SDV-HA

Overview:

The  Silicon Data Vault High Assurance (SDV-HA) is a portable self-encrypting  solid state storage  and processing device housed in a compact rugged enclosure.  It attaches to a computer by USB or eSATAp.  Hardware implemented, the  SDV-HA  utilizes NSA Suite B cryptographic algorithms, a distributed key management system and two-factor  pre-boot and post-boot authentication (passphrase and  USB  token) to provide exceptionally strong data protection. The SDV-HA also incorporates highly innovative anti-tamper detection and response mechanisms developed to negate the risk of attempts to subvert the operation of the device. The SDV-HA can detect both physical removal and electrical disconnection of the enclosure as well as internal access and tampering of components. It also monitors environmental and operational conditions with a tamper event triggered if a condition contravenes predefined values. When a tamper event is triggered, the SDV-HA will cause the encryption keys to be destroyed rendering the device inoperable. The SDV-HA anti-tamper capability is so highly regarded by Australian Defence that it has been protected under national security classifications. 
Device Classification At Rest

The SDV-HA has undergone and passed an extensive and rigorous Australian Government Australian Signals Directorate (ASD)  High Assurance evaluation. This evaluation is a verification and validation program designed to ensure that security in cryptography, anti-tamper and operation adhere to the strictest of conditions. The subsequent High Assurance certification enables Australian government agencies to rely on the strength and quality of the security they use to protect official classified information and systems. The SDV-HA is certified by ASD to secure highly classified data up to and including TOP SECRET yet enable handling as UNCLASSIFIED with Dissemination Limiting Marking For Official Use Only when powered down. SECRET data can be handled as UNCLASSIFIED without the need for a DLM.

 

 

System Security:

SDV Hardware Encryption
NSA Suite B
AES 256 
ECC 384 
Sector level on the fly encryption
Two-factor pre-boot  and post-boot authentication
Active Tamper  detection and response
Distributed key management 
Secure erase 
 
Features:
Customisable operating environment 
Customisable operating mode
Multiple partitions
Audit log
Large capacity solid state storage (up to 480GB)
Value Proposition:
Cost Effective: The overall costs incurred for on-going data storage and handling of highly classified information may well be significant and somewhat hidden.  TOP SECRET data when stored on the  SDV-HA  can be handled as UNCLASSIFIED For Official Use Only, thus removing the need for traditional highly secure courier and transport methods and their associated costs and procedural inefficiencies. Cost savings can also be achieved as data classified SECRET or below can be stored and physically transferred as UNCLASSIFIED.
Confidentiality: Lost or misplaced documents or un-encrypted storage products containing highly classified data can put lives and dollars at extreme risk. Highly classified data is afforded total protection when using the  SDV-HA. A lost , stolen  or captured device thus becomes a hardware replacement administration issue and not a data content confidentiality problem.

User Examples:

The SDV-HA provides a high level of operational versatility through both its dual modes of connectivity and dual modes of authentication. The SDV-HA's two modes of authentication are known as pre-boot (authentication at host PC startup) and post-boot (authentication from within the Windows OS); both authentication modes are available when the SDV-HA is connected to the host PC via the eSATAp port or via the USB port.

Bootable storage device with an OS installed on the SDV-HA itself, using pre-boot authentication: In this mode of operation the user would utilise the SDV-HA with a specific laptop with eSATAp connectivity. In this mode, combined with the removal of the host computers internal commercial storage medium, there would be mitigated risk of data spill enabling the classification of the host PC to not be altered once powered down. (Please refer to Australian Signals Directorate ISM publications to ensure compliance in such use cases.)

Data storage device accessed via a PC running a Windows OS, using post-boot authentication: This can be as primary storage or as a data backup facility of highly classified data for one or multiple computers processing highly classified data.

Data transportation device where the SDV-HA is used to store data that can be accessed from different PCs running a Windows OS, using post-boot authentication: The stored data can be transported between locations with ultimate security and ease of handling.

Data storage device within a bespoke embedded environment within a windows OS or non windows OS environment: In this use scenario customisation and engineering support may be required to enable embedded operation.

Certification Details:

Australian Government Australian Signals Directorate (ASD) High Assurance Evaluation
 

Resource:

 
 
Go to top