Discretix - Secure Disk for Solid-State Disks (SSD) or Hard Disk Drives (HDD)

BLOG |

Search:

PRODUCTS & SOLUTIONS

Platforms

CryptoCell®

CryptoFlash®

Anti-Cloning | Anti-Hacking

Peripheral Binding

Secure Disk

Content Protection

Multi-Scheme DRM Client

OMA DRM

WM DRM

CPRM

Mobile TV Security Client

Modules

IPSec Accelerator

Cryptographic Accelerators

PKA, AES, DES, HASH, RNG

Cryptographic Software Library

HDCP

Secure Database

Secure Boot

Key Storage & Management

Certificate Handling

Secure Disk Solution (DxSD)

Discretix Secure Disk Solution is a comprehensive "in-storage" data protection solution for solid-state disks (SSD) or hard disk drives (HDD) embedded into the disk controller as semiconductor IP.

Secure Disk Solution - Market Needs

Today, our most valuable assets, whether personal or work-related, are stored on numerous fixed and mobile devices. Data backup is also shifting away from tapes and moving towards disk-based backup and recovery, continuously improving accessibility. The massive volume of stored information, its critical importance and the ease of access, significantly increases the risk associated with theft and loss. Moreover, government and industry regulations mandate strict control of data privacy and security with severe penalties for violations. To achieve true protection, data must be protected where it is stored, and not by the application that uses it.

Highlights of the Secure Disk Solution

	Full Disk Encryption (FDE) – 100% data encryption, including user data, system files, hidden files, page files, temporary files, registry settings, hibernation files, and Master Boot Record
	Strong, robust encryption – robust hardware-based encryption with FIPS approved AES algorithms, up to 256-bit key strength, and secure key management
	Encryption at full disk throughput – high-performance hardware encryption engine, guaranteeing no observed performance impact
	Very Fast Secure Data Sanitization – secure disk disposal and/or repurposing within seconds
	Secure Boot – verifies controller firmware image integrity at boot time, detecting off-line firmware image tampering and unauthorized firmware
	Secure firmware updates – verifies authorized genuine firmware updates for disk controller firmware and enables firmware version revocation
	Master Boot Record tampering detection – verifies system Master Boot Record integrity at boot time, detecting off-line image tampering and unauthorized updates
	Mutual authentication with host system – prevents disk usage in a different, unauthorized host system even by authorize users (IEEE 1667 based)
	Pre-Boot event logging – logs information on pre-boot events, including password changes and successful/failed logins
	Multiple User support – can be configured to provide authenticated login for multiple users on a single device, eliminating the need for sharing accounts and passwords

DxSD Use Cases

Secure Disk Solution - Technical Overview

The secure disk solution protects disk content from unauthorized access or misuse. A secure boot function verifies that the controller firmware has not been tampered with or modified, guaranteeing a known and trusted starting point. In addition, the Master Boot Record authenticity is verified. At system boot, DxSD requests a pre-boot password and verifies its authenticity before allowing access to the disk contents. Data stored on the disk is encrypted. Once access to the disk is granted, the DxSD AES engine decrypts data that is read from the disk and encrypts data that is written to the disk.

Block Diagram

Secure Disk Configuration Options

1 Technology and synthesis dependent; based on the use of Design Compiler® and low power 90nm TSMC technology; measured at 100MHz
2 Code size figures are for ARM® Thumb mode

Click to enlarge

Download Brochure

Download Brochure

Key Benefits:

	Prevents theft of sensitive information
	Avoids information leaks resulting from inaccurate classification
	Inhibits usage in unauthorized systems
	Decreases financial liability, exposure, and risk
	Platform and OS independent

Key Features:

	AES-128 encryption using FIPS-approved mode, e.g. AES-CTR, or IEEE 1619 XTS-AES
	AES-192/256 – optional
	On-the-fly Encryption/decryption AES throughput: 133MB/sec to 1066MB/sec @ 100Mhz
	RSA-based boot-time integrity checking
	Based on FIPS validated cryptographic algorithms
	Host authentication based on IEEE 1667 Transient Storage Authentication certificate silo
	Synthesizable up to 200MHz

Deliverables:

	Synthesizable Verilog RTL source code
	Synthesis script and constraints
	ANSI-C source code firmware
	Hardware and Firmware acceptance and integration tests
	Complete Hardware and Firmware technical documentation
	PC tool for generating signed controller firmware image