Many of Flexxon’s products like USBs are AES-XTS 256-bit, RSA 2048-bit, SHA 256-bit, and RoHS compliant. Many of our NAND storage solutions support AES/TCG OPAL encryption. Intelligent Destruction in Military Grade SSD Apart from encryption, another security layer can be added to extremely sensitive information, called the intelligent destruction. Intelligent Destruction is a data destruction feature for military grade SSDs. FLEXXON 2.5” SSD supports Intelligent Destruction, which could destroy all the data quickly and completely. This feature is handy for use in sensitive operations like those of the military, and SSDs with this feature can quickly erase all drive data upon captivity. No information will be accessible or usable in case the SSD falls into wrong hands. How does it work? The P13 pin on the SATA connector is defined as an intelligent destruction trigger signal. In a low-level pulse of the width of at least 2s, the data destruction process is executed at any working status of SSD. The data cannot be recovered after intelligent destruction but the SSD can be reused after running a format operation. P14 is defined as monitoring pin during the intelligent destruction. The data destruction process can be viewed by connecting a LED to the positive power supply. It is important to note that the Intelligent destruction is an irreversible process. Once it is performed on a drive, the erased content is unrecoverable. In some cases, the Intelligent destruction process might be interrupted by an unexpected power cycle of the SSD but the process will restart once SSD power is resumed. Why Encryption Alone isn’t Enough! Data encryption serves as an essential component of cybersecurity in order to keep the information stored on a system secure. However, just like Multi-factor authentication, data encryption is also prone to bypass. Expert hackers have proved it in the last decade that data encryption can be bypassed to have unauthorized access to information. Therefore, we need new technologies to take over as an added layer of security to encryption techniques. On the other hand, social engineering, phishing, poor password practice, internal data theft, forgetting to update software patches, lost or stolen devices, etc. are some common reasons for cybersecurity breaches. Around 21% of data breaches occur due to lost or stolen devices and internal data theft. On the contrary, no security solution in the market offers physical protection that is crucial in lowering the rate of cybercrimes and data theft. This is precisely why AI-embedded cybersecurity solutions are needed for physical protection of data as well. Artificial intelligence can serve as a barrier between your data and the cybercriminal. Next Generation NAND Storage Devices This leads to the next generation of NAND storage devices; with embedded intelligent, holistic, and easy-to-use cybersecurity solutions that ensure the highest levels of protection. With AI embedded at the firmware level, this revolutionary innovation delivers real-time AI protection to detect and defend against the ever-growing cyber threats worldwide, to provide users with a much better cyber security posture. Real-Time Data Protection with X-PHY® SSD For this purpose, we designed our X-PHY® SSD with an encryption feature at the firmware level to thwart all cyber attacks while the data securely resides in the SSD. The encryption is introduced to ensure that in case of a cyber attack or a physical attack, an SSD should be able to defend itself at the firmware level. It should be able to lock and protect the data stored in it instead of giving it all up to cyber criminals. With this ability, SSDs help enable real-time data protection against all sorts of known and unknown malware and ransomware, as well as against hardware and physical attacks. How Does X-PHY® SSD Work? The X-PHY® SSD is the first-ever standalone embedded firmware controlled AI cybersecurity SSD at the NAND storage level to prohibit cyber threats and reduce dependency on the vulnerable software. This embedded cybersecurity solution uses advanced AI Co-Processor Quantum Engine that revolutionizes the AI Embedded cybersecurity storage facilities. It can quickly encrypt data when a threat is suspected to prevent data access for criminals and unauthorized people. In extreme cases, it can also be enabled for intelligent destruction of data to avoid data theft. Conclusion Hence, keeping the above points in mind, it is best to have Industrial NAND storage that has a built-in AI capability of encrypting its data at the time of need. This will ensure that data is protected at all costs and the confidentiality and integrity of an organization will not be compromised in case of a cyber or physical attack. Having compliance with the most advanced technological encryption methods would ensure that the encryption can’t be decrypted to access data if it falls in wrong hands. Moreover, our NAND storage products can be activated for the advanced data wipeout feature. It’s extremely useful when highly sensitive information is at stake. This feature if enabled would make sure that the data is securely wiped out from the storage if unauthorized access is attempted. Innovations like these hold a great promise for this era when data theft is so common and information security is at stake at all times. If you’d like to discuss your options at Flexxon, or if you want to consult with an expert, get in touch and we’d be happy to assist you. Contact: [email protected] Share This On Your Favorite Social Media!