Encryption Tutorial

The convenience of external hard drive, portable storage and the increasing amount of data stored onto hard drives have also introduced an increasing risk of exposing sensitive data. To safe guard the sensitive confidential and personal information, many private and public organizations have implemented various software and hardware encryption. Most software or hardware data encryption products in the market are based on the industry standard proven data encryption algorithms - AES (Advanced Encryption Standard), DES (Data Encryption Standard) and TDES (Triple DES) that are certified by NIST (National Institute of Standards and Technology) of USA and CSE (Communications Security Establishment) of Canada. The AES 256-bit cryptographic engine is FIPS and NIST certified.. To learn more detail on data encryption and its various industrial standards, please visit the following URL link http://en.wikipedia.org/wiki/Cipher

Addonics hardware encryption solution, the CipherChain, Diamond Cipher, Ruby Cipher, Saturn Cipher, Jupiter Cipher and the Cipher UDD are by far the most secure and simplest to deploy, particularly for large organizations. Below are some of key benefits of Addonics hardware encryption products:

  • High performance - Data is encrypted and decrypted on the fly by a certified cryptographic engine inside an ASIC without taking any CPU resources as in the case of software encryption. There is no noticeable performance difference between an Addonics hardware encrypted hard drive and a regular hard drive.
  • Platform independency - There is no software or driver to install to use Addonics encryption products. As a result, it can be deployed in any system running any OS. This is important in organization with multi-platform computing and legacy systems.
  • No training required - There is no password to remember nor running any special program commands. The Addonics encryption solution is truly plug and play. Encryption and decryption are all controlled by a physical key (Cipher key).
  • Data portability - Unlike many software or hardware products that limit accessing the encrypted hard drive to certain specified computer system, Addonics encrypted storage device can be accessed by practically any system while still maintaining high level of security. For example, the Addonics' Diamond Cipher or Ruby Cipher drive enclosure with an encrypted hard drive can be attached to any systems externally via eSATA or USB ports. As long as you have the Cipher key with you, you can access the hard drive.
  • Low TCO (Total cost of ownership) - With hardware based encryption, there is no IT maintenance required, no software version to maintain nor any updates to keep track of.

Bullet Proof security

The Addonics hardware encryption implementation offers practically bullet proof security in comparing to software encryption implementation. All Addonics encryption solution are based on a certified Crypto engine from eNova. The CipherChain, Diamond Cipher or Ruby Cipher are the first in the market that implement the AES-256 hardware encryption on SATA hard drive and SSD. Together with the implementation strategy in the Addonics hardware encryption solution, it is mathematically impossible to break the Cipher code.

Software encryption

It is well documented that a modern computer may break software-based DES 40-bit encryption in a few days or in a few hours if you can somehow manage to increase your computing power. To break software based DES 64-bit encryption, the scale of computing power you must gather with will dramatically exceed your imagination. There are only specialized organizations capable of managing supercomputers or thousands of personal computers running in parallel that can discern the secrecy. Depending on the level of actual investment, a few months or even years are normally expected. Having stated that, breaking software DES 40/64-bit requires special skills and expertise. It is not something that regular Joe Smith can do efficiently.

Hardware encryption

It is extremely hard to break hardware-based full disk encryption. The technique deployed to break software-based encryption cannot be practically deployed to break hardware-based encryption implemented in our design.

All Addonics' hardware-based full disk encryption solutions encrypt everything on the hard drive including boot sector, OS, temp./swap files. There is not any clear text left on the hard drive for trace, thus eliminates entirely the possibility of analyzing useful patterns. Thus, traditional wisdom and techniques of breaking software-based DES 40/64-bit is no longer applicable as no OS information is available. There is no software application can be executed, which greatly deters the process of key breaking as every wrong attempt will require a new power on reset process of the hardware or reconnection of the Addonics hardware encryption storage device..

So what’s so important about the power on reset and how does it deter the key breaking process?

An Addonics hardware-based full disk encryption solution at DES 40-bit strength offers a possible combination of 1,099,511,627,776 keys. The actual key will normally be yielded when the 50% of the key domain is eliminated. A typical power on reset process lasts 0.4 second or more. The following simple calculation displays time required in order to run through the 50% of the 40-bit possible key domain:

1,099,511,627,776 x 50% x 0.4 seconds = 219,902,325,555 seconds = 3,665,038,759 minutes = 61,083,979 hours = 2,545,165 days = 6,973 years

By increasing from DES 40 to DES 64-bit encryption, the possible combination keys increase dramatically to 72,057,594,037,927,936. When combined with the minimum 0.4 sec hardware reset, the time required in order to run through the 50% of the 64-bit possible key domain jumps up to 456,982,528 years! When applying this analysis to the TDE-192 and AES-256 bit encryption, the time it takes to find the right code combination will be so long that it is mathematically not possible to break these high bit level encryptions.

Or, a trained code breaker maybe able to directly connect to Addonics hardware-based full disk encryption hardware circuit interface then attempt to intercept a complete data transfer for deciphering, assuming known exact position of both clear text and cipher text. Even if a potential hacker who has the clear text and its corresponding cipher text, attempts to derive the cryptographic key would still consume years as DES/TDES are known for resisting “Known Answer Test.” A 40-bit hardware-based full disk encryption solution specifically under the known answer attack is somewhat weak but encryption solution with 64-bit and higher bit levels will be a totally different scale.

Basing on the above analysis, we feel confident that all the Addonics hardware encryption products are more than adequate for most applications. We do realize, however, there are rigid security requirements that can not stand a chance from being compromised. In that case, we shall recommend using the TDES 192-bit or AES-256 bit version.