SecureDNA™

Hainan Island Incident

*US EP-3 Emergency Landing on Chinese Soil Considered to be “worst security disaster” in years (up to that point)*

Secure Erase

The concerns are how to:
- Store the data securely (ie: encrypt the data)
- Easily remove 100% of the data and artifacts when under duress (ie: secure erase)

Commonly available tools for “secure erase”
The Only NSA Approved Erasure Method: Obliteration

Any other “erasure”—including Secure Erase—is considered a compromise

Clearly, compromises are made in the interest of security: GMS SecureDNA™ is an answer

NSA approved erasure methods:
SecureDNA™: A Set of Security Features

All GMS products have many differentiators relative to the competition
(shown below: removable drives, multi-Ethernet with switches, compute engine evolution)

NEW: Starting in 2017, we began quietly adding security features

Graphic depicts GMS differentiators.

SecureDNA™ consists of:

1.Zeroize/Sanitize – A form of Secure Erase
- All mass storage (drives...HDD and SSD)
- Future: erase intelligent peripheral controllers (Ethernet switch routing tables, etc)
2.BIOS erase

3.External status lines including remote zeroize

4.Mechanical anti-tamper switches

5.Write Protect

6.Encrypted drives

7.On-the-fly encryption

8.Authentication via TPM 2.0
Seeing Red for Security
Zeroize / Secure Erase
- Enhanced feature on most new GMS products
  - Implementation phase 1: boot drive, other HDDs/SSDs
  - Implementation phase 2: GMS will extend to all NV flash in the system
    
    Examples: Ethernet switch configuration, local look-up table/NVROM
- External and/or internal (with BMC or CPU-init) trigger that “wipes out” non-volatile storage
  - Uses two-factor intention
- Think of this as PANIC button
- Initiates SATA “Secure Erase” protocol (or Enhanced SE)
  - Exact function varies by drive manufacturer
  - Time involved to erase varies by drive size and manufacturer
  - Uses hardware algorithm on FIPS and Opal SSDs
- GMS exploring additional options to provide more assurance of complete erasure
External and internal triggers
Zeroize / Sanitize / "Panic"

Initiated by
- Button push
  - SmartView™ displays
  - Small form factor systems like S402-SW
- External event
  - Signal input to GMS system
    
    S2002-MD includes this feature
- “Tamper” event
  - Chassis is opened
Two-factor initiation
- - Customers pushing button were surprised at “bricked” system
  - Spring-loaded door>>>button press
    
    These two actions start Zeroize
  - On S402-xx
    
    One push = nothing
    
    Two pushes = Zero SSDs
    
    Three pushes = Zero SSDs + Zero BIOS
    
    Zeroize
    
    Two-factor initiation
BIOS Erasure and Other SecureDNA™ Details

When activated, zeroize can’t be stopped
- Power cycle has no effect: will commence upon power restore
Drives either execute:
- SATA Secure Erase or Enhanced Secure Erase protocol
- Built-in erasure algorithm requires special-order drive
  - NSA 9-12 and NSA 130-2
  - DoD 5220.22-M; DoD 5220.22-M Sup.1
  - Army AR 380-19
  - Navy NAVSO P-5239-26
- Hardware secure erase (optional)
- Dedicated logic line directly to drive
- No software to corrupt or get hacked
- BIOS erases itself
  - GMS has created a mechanism for the system’s core firmware to literally erase itself while operating
  - Industry-unique (as far as we know)
  Function pins

Secure Erase Standards and Comparison

Standard	Action
NSA 9-12	Erase and overwrite all locations with a known unclassified pattern. Verify the overwrite procedure by randomly rereading the overwritten information to confirm that only the known pattern can be recovered.
NSA 130-2	Erase the media and overwrite with random data two times, then erase and overwrite with a character.
DOD 5220.22-M	Erase the media and overwrite with a single character, then erase again.
DOD 5220.22-M Sup1	Erase the media and overwrite with a single character, then erase again and overwrite with a single character, then erase again overwrite with a random character, then erase again.
Army AR 380-19	Erase the media and overwrite with random data, erase and overwrite with a character, then erase and overwrite with the complement of the character.
Navy NAVSO P-5239-26	Erase the media and overwrite with random data, then erase again.
Air Force AFSSI 5020 and AFSSI 8580	Erase the media and overwrite with a pattern, then repeat three times.
IRIG 106-07	Erase the media, overwrite with 0x55, erase, overwrite with 0xAA, and then erase again. Then fill the drive with a repeating string of secure erase.

Standard	Duration
NSA 9-12	11.1 min
DOD 5220.22-M Sup1	11.4 min
Army AR 380-19	33.5 min
Navy NAVSO P-5239-26	49.5 min
Air Force AFSSI 5020 and AFSSI 8580	11.1 min

Times shown are for a 2.5-inch SSD, 512 GB, SATA II, SLC

More About SecureDNA™

Anti-tamper switches
- See S2002-MD at right
Write Protect
- Signal line protects data
Encrypted drives
- SEDs (standard AES-256)
  - Opal is a set of standards (Trusted Computing Group)
- FIPS-197
- FIPS-140-2
Erasure algorithms
- NSA, Army, Air Force, Navy, NATO, EU
On-the-fly encryption
- S1U401-SHS
Authentication via TPM 2.0
- Trusted Computing Group
- Used for Windows BitLocker
- Root of trust for crypto key
Anti-tamper switch
SSDs and Security: Technology and Market Tracking

GMS closely monitors the state-of-the-art

GMS White Paper (2018)

SSD Market Matrix: sorted to show industrial M.2 NVMe SSDs

Our Mission

Additional Links

Contact Us