It\u2019s been a long while that cyberattacks have been disrupting operations of organizations. It is often reported that a threat actor got access to a system, stole and\/or encrypted all the files and left a threatening message. All the data stored on the drive is vulnerable to theft if the drive itself isn\u2019t secure. What should be the solution if it keeps happening despite tens of security layers outside the system? Here\u2019s what we think. The drive should be secure at the firmware level. It should have a self-locking feature that protects the data in motion even when the external security layers fail to protect it. Moreover, enabling the commonly available hardware level encryption<\/a> works only when data is at rest, so it\u2019s not a promising option for when the drive is in use.<\/p>\n For modern encrypted SSDs, a 128- or 256-bit AES algorithm is used along with two symmetric encryption keys. The first key is the Encryption Key, that functions for encrypting the drive data. If it\u2019s an AES-256 bit encryption in a drive, the encryption key would be a 256-bit number generated randomly. This encryption key is always stored on the drive in an encrypted form, hidden and unknown to even the manufacturer. The\u00a0hardware-based AES disk encryption<\/a>\u00a0is performed by the SSD drive controller, following which the host is relieved from crypto processing duties.<\/p>\n RSA security is another cryptographic algorithm. It is Asymmetric, which means it works on two keys, public and private. RSA uses the fact that a large integer is difficult to factorize. Hence, its public key comprises two numbers, one of which is achieved by multiplication of two prime numbers. The private key is also generated from the same large prime numbers, so if the large integer is factorized, the keys may be compromised. Considering the possibility of factorization, the encryption is as strong as the length of the key. Moreover, if the key size is doubled, the encryption strength gets multiplied. A typical RSA key can be 1024 or 2048 bits long.<\/p>\n ATA security is a great tool, but it lacks some advantages of OPAL 2.0-compliant SSDs.<\/a> ATA security also has limited availability, as not all motherboards have it, and without access to BIOS code, the security level of the authentication process can\u2019t be determined. Certified third-party encryption software are also used for better encryption. An Opal drive layout includes the MBR Shadow and multiple user ranges. Encrypted SSDs should be OPAL 2.0-compliant for optimal performance and they are designed to minimize write amplification. An OPAL support software must also be used because the specification is not backwards-compatible.<\/p>\n Solid-State Drives have proven to be the replacement for HDDs. Therefore, it\u2019s inevitable that SSDs should have an encryption feature to prevent data loss at all costs. Such a drive is also called a Self Encrypting Drive (SED)<\/a>. Considering the SSDs, the host data travels through the controller and firmware for the inbound and outbound data stream with no close communication between the software defenses and device firmware. Hence, it opens loopholes for cyber-threats<\/a> that can bypass the software defense and attack the firmware. Therefore, SSDs need security at the firmware level, as neither hardware level nor software level security suffices for the protection of data stored in an SSD.<\/p>\n Flexxon also uses the most advanced encryption algorithms other than the standard algorithms. Many of Flexxon\u2019s products like USBs are AES-XTS 256-bit, RSA 2048-bit, SHA 256-bit, and RoHS compliant. Many of our NAND storage solutions support AES\/TCG OPAL encryption.<\/a><\/p>\n Apart from encryption, another security layer can be added to extremely sensitive information, called the intelligent destruction. Intelligent Destruction is a data destruction feature for military grade SSDs.<\/a> FLEXXON 2.5\u201d SSD supports Intelligent Destruction, which could destroy all the data quickly and completely. This feature is handy for use in sensitive operations like those of the military,<\/a> and SSDs with this feature can quickly erase all drive data upon captivity. No information will be accessible or usable in case the SSD falls into wrong hands. How does it work? The P13 pin on the SATA connector is defined as an intelligent destruction trigger signal. In a low-level pulse of the width of at least 2s, the data destruction process is executed at any working status of SSD. The data cannot be recovered after intelligent destruction but the SSD can be reused after running a format operation. P14 is defined as monitoring pin during the intelligent destruction. The data destruction process can be viewed by connecting a LED to the positive power supply. It is important to note that the Intelligent destruction is an irreversible process. Once it is performed on a drive, the erased content is unrecoverable. In some cases, the Intelligent destruction process might be interrupted by an unexpected power cycle of the SSD but the process will restart once SSD power is resumed.