Data Encryption (AES / TCG Opal)

Data Encryption (AES / TCG Opal)

Data Encryption (AES / TCG Opal)

Currently, the most common approach to data encryption is AES encryption technology. AES is an abbreviation for Advanced Encryption Standard (a high-level encryption standard) and is carried out via hardware. As a result, it can be activated at any time without affecting the transmission performance of an SSD. AES usually has two encryption lengths, 128-bit and 256-bit. Both require a key (i.e. password) to conduct encryption and decryption. As shown in the illustration below, the Host writes the data, encrypts data via the AES Encryption Engine built into the SSD controller, and finally writes the encrypted data into flash memory. As long as there is no encryption key, outsiders cannot decrypt and obtain the data. Some common cryptographic protocols, including TCG Opal 2.0, Microsoft eDrive, IEEE-1667, and the National Secret Algorithm, all use AES technology.


What is TCG Opal ?

TCG (Trusted Computing Group) is an organization specializing in the development of industry standards and consisting of various individual WG (Working Groups); SSD TCG Opal belongs to the Storage Working Group and is mainly responsible for the research and development, definition of standards, boosting their expansion, and jointly developing industry standards of non-profit international organizations with each member in collaboration.

Opal has developed specifications with a comprehensive framework, including manufacturers of storage device, software suppliers, system integrators, and academic institutions. The specifications cover storage device production, system installation, management, and user's instructions, and they can encrypt data before saving and managing by categories to avoid data theft or tampering so as to assure data security.


Advantages of using TCG Opal

A storage device that complies with the TCG Opal Standard can automatically perform encryption inside the device instead of being handled by the Host; that means it doesn't take up system resources of the host, or need additional encryption that is carried out by the Host; the entire encryption process is completed inside the SSD. Because the encryption process is handled directly by the hardware; therefore, in terms of efficiency, security, and management, it has better advantages than an encryption software system.


Main Features of TCG Opal

Shadow MBR Authentication Procedure for Booting: Users will need to carry out authentication through inputting the private key before booting. The booting process is not actually executed until it is correctly verified and linked to the device.

Self-Encrypting Device (SED): Both data encryption and decryption are performed automatically inside the device, and it does not need to be handled by the Host, such as AES 256-bit hardware encryption technology.


Blocks and Specific Permissions Settings: Device managers can set different permissions for different LBA ranges. Whoever has a corresponding private key can enter the partition to perform a job within the permissions.



Contact Us