Dark Posted June 17, 2021 Posted June 17, 2021 SED drives are hard drives and SSD drives designed to store the data they contain as safely as possible. Thus, they are ideal for work environments that deal with sensitive data. How do these types of storage units work, how do they differ from the usual ones for PCs and what advantages does their use bring? Protecting sensitive information, whether personal or third-party, is one of the ongoing challenges of computing. There are two fronts for this, on the one hand the creation of new data encryption and decryption algorithms and on the other the implementation of the necessary hardware for greater efficiency in data security. What are SED units? SED Units The acronym SED comes from Self-Encrypting Drive, in Spanish "unit" with self-encryption, they refer to the hard disk drives and SSD that contain inside hardware for the encryption and decryption of the data they store. Which follow the data encryption standards of the Trusted Computer Group such as AES, Opal 2.0 and Enterprise encryption. About which we will not go into its operation in this article. SED storage units are not usually seen, in theory, in the home market. Therefore, its adoption occurs more in environments where data protection is crucial. Especially for military and government uses. However, this does not mean that there are no SED storage units in the domestic market and many SSDs and hard drives that you can find in the market are SED storage units. The SED units come with built-in hardware encryption and decryption systems that are completely transparent to the rest of the PC, so they do not require the work of the CPU for the encryption and decryption of the data and neither complex systems integrated in the operating system and in applications, whose security could easily be breached. How do SED units work? SED units operation It should be clarified that a SED drive is not different from a hard drive or even conventional SSD. They do not use apparently different hardware and you can connect them to your PC like conventional storage units, so they do not require special interfaces. However, it is inside and therefore in the internal circuitry where the hardware in charge of the encryption and decryption of the data is located. Each of the SED units contains what we call a cryptoprocessor, this is nothing more than a processor that works in isolation from the rest of the system. In the sense that the memory on which it works is inside the same processor. This is done to prevent the data from being accessed through a data analyzer. Hardware data encryption When the CPU, GPU or other processor needs to store the data from the RAM or VRAM in the storage unit due to lack of space or use in the RAM, the SED unit's cryptoprocessor encrypts the data using two elements . The first of these is what is called a Data Encryption Key or DEK. Which is a key that is different for each unit that is for sale and is installed in the cryptoprocessor. This key is used as a variable to generate the encrypted code through a complex mathematical formula, which converts the binary code that stores the data into a binary code that the CPU cannot understand if there is no decryption step, which also it is carried out by the SED unit's cryptoprocessor in a totally opaque way to the rest of the system. Data speed is important Data speed All memory must not only have the capacity to contain the data, but also the sufficient speed for its transfer at the appropriate speed and that does not mean a bottleneck in performance. The storage system in the PC is based on a hierarchy where each new level has more storage capacity than the previous one, but is slower in access time and transfer speed. So the data is copied from the furthest levels to the closest. With the arrival of NVMe SSDs based on high-speed PCI Express interfaces, we have gone from talking of tens and even hundreds of Megabytes per second of transfer speed to several Gigabytes per second already with the third and fourth generation of the PCI Express standard. This means that the encryption and decryption work has to be done an order of magnitude faster. Something that forces the development of cryptoprocessors for SED units much more powerful than what we can now find on the market.
Premium
Recommended Posts