Advice Request Help me to understand hardware based encryption..

Please provide comments and solutions that are helpful to the author of this topic.

SUPRA

Level 3
Thread author
Verified
Nov 26, 2016
109
Recently I came across an ssd made by Kingston it's model is uv 500 and it has got 256 aes hardware based encryption. So I am bit confused how it really works?
What are it's benefits?
Also how much it is different from the software based encryption?
Please explain me all these and if you have any knowledge beyond the question I have asked then please share it...

Thank you.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
This one?
UV500 2.5”/m.2/mSATA Encrypted SSD – 120GB-1.92TB | Kingston
  • AES 256-bit Hardware Encryption Self-Encrypting Drive (SED) and TCG Opal 2.0
Quote from Kingston UV500 SATA SSD Review - Self-Encrypting Drive - Legit Reviews (read more)

Self–Encrypting Drives (SEDs) have been on the market for years, but very few people actually fully utilize these drives. Like the name implies, a self-encrypting drive uses an encryption engine built into the SSD’s controller to encrypt every file stored on the drive. This hardware-based encryption method offers a high level of data security, is invisible to the user, cannot be turned off and does not impact performance.​
An SED is a life saver for many businesses as software encryption solutions can take hours to enable and all future data written to the drive will need CPU horsepower to do the encryption. This impacts system performance and is the least desirable and secure method for encryption. Since an SED SSD is already encrypting all its content, securing the drive might be as easy as enabling a password for the drive. By setting an ‘ATA password’ in your systems UEFI/BIOS you can easily secure a SATA SSD. The only kicker is that only a handful of modern desktop boards still have the option for an ATA password to be set, but it is still fairly common on laptops and business PCs. If your motherboard doesn’t support an ATA password you can use a third party utility like McAfee Endpoint Protection for PC, WinMagic SecureDoc or Wave Embassy Trust Suite to secure the drive.​
[..]​
The UV500 drives also support TCG Opal 2.0 security management solutions and that is a crucial feature for businesses where the IT department needs to manage employees drives. This means that the UV500 series can protect your sensitive data if properly setup and then it will meet EU General Data Protection Regulation (GDPR) compliance.​
[..]​
The most important bit of data on the back of this SED drive is of course the Physical Secure ID (PSID) number. The PSID is unique to each drive and is your way to factory reset the drive if its fully encrypted and you are no longer able to access it because of a lost password or an application blew your install up. The PSID is printed on the disk label and visible to anyone with physical access to the SED.​
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
The hardware encryption mechanism sits between the system BIOS and the operating system placed on the disk. Any data passing through the mechanism must be unencrypted for use. When the system is booted, you must place the keyword into the system before the operating system can be loaded. Once the keyword is used, the system appears to operate normally. In fact, the content is continuously unencrypted when read from the disk and encrypted when written to disk. When the computer is shut down, the data on the disk is once again unreadable until the password is rekeyed. Most full-disk encryption systems use a software encryption method, but hardware-based encryption is more secure with no possibility of the key remaining in volatile memory, and no need to activate the encryption process for each use.
 
  • Like
Reactions: SUPRA

SUPRA

Level 3
Thread author
Verified
Nov 26, 2016
109
This one?
UV500 2.5”/m.2/mSATA Encrypted SSD – 120GB-1.92TB | Kingston
  • AES 256-bit Hardware Encryption Self-Encrypting Drive (SED) and TCG Opal 2.0
Quote from Kingston UV500 SATA SSD Review - Self-Encrypting Drive - Legit Reviews (read more)

Self–Encrypting Drives (SEDs) have been on the market for years, but very few people actually fully utilize these drives. Like the name implies, a self-encrypting drive uses an encryption engine built into the SSD’s controller to encrypt every file stored on the drive. This hardware-based encryption method offers a high level of data security, is invisible to the user, cannot be turned off and does not impact performance.​
An SED is a life saver for many businesses as software encryption solutions can take hours to enable and all future data written to the drive will need CPU horsepower to do the encryption. This impacts system performance and is the least desirable and secure method for encryption. Since an SED SSD is already encrypting all its content, securing the drive might be as easy as enabling a password for the drive. By setting an ‘ATA password’ in your systems UEFI/BIOS you can easily secure a SATA SSD. The only kicker is that only a handful of modern desktop boards still have the option for an ATA password to be set, but it is still fairly common on laptops and business PCs. If your motherboard doesn’t support an ATA password you can use a third party utility like McAfee Endpoint Protection for PC, WinMagic SecureDoc or Wave Embassy Trust Suite to secure the drive.​
[..]​
The UV500 drives also support TCG Opal 2.0 security management solutions and that is a crucial feature for businesses where the IT department needs to manage employees drives. This means that the UV500 series can protect your sensitive data if properly setup and then it will meet EU General Data Protection Regulation (GDPR) compliance.​
[..]​
The most important bit of data on the back of this SED drive is of course the Physical Secure ID (PSID) number. The PSID is unique to each drive and is your way to factory reset the drive if its fully encrypted and you are no longer able to access it because of a lost password or an application blew your install up. The PSID is printed on the disk label and visible to anyone with physical access to the SED.​

Thank you for explaining so well. I have understood.
So sir do you have any tutorial on how to setup this drive properly?

Ok so while reading it is unencrypted and while writing it is encrypted...

So if anyone can hack into my computer he can read all data?
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top