This page contains a Flash digital edition of a book.
europe SNIA


www.snia-europe.org


Why You Need a SED Solid State Drive All sorts of storage devices can be SEDs. The Trusted Computing Group (TCG) has standards for internal encryption of hard disk drives, optical disc storage, as well as NAND flash storage devices such as Solid State Drives (SSDs). The first self encrypted storage devices were hard disk drives introduced by Seagate in 2007. Self encrypted solid state drives were introduced by Samsung in 2009.


In the case of a NAND flash-based storage device such as an SSD, wear-levelling and the consequent garbage collection do not allow for a one-to-one correspondence between the logical location of the data and the physical flash memory cells where the data may be stored. As a consequence, any attempt to physically overwrite data may not in fact erase old bits in reallocated cells. At the same time, SSDs and other flash devices are constantly moving data around and erasing de-allocated blocks of flash cells in the background so old and “erased” data may or may not be present in the flash memory device at any given point of time.


The ambiguity of the presence of old “deleted” data in a SSD leads to a security hole for SSD content. On the other hand, if the SSD or other flash memory device has a built-in encryption tightly coupled to the function of the flash memory controller (an SED SSD), then, if the internal encryption key on the SSD is erased, the data in no longer translatable from the cryptext to data. This is called crypto- erase and it is very fast. Crypto-erase is very effective and it has been recognized by government security standards as adequate for “secret” data.


Thus, crypto-erase is the only really effective way to protect data on an SSD. As a consequence, many SSDs are now being built with SED encryption built into the controller function, making crypto-erase an increasingly common feature in modern SSDs. It is likely that all SSDs will have the encryption capabilities of SEDs within the next two years, making the basic SED capability available to all SSD users within a short period of time. Adoption and actual use of the SED encryption built into SSDs (or for that matter HDDs) for data security is a different issue and will be addressed in a future section of this report.


Projections for Self Encrypting SSDs There are two reasons why SED capability (whether it is needed or used by customers for data protection and security) is likely to become commonplace in SSDs. The first reason is that SSDs by their very architecture do not provide ways to effectively erase all the content in the device, unlike HDDs. Providing encrypted data on the SSD where the key is within the device allows erasing the encryption key and making the data unavailable to others—a crypto-erase. This feature will be popular for many users even if they don’t use the SED features on a day to day basis, since drives can be reused without fear that the data is available to a new user after the internal encryption key is erased.


The second reason is that, with relatively lower volumes and a great many SSD suppliers having SED capability, that capability is both


SSD4 www.snseurope.info I October/November 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44