Hardware vs Software Encryption
We have outlined the reasons for allowing information workers to use encrypted USB storage in some recent posts. In this post, we will describe why the hardware encryption that is available on all of the ClearCrypt storage devices is better than software encryption layered upon standard USB storage devices.
What Is Data Encryption?
Encryption scrambles the way data is stored on computers so that unauthorised access to the information means it can’t be understood. Most systems that encrypt data to protect it use the Advanced Encryption Standard (AES) that was adopted by the US-based NIST standards body in 2001.
AES uses a unique key to scramble the data order, and substitutes bytes, in blocks of data in files that are being encrypted. The AES encryption protocol can use keys of various sizes, but the larger the key used the better. Most commercial AES systems that you should consider should use a 256-bit key. Hence the term AES-256 encryption. AES-256 also has more rounds of encryption than systems with smaller keys. These extra rounds of encryption make it harder to decrypt the data by brute force if a cybercriminal steals the data but doesn’t have the key.
AES is a symmetric key encryption algorithm. This means that the same key is used to both encrypt and decrypt data. This makes sense for scenarios such as data storage devices as writing and reading the data will be reformed by the same authorised users. It does mean that the key needs to be protected, and using hardware-based encryption is the best way to do this.
Hardware Encryption Beats Software Encryption
As outlined, the AES-256 encryption process relies on a secret key. This key needs to be randomly generated and unique so that the encryption is secure and can’t be easily reverse-engineered or broken by brute force decryption attacks. Software key generation that is done by encryption software that runs on a PC often generates pseudo-random keys. For most purposes they are secure, but a determined attacker who knows the software and the encryption algorithm in use could potentially get access to the data.
Hardware encryption uses keys generated from a physical attribute of the storage device. As a result, the key in use is unique to that device and knowledge of it is not transferable to other hardware encrypted storage devices. ClearCrypt hardware encryption takes this to the next level. Every device in our range has a keypad to enter a random passcode before the device can be used. This code is used with the hardware of the device to seed the key generator that creates the AES-256 key used to encrypt the data. This AES-key can only encrypt and decrypt the data on the storage device that generated it. Moreover, the passcode needs to be entered when the device is being mounted for use. This means that even if the data is copied from the ClearCrypt storage device, it can’t be decrypted later by attackers.
In addition to the added security of our hardware-based AES-256 encryption, there are also performance and latency benefits. Accessing the encrypted data on a ClearCrypt device is faster as the decryption happens in hardware on the device and not within the computer using CPU or GPU cycles.
You need to Encrypt - Use Hardware Encryption
As outlined in previous posts, data will travel on portable storage devices. It is best to accept this and allow the use of encrypted storage. Once this is accepted, then it’s vital to ensure the best security possible. Hardware encryption provides the best protection. And the ClearCrypt solutions provide the best hardware encryption.
