Seagate ships world’s most secure hard drive

March 8, 2008 – 6:45 PM

Two years after first being announced by Seagate, the world?s most secure hard drive is finally to go on sale in a laptop from system vendor ASI.

The groundbreaking 2.5 inch Momentus 5400 FDE.2 (full disk encryption) has had a long and winding gestation, but is now set to be put on sale at the end of March in a real laptop, ASI?s C8015+, costing $2,150 (?1,100).

As well as on-the-fly encryption integrated into the drive itself using chip acceleration, the laptop also features a trusted platform module (TPM), and fingerprint reader, security add-ons that have added roughly 20 percent to the cost of what is otherwise a mainstream Intel Core 2 Duo laptop.

The drive to ship in the ASI machine will be the 80GB version, but 100Gb, 120Gb and 160Gb versions are also waiting in the wings, all based on a 3Gb/sec SATA interface and spinning at 5400 RPM.

The main cleverness of the Momentus FDE.2 lies in the way the drive reads and writes have been tightly entwined with 128-bit AES-based encryption right down to DriveTrust firmware level. The user has the power to set a password to access the drive during system boot, but is otherwise unaware that all data at rest is being encrypted and unencrypted transparently. Data is never in clear text except when it is being used by an application.

Putting encryption into a hard drive is no mere security window-dressing. According to Seagate, any US company that loses a laptop using the Seagate drive in conjunction with the launch security management system from Wave Systems, will not have to give public notification of the loss, even if the data is of a highly confidential nature. This alone guarantees that the technology will find a market given the increasingly costly and embarrassing repercussions of laptop thefts.

Seagate claims the performance hit for what is usually a CPU-intensive process is only a couple of percent thanks to onboard processing, and that the user would not be aware of any read or write drag.

The Wave Systems management software ? used standalone or in conjunction with a management server ? can access other admin-pleasing features that have been included in the design. If a user forgets his or her password, a master password can be applied to give access to the drive as a last resort. It also comes with pre-boot authentication, which restricts access to the drive during boot-up, fully hashed passwords, and a crypto-erase feature which wipes the drive for re-use or disposal.

The drives themselves can be managed in a structured way by setting security policies, adding and deleting user accounts, enabling remote management, and carrying out conformance checking and logging.

?It is longer than five years that we?ve known that security in storage was going to be necessary,? said Seagate?s notebook marketing manager, Joni Clark. ?This product has been in development for two years and the technology for five years or more,? she said.

The company has drip-released details of the drive over a long period, presumably to prepare the market for what is a radical concept that looks certain to make its way into all drives sooner or later. But Seagate trod carefully in its roll-out, concerned that full disk encryption might be seen as overkill. The company even developed a version 1 FDE drive last year as a concept product to prove the technology could be made to work without introducing expensive and unwieldy management hassle.

http://www.techworld.com/security/news/index.cfm?newsid=8227