In this article (recently published in edited form on Spiceworks), Phison CTO Sebastien Jean focuses on the innovative built-in security features of self-defending SSDs, how they work and why you should choose them
In this article (recently published in edited form on Spiceworks), Phison CTO Sebastien Jean focuses on the innovative built-in security features of self-defending SSDs, how they work and why you should choose them.
The solid-state drive (SSD) is more vulnerable than one might imagine. While most SSDs are relatively well-defended by layers of OS security, if an attacker can penetrate defense-in-depth countermeasures, they can often access the data stored on the drive. This may occur in a ransomware attack or the theft of a device, including by an insider. However, a new generation of self-defending SSDs adds to data loss mitigation capabilities on flash storage devices.
Risks to data on SSDs
To reach the data on an SSD, an attacker must either break through the OS security over the network or gain physical access to its host device. This may not be as hard as it sounds. SSDs are often carried on portable devices like laptops, but even office environments are not always safe. Once the host security is bypassed, SSDs contain few, if any, protections of their own. Passwords, endpoint protection, firewalls and intrusion detection systems, among many other security tools, are designed to keep malicious users out. However, as everyone knows, these defenses frequently fail.
Laptops can also be stolen, making their SSDs vulnerable to all manner of unauthorized access. Laptop thieves can try to get access to the SSD through the standard user interface. Or, they may remove the SSD from the machine and attempt to break into it, either logically, physically or both. In some cases, data thieves remove the memory chips in order to access the data stored on the drive.
What if the SSD could defend itself?
Phison, working in partnership with Cigent Technology, the leader in embedded cybersecurity technology, is now offering the industry’s first and only self-defending storage devices with cybersecurity built into the firmware itself. The result is a line of Trusted Computing Group (TCG)-enabled self-encrypting drives that are designed to pass FIPS 140-3 Level 2 certification. Each drive carries its own onboard countermeasures. Even if left undefended by external layers of security, the SSD can take action to protect its data.
The drives were originally developed for U.S. government and military use. They are suitable for enterprise use cases where organizations need to protect high-value data. Pharmaceutical companies, for example, may benefit from a self-defending SSD to protect valuable intellectual property (IP) on a laptop.
Detecting attacks
The Cigent® self-defending SSD has the ability to detect if it is being attacked in several ways:
-
-
- Spotting suspicious access patterns—The firmware on the self-defending SSD “knows” what normal read/write processes look like. It can also spot abnormal attempts to access its data. For instance, if logical block addressing (LBA) processes are repetitively reading data and immediately writing it back to the drive, that might suggest the presence of malware. The self-defending SSD will respond and protect itself when it sees such an anomaly.
- Recognizing when the drive has been disconnected—Sophisticated thieves may attempt to remove the drive from its host device. The self-defending SSD can recognize when this is happening. The drive uses supercapacitors to power its own monitoring, even if the device has been disconnected from power. If the drive’s “heartbeat” signal is not detected, the drive will take defense measures. The drive is very hard to tamper with as a result.
- Sensing when the device is being moved—The self-defending SSD has an on-board accelerometer so it can sense when it is being jiggled or moved without authorization. If you go out to lunch or leave your hotel room, you probably don’t expect your laptop to move. If it does move, it’s probably not a good sign. The SSD detects the movement and locks itself down.
-
Defense by way of a storage-compute architecture
This architecture makes the SSD’s attack surface smaller. The self-defending SSD has a dedicated security CPU to manage the advanced protection. This compute-storage combination enables it to run its pattern recognition program and other defensive sensing capabilities. The firmware integration places the SSD’s defense mechanisms below the host’s software, operating system (OS) and BIOS firmware.
This way, the SSD can process threat data right on its own, without interacting with any other element on the device or network. The SSD does integrate into the Cigent D3E architecture, enabling additional capabilities and policy-based management.
When the SSD detects an attack, it can take a number of actions, including:
-
-
- Alerting the support app
- Locking the drive, making it impossible to unlock without cryptographic authentication keys
- Erasing the drive
-
Conclusion
Data on SSDs is at risk. If OS based countermeasures fail, the drive itself is often quite vulnerable to logical and physical threats. This may prove to be an unacceptable vulnerability in a sensitive enterprise or government setting. Now, self-defending SSDs add a much-needed protection for valuable data like state secrets or intellectual property. Self-defending SSDs carry a variety of attack detection and response mechanisms on their own firmware—made possible by unusually robust storage-compute functionality. Taken together, these capabilities represent a new and uniquely powerful approach to protecting data on flash storage devices.