Self-encrypting hard disks with integrated deletion feature
Source: Toshiba Toshiba has extended its range of 2.5-inch drives with hardware data encryption – also called Self-Encrypting Drives ("SEDs") – to include models with an automatic deletion feature ("wipe"). Developed to comply with the Trusted Computing Group's (TCG) Opal specification, Toshiba's series MKxx61GSYD drives encrypt all written data via AES-256 without causing performance loss. They can be associated with the hardware of a specific computer via a Trusted Platform Module (TPM). If an unauthorised person attempts to access the drive, the integrated firmware will automatically delete the cryptographic key.
The mechanism can be set to be triggered by various different events: by a control command, by the supply voltage having been switched off, or by the drive being connected to an "unknown host" or different computer. Unavailable in other self-encrypting drives, this new feature is designed to provide extra protection for sensitive data if, rather than stealing a whole computer such as a notebook, an attacker only steals the drive – for instance from a printer or photocopier, where hard disks are used for buffer storage.
The drives operate at 7,200 rpm via a Serial ATA II interface (3 GBits/s), and offer 16 MB of cache; Toshiba plans to deliver them in several variants, with storage capacities from 160 to 640 GB. Accessing the hard disk controller's integrated encryption features requires additional software.
- Toshiba Announces Next Generation Security Feature to Improve Data Security For Self-Encrypting Hard Drives, press release from Toshiba.