Q: What is “Saturn Cipher”?
A: Saturn Cipher is a family of Addonics Hard Drive enclosures that incorporate
a real-time hard drive cryptographic bridge ASIC (Application Specific
Integrated Circuit) to encrypt and decrypt the entire hard drive including boot
sector, temp files, swap files and the operating system without degrading
system overall performance. Inside the Saturn Cipher cryptographic engine are
the DES (Data Encryption Standard) and TDES (Triple DES) standard algorithms
certified by the NIST (National Institute of Standards and Technology) of the
United States of America and CSE (Communications Security Establishment) of
Government of Canada.
Q. How is Saturn Cipher differs from the
regular Saturn hard drive kit?
A. The difference is in the additional encryption electronics inside the Saturn
Cipher drive enclosure. Other than that, Saturn Cipher enclosure has the same
mechanical design and connections on the back of the enclosure as the regular
Saturn enclosure. As a result, Saturn Cipher has the same flexibility of the
Saturn hard drive kit and can share the drive cradles and interface cables.
Q. If I already have Saturn drive cradle
installed in a system, can I just purchase the Saturn Cipher enclosure for
encrypting some of my hard drives?
A. Yes. The Saturn Cipher and the regular Saturn hard drive kit shares the same
drive cradle. You can mix encrypted and regular hard drive in the same system.
The encryption is with the Saturn Cipher enclosure. So you can see the
convenience of the Saturn Cipher design. You can take the enclosure to anywhere
you want and still can access the data in your encrypted hard drive so long you
have the Saturn Cipher key with you.
Q. How is Saturn Cipher differs from other
hardware based hard drive encryption solutions out in the market?
A. All the hardware based encryption solutions in the current market have one
or more of the following limitations:
Hard drive can only be encrypted or decrypted on the same computer
Hard drive is limited to a single interface connection
Limtited to IDE hard drive. No solution for SATA hard drive at this time
Saturn Cipher does not have any of these limitations. It is also
one of the first hardware encryption solutions for both IDE and SATA hard
drive. Saturn Cipher is by far the most flexible and yet extremely secure.
Because we are offering this solution in the form of a a drive kit, you can
encrypt whatever capacity hard drive you need and as many hard drives as you
want.
Q: What’s the security variety of “Saturn
Cipher”?
A: Saturn Cipher is available with three different levels of encryption
strength.
Saturn Cipher-64 – DES 64-bit encryption strength
Saturn Cipher-128 – TDES 128-bit encryption strength
Saturn Cipher-192 – TDES 192-bit encryption strength
Q: How can Saturn Cipher encrypt the entire
disk without losing performance?
A: Saturn Cipher is specifically engineered for high speed communications with
the disk drive. It's high throughput enables real-time communications with all
the IDE or SATA hard drives. The operations of encryption and decryption are
accomplished using high speed hardware circuit to ensure no performance loss.
There isn’t any extra software device driver required. Thus memory and
interrupt overheads are completely eliminated.
Q: Can Saturn Cipher work with all types of
disk drives?
A: Saturn Cipher offer choices of two different type of enclosures. The Saturn
Cipher SATA enclosure works on any 3.5" and 2.5" SATA or SATA II hard drive.
The Saturn Cipher IDE enclosure works on any Ultra ATA (Ultra DMA) 66/100/133
compliant 3.5", 2.5" and 1.8" disk drives. No support on SCSI hard drive at
this time.
Q: Can Saturn Cipher work with all types of
operating systems?
A: The Saturn Cipher cryptographic engine requires no device drivers and is
compatible with all operating systems. However some OS may not offer support to
certain interface. Below is a list of OS support using different interface
connection:
IDE - DOS, all Windows OS, Linux, Solaris, Unix, Mac OS
SATA - DOS, Windows NT4, 98SE, Me, 2000, 2003, XP, Linux, Solaris, Mac OS
USB 2.0/1.1 - DOS, Windows 98SE, Me, 2000, 2003, XP, Linux kernel 2.4 and
above, Solaris 9 and above, Mac OS 9 and above
Firewire - Windows 98SE, Me, 2000, 2003, XP, Mac OS9 and above
CardBus/PCMCIA - DOS, Windows NT4, 98SE, Me, 2000, 2003, XP,
Q: What are the advantage of Saturn Cipher
hardware encryption comparing to Software encryption?