<\/p>\n Data encryption serves as an essential component of cybersecurity in order to keep the information stored on a system secure. However, just like Multi-factor authentication, data encryption is also prone to bypass. Expert hackers have proved it in the last decade that data encryption can be bypassed to have unauthorized access to information.<\/a> Therefore, we need new technologies to take over as an added layer of security to encryption techniques.<\/p>\n On the other hand, social engineering, phishing, poor password practice, internal data theft, forgetting to update software patches, lost or stolen devices<\/a>, etc. are some common reasons for cybersecurity breaches. Around 21% of data breaches occur due to lost or stolen devices and internal data theft. On the contrary, no security solution in the market offers physical protection<\/a> that is crucial in lowering the rate of cybercrimes and data theft.<\/p>\n This is precisely why\u00a0AI-embedded cybersecurity solutions<\/a>\u00a0are needed for physical protection of data as well. Artificial intelligence can serve as a barrier between your data and the cybercriminal.<\/p>\n This leads to the next generation of NAND storage devices; with embedded intelligent, holistic, and easy-to-use cybersecurity solutions that ensure the highest levels of protection. With AI embedded at the firmware level<\/a>, this revolutionary innovation delivers real-time AI protection to detect and defend against the ever-growing cyber threats<\/a> worldwide, to provide users with a much better cyber security posture.<\/p>\n For this purpose, we designed our X-PHY\u00ae SSD<\/a> with an encryption feature at the firmware level to thwart all\u00a0cyber attacks<\/a>\u00a0while the data securely resides in the SSD. The encryption is introduced to ensure that in case of a cyber attack or a physical attack, an SSD should be able to defend itself at the firmware level. It should be able to lock and protect the data stored in it instead of giving it all up to cyber criminals. With this ability, SSDs help enable real-time advanced malware protection<\/a> against all sorts of known and unknown malware and ransomware, as well as against hardware and\u00a0physical attacks.<\/a><\/p>\n The X-PHY\u00ae SSD is the first-ever standalone embedded firmware controlled AI cybersecurity SSD<\/a> at the\u00a0NAND storage level\u00a0<\/a>to prohibit cyber threats and reduce dependency on the vulnerable software. This embedded cybersecurity solution<\/a> uses advanced AI Co-Processor Quantum Engine that revolutionizes the AI Embedded cybersecurity storage facilities. It can quickly encrypt data when a threat is suspected to prevent data access for criminals and unauthorized people. In extreme cases, it can also be enabled for intelligent\u00a0destruction of data<\/a>\u00a0to avoid data theft.<\/p>\n Hence, keeping the above points in mind, it is best to have\u00a0Industrial NAND storage<\/a>\u00a0that has a built-in AI capability of encrypting its data at the time of need. This will ensure that data is protected at all costs and the confidentiality and integrity of an organization will not be compromised in case of a cyber or physical attack. Having compliance with the most advanced technological\u00a0encryption methods<\/a>\u00a0would ensure that the encryption can’t be decrypted to access data if it falls in wrong hands. Moreover, our NAND storage products can be activated for the\u00a0advanced data wipeout feature.<\/a>\u00a0It’s extremely useful when highly sensitive information is at stake. This feature if enabled would make sure that the data is securely wiped out from the storage if unauthorized access is attempted. Innovations like these hold a great promise for this era when data theft<\/a> is so common and information security is at stake at all times.<\/p>\n If you’d like to discuss your options at Flexxon, or if you want to consult with an expert, get in touch and we’d be happy to assist you.<\/p>\nAdvanced Encryption Methods\u200b<\/h3>\n
AES Algorithm<\/h6>\n
RSA Algorithm<\/h6>\n
TCG OPAL 2.0 software<\/h6>\n
Firmware Level Security for SSDs and NAND products<\/h3>\n
Flexxon Encryption Algorithms<\/h3>\n
Intelligent Destruction in Military Grade SSD<\/h3>\n
Why Encryption Alone isn\u2019t Enough!<\/h3>\n
Next Generation NAND Storage Devices<\/h3>\n
Real-Time Data Protection with X-PHY\u00ae SSD<\/h3>\n
How Does X-PHY\u00ae SSD Work?<\/h3>\n
Conclusion<\/h3>\n