Disk encryption hardware
Encyclopedia
To protect confidentiality of the data
stored on a computer disk a computer security
technique called disk encryption
is used. This article discusses hardware which is used to implement the technique (for cryptographic aspects of the problem see disk encryption
). Compared to access restrictions commonly enforced by an OS
, this technique allows to protect data even when the OS is not active, for example, if data is read directly from the hardware.
Hardware designed for a particular purpose can often achieve better performance than software implementations
. And disk encryption hardware can be made more transparent to software than encryption done in software. As soon as the key has been initialized, the hardware should in principle be completely transparent to the OS and thus work with any OS. If the disk encryption hardware is integrated with the media itself the media may be designed for better integration. One example of such design would be through the use of physical sectors slightly larger than the logical sectors.
Hardware solutions have also been criticised for being poorly documented. Many aspects of how the encryption is done are not published by the vendor. This leaves the user with little possibility to judge the security of the product and potential attack methods. It also increases the risk of a vendor lock-in
.
In addition, implementing hardware-based full disk encryption
is prohibitive for many companies due to the high cost of replacing existing hardware. This makes migrating to hardware encryption technologies more difficult and would generally require a clear migration and central management solution for both hardware- and software-based Full disk encryption solutions.
Data
The term data refers to qualitative or quantitative attributes of a variable or set of variables. Data are typically the results of measurements and can be the basis of graphs, images, or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which...
stored on a computer disk a computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
technique called disk encryption
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
is used. This article discusses hardware which is used to implement the technique (for cryptographic aspects of the problem see disk encryption
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
). Compared to access restrictions commonly enforced by an OS
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, this technique allows to protect data even when the OS is not active, for example, if data is read directly from the hardware.
Hardware designed for a particular purpose can often achieve better performance than software implementations
Disk encryption software
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
. And disk encryption hardware can be made more transparent to software than encryption done in software. As soon as the key has been initialized, the hardware should in principle be completely transparent to the OS and thus work with any OS. If the disk encryption hardware is integrated with the media itself the media may be designed for better integration. One example of such design would be through the use of physical sectors slightly larger than the logical sectors.
Criticism
Some disk encryption hardware was criticised for using keys as small as 40 bits, which can be easily attacked by a brute-force attack, however the latest disk encryption hardware uses 256 bit keys.Hardware solutions have also been criticised for being poorly documented. Many aspects of how the encryption is done are not published by the vendor. This leaves the user with little possibility to judge the security of the product and potential attack methods. It also increases the risk of a vendor lock-in
Vendor lock-in
In economics, vendor lock-in, also known as proprietary lock-in or customer lock-in, makes a customer dependent on a vendor for products and services, unable to use another vendor without substantial switching costs...
.
In addition, implementing hardware-based full disk encryption
Hardware-based full disk encryption
Hardware-based full disk encryption is available from many hard disk drive vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as Samsung...
is prohibitive for many companies due to the high cost of replacing existing hardware. This makes migrating to hardware encryption technologies more difficult and would generally require a clear migration and central management solution for both hardware- and software-based Full disk encryption solutions.
See also
- Disk encryptionDisk encryptionDisk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
- Disk encryption softwareDisk encryption softwareTo protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
- Full disk encryptionFull disk encryptionDisk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...
- Hardware-based full disk encryptionHardware-based full disk encryptionHardware-based full disk encryption is available from many hard disk drive vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as Samsung...
- IBM Secure Blue