A: Addonics Saturn Cipher enclosure kit, a hardware encryption solution for the
hard drive, is by far the most secure and simplest to deploy, particularly for
large organizations. Below are some of key benefits of Addonics hardware
encryption products:
High performance
- Data is encrypted and decrypted on the fly by a certified cryptographic
engine inside an ASIC without taking any CPU resources
Platform independency
- There is no software or driver to install to use Addonics encryption
products. As a result, it can be deployed in any systems running any OS. This
is important in organization with multi platform computing and legacy systems.
Data portability
- Addonics encryption storage device, designed with its USIB interface, can be
used as an internal removable hard drive or an external hard drive with USB,
SATA, Firewire or CardBus/PCMCIA interface. Unlike many software or hardware
products that limit accessing the encrypted hard drive to certain specified
computer system, Addonics encryption storage device can be accessed by
practically any system while still maintaining high level of security.
No training required
- There is no password to remember nor running any special program commands.
The solution is truly plug and play. Encryption and decryption is all
controlled by a physical key.
Low TCO (Total cost of ownership) - With hardware based
encryption, there is no IT mmanence required, no software version to maintain
nor any updates to keep track of.
Q: Are everything in the hard drive encrypted?
A: Saturn Cipher encrypts every thing on your disk drive without exception. It
encrypts the entire volume of your disk drive such that if you have a 300GB
hard drive, the entire 300GB will be encrypted including the boot sector and
partition tables.
Q: Do I need to establish a separate
“encrypted folder” under file directory as required by some software solutions?
A: No. Everything you write to the disk drive is automatically strongly
encrypted. There is no need to establish a separate “encrypted folder.”
Q. Can the Saturn Cipher encrypted data on an
existing hard drive?
A. No. To ensure absolute security, the Saturn Cipher Enclosure is designed to
encrypted everything in the hard drive. When a hard drive is installed into the
Saturn Ciper enclosure the first time, the drive must go through an
initialization process with the Saturn Secure Key. This process will reformat
the hard drive by the Saturn Cipher Cryptographic Engine, thus all previous
data stored on the hard drive will be erased. So if you have valuable data on
an existing hard drive that need to be preserved, this data must be saved in a
safe location and restored to the Saturn Cipher hard drive after it has been
prepared with the Saturn Secure key.
Q: Do I need any training to use Saturn
Cipher?
A: No. The good news is that you don’t have to learn or manage anything. After
inserting the Saturn Cipher Secure Key, everything will function as before.
There isn’t any GUI for you to learn and manage and you don’t have to memorize
your password.
Q: Will I expect a multi-step log on
procedures & complex GUI (Graphical User’s Interface) like other systems
require?
A: No. the Saturn Cipher solution does NOT change user’s regular computing
behavior, nor does it require learning a complex GUI. It does not require you
to memorize frequently used and cumbersome log on procedures. It is totally
transparent to all users. You need only to present your Secure Key token every
time before you attached the hard drive to any computer.
Q: How does Saturn Cipher compare with Smart
Card and PCMCIA encryption products?
A: Saturn Cipher is dramatically faster than PCMCIA or Smart Card solutions,
and encrypts the entire hard drive instead of just selected files. There is no
possibility that any data or credentials can be left unprotected on the hard
drive. Drive locking and boot sector encryption solutions do not encrypt the
data, and thus it is vulnerable to attack.
Q. Can a Saturn Cipher encrypted hard drive be
taken out of the drive enclosure and connect directly to IDE or SATA
controller?
A. Yes. The hard drive will appear as a blank hard drive without any data to
any Operating Systems. If new data is written onto the drive, all the encrypted
data will be gone and the hard drive becomes an ordinary hard drive.
