The Silicon Data Vault High Assurance (SDV-HA) is a portable self-encrypting solid state storage and processing device housed in a compact rugged enclosure. The SDV-HA attaches to a computer by a USB Type-C connection. Hardware implemented, the SDV-HA utilizes CNSA Suite (formerly NSA Suite B) cryptographic algorithms, a distributed key management system and two-factor pre-boot and post-boot authentication (passphrase and USB token) to provide exceptionally strong data protection. The SDV-HA also incorporates highly innovative anti-tamper detection and response mechanisms developed to negate the risk of attempts to subvert the operation of the device. The SDV-HA can detect both physical removal and electrical disconnection of the enclosure as well as internal access and tampering of components, while also monitoring environmental and operational conditions with a tamper event triggered if a condition contravenes predefined values. When a tamper event is triggered, the SDV-HA will cause the encryption keys to be destroyed rendering the device inoperable.

The SDV-HA has undergone and passed an extensive and rigorous Australian Signals Directorate (ASD) High Assurance evaluation. This evaluation is a verification and validation program designed to ensure that security in cryptography, anti-tamper and operation adhere to the strictest of conditions. The subsequent High Assurance certification enables Australian government agencies to rely on the strength and quality of the security they use to protect official classified information and systems. The SDV-HA is certified by ASD to secure highly classified data up to and including TOP SECRET yet enable handling as PROTECTED when powered down. SECRET data can also be handled as PROTECTED when powered down.

BlockDiagram

System Security:

  • SDV Hardware Encryption
  • CNSA Suite (formerly NSA Suite B) algorithms
  • AES 256 
  • ECC 384 
  • Sector level on the fly encryption
  • Two-factor pre-boot and post-boot authentication
  • Active tamper detection and response
  • Distributed key management
  • Separate administrator and user roles
  • Secure erase

Features:

  • Customisable operating environment 
  • Customisable operating mode
  • Multiple partitions
  • Audit log
  • Large capacity solid state storage (up to 960GB)

Value Proposition:

Cost Effective: The overall costs incurred for on-going data storage and handling of highly classified information may well be significant and somewhat hidden. TOP SECRