The Critical Nature of Certification for AES256 Encrypted SSD


You’ve decided you need advanced encryption for your application or project, but how do you know you are selecting the right SSD?

The encryption certification excerpt below from our 240SE Series CryptoSSD Product White Paper details how products should be certified to guarantee you have a secure product.

Encryption Certification:

When it comes to the security of the encryption engine, the questions that one has to ask are:

How do I know the encryption engine is designed correctly per AES specifications?

How do I know that there are no bugs/loopholes in the encryption engine that hackers can exploit?

To address these issues, a certification process by independent 3rd party is necessary. In the U.S., NIST manages certification programs known as CAVP (Cryptographic Algorithm Validation Program) and CMVP (Cryptographic Module Validation Program).

CAVP validates cryptographic algorithms, such as AES, that are recommended by NIST and meets Federal Information Processing Standard (FIPS). For AES encryption, the relevant standard is FIPS-197.

CMVP validates any cryptographic module that is designed to meet the requirements of FIPS 140-2 standard. FIPS 140-2 is a mandatory standard for the protection of sensitive data within U.S. Federal systems.

Certified Independent Test Labs:

Test Lab

The validation is performed by certified, independent test labs. The CAMP validation process ensures that the encryption algorithm is properly designed and meets the AES specifications.

The CMVP validation verifies that the hardware implementation faithfully reproduces what the algorithm requires and that there are no bugs/loopholes/backdoor, etc. that can be exploited.

Once an algorithm or module has passed the validation, a certificate will be issued to the vendor and the algorithm or module will be added to a validated list maintained by NIST.

Most of the SEDs available on the market today are not FIPS-197 or FIPS-140-2 certified, thus, one cannot be certain that these products have implemented the AES algorithm correctly or that there are no loopholes or backdoors in their designs.

In contrast, both the AES algorithm and the hardware implementation of the AES engine used in Cactus Technologies CryptoSSD products have been validated by NIST.

Cactus Technologies uses X-WALL-MX+ encryption chip from eNOVA Technology Corp. in our CryptoSSD products. Their FIPS-140-2 certificate numbers are 3013, 3014 and FIPS-197 certificate number is 4013.

Final Thoughts:

Final Thoughts

Cactus Technologies designs and manufacturers highly secure FIPS 140-2 Validated, AES256 Encrypted SSD in our CryptoSSD line of products. These products use a Crypto Module which is both FIPS 140-2 and FIPS-197 Certified.

Our 2.5” SATA CryptoSSD have Extended (-40C to 85C) Operating Temperature versions, while the External USB CryptoSSD is rated for 0C to 70C.

If you need assistance with an OEM design or needing special features, please contact us.

Steve Larrivee has over 30 year's experience in the data storage market, including 5 years at Seagate Technology and 10 years at SanDisk. He joined Cactus Technologies Limited as an equity partner and Co-Founded Cactus USA in 2007 with partner Tom Aguillon. Learn more about Steve on LinkedIn.