Q: Can I encrypt multiple hard drives via a
single Saturn Cipher secure key?
A: Yes. You can encrypt multiple hard drives installed in different Saturn
Cipher enclosures with the same Saturn Cipher secure key. You can also encrypt
multiple hard drives using the same Saturn Cipher enclosure with one Saturn
Cipher secure key.
Q: Does Saturn Cipher support 48-bit LBA
addressing?
A: Yes. Saturn Cipher supports 48-bit addressing and support hard drive volume
over 137GB per drive.
Q: What happens if my Secure Key is lost or
stolen?
A: There are no “backdoors” into Saturn Cipher encrypted hard drive, so without
the Secure Key you will not be able to access the data on the protected disk
drive. This means you must keep the backup key in a safe place at all times.
Addonics have developed several key management systems that will allow the
trace of lost keys. However, if you are security conscious, you probably would
like to have the ability to generate and maintain your own keys distribution.
For more information about how to manage the Secure key, please visit below
link: http://www.addonics.com/Cipher/key_management.asp
Q: Can I order duplicate Secure Keys?
A: Yes. You can order duplicate Secure Keys directly from us. Please visit our
web site http://www.addonics.com/Cipher/key_management.asp for details. Note:
We do not maintain a database of Secure Keys unless it is specifically
requested by customers. To have additional keys made, you must send your backup
key with your order for duplication.
Q: Can I remove the Secure Key while my hard
drive is connected?
A: Yes, you can safely remove the Secure Key for safekeeping after the hard
drive is detected by system. Remember that the Secure Key MUST be used again
the next time you reconnect the hard drive or restart your system.
Q: If the Saturn Cipher malfunctions, will I
lose my data?
A: No. the the SCCE is a generic cryptographic engine and the Secure Key
contains the DES/TDES cryptographic key. Consequently, you can simply replace
the defective Saturn Cipher enclosure, if that ever occurs, and use your
original Secure Key to access the data on your hard drive.
Q: Does Saturn Cipher increase the original
file size after encryption?
A: No. DES/TDES is a complicated mathematical algorithm that computes the
original data with 64/128/192-bit cryptographic key length. Regardless of the
size of the key, the size of data file after encryption remains unchanged.
Q: How does Saturn Cipher encryption work?
A: Saturn Cipher Cryptographic Engine (SCCE) sits before your disk drive. It
intercepts, interprets, translates, and relays commands & data to and from
the disk drives, encrypting the data with DES/TDES 64/128/192-bit key strength.
Before all data reach the disk drive, the SCCE encrypts it then saves to disk
drive. When there is a read to the disk drive, the SCCE decrypts it before
sending the data to the host. The operation of encryption and decryption is
totally transparent to all users thus the SCCE is invisible to the entire
system. The Saturn Cipher Secure Key Token contains the “Cryptographic Key”
that is to be used by the the SCCE. At power up, the “Cryptographic Key” will
be delivered to the SCCE register sets using a proprietary hardware protocol.
If somehow the Cryptographic Key was incorrect or missing, the SCCE will not
decrypt the hard drive thus the Saturn Cipher encrypted hard drive will only be
detected by any Operating System and the entire content is secure. Attempts to
surface scan the entire disk drive platters will only prove futile. As the SCCE
is a generic engine and it relies on the “Cryptographic Key” to enable all
functionalities, a malfunctioned SCCE can be easily replaced with the same
model and the content of your disk drive can be safely retrieved as long as
your original “Cryptographic Key” is intact.
Q: What is “DES/TDES”?
A: DES (Data Encryption Standard) was originally introduced by NSA (National
Security Agency) and IBM and has since become a Federal data encryption
standard as defined in FIPS 46-3 (Federal Information Processing Standard). DES
works on 64-bit data segments with a 64-bit Cryptographic Key of which 8 bits
provide parity, resulting in a 56-bit effective length. A variant on DES is
TDES, in which the plain text is processed three times with two or three
different DES Cryptographic Keys. With two Cryptographic Keys used, the result
is an encryption equivalent to using a 112-bit (128-bit) Cryptographic Key.
With three Cryptographic Keys, the result is an encryption equivalent to using
a 168-bit (192-bit) Cryptographic Key. In practice with a 128-bit TDES, the
plain text is encrypted with the first key, decrypted with the second key, and
then encrypted again with the first key.
DES, TDES, and AES (Advanced Encryption Standard) are called Symmetric Ciphers,
which means same Cryptographic Key is used for both encryption and decryption.
Q: How secure are DES and TDES?
A: Very secure as both algorithms are completely public, and have been
surprisingly resistant to new cryptographic attacks over the last quarter
century. Though software DES 56-bit key length is no longer proven against a
massive computer attack, for most business applications DES remains adequate.
Q: How is key length related to security?
A: In the case of Symmetric Cipher (DES, TDES, and AES), a larger Cryptographic
Key length creates a stronger cipher, which means an eavesdropper must spend
more time and resources to find the Cryptographic Key. For instance, a DES
40-bit strength represents a key space of 1,099,511,627,776 (240, 2’s power 40)
possible combinations. While this number may seem impressive, it is definitely
feasible for a microprocessor or a specially designed ASIC to perform the huge
number of calculations necessary to derive the Cryptographic Key. Surprisingly
an investment of only about US$10,000 investment in FPGA (Field Programmable
Gate Arrays) will be able to recover a 40-bit key in 12 minutes. Further, a
US$10,000,000 investment in ASIC will be able to recover a 40-bit key in 0.05
second. A government agency that can afford investing US$100,000,000 or more
will be able to recover a 40-bit key in a whopping 0.002 second! Thus a 40-bit
length cipher offers a bare minimum protection for your confidentiality and
privacy. Fortunately the “work factor” increases exponentially as we increase
the key length. For example, an increase of one bit in length doubles the key
space, so 241 represents key space of 2,199,023,255,552 possible combinations.
A 2112 bit (128-bit) TDES cipher offers extremely strong security
(5,192,296,858,534,827,628,530,496,329,220,096 possible combinations) that
should resist known attacks for the next 15 to 20 years, considering the
advance of semiconductor design and manufacturing.
Q: Is Saturn Cipher-64 (DES 64-bit strength)
not secure basing on the above analysis?
A: Not true. Above explained key finding process is specifically relating to
decrypting software-based encryption. The innovative Saturn Cipher hardware
based encryption solution increases the difficulties tremendously as every
wrong guess of the Cryptographic Key requires a hardware reset (power off the
hard drive or re-attach the hard drive). To break the Saturn Cipher encrypted
hard drive, one must process at least 500 billion times (50% of the available
key space) of hard drive power reset or re-attachment. As such, Saturn Cipher
even with its DES 64-bit strength will be strong enough against massive
computer attacks.
Q: How would I make sure the security offered
by Saturn Cipher is solid?
A: The Saturn Cipher hardware DES/TDES cryptographic engine has been certified
by the NIST (National Institute of Standards and Technology) and CSE (The
Communications Security Establishment), for which the certificates can be
reviewed on NIST web links: http://csrc.nist.gov/cryptval/des/desval.html &
http://csrc.nist.gov/cryptval/des/tripledesval.html. These hardware algorithms
are certified to provide reliable security; together with innovative Saturn
Cipher hardware design, it is practically impossible to access the encrypted
data by guessing or deriving the right DES/TDES Key.
Q: Why do I need to use the Secure Key token?
A: The Secure Key token contains the DES/TDES “Cryptographic Key” that is used
by Saturn Cipher to encrypt or decrypt data. Without the key, the protected
disk drive cannot be detected and there is no access possible. Together the
Secure Key token and Saturn Cipher Cryptographic Engine comprise an effective
user authentication for access control and encryption for data protection. The
Secure Key token serves as user authentication for access control while Saturn
Cipher Cryptographic Engine encrypts and decrypts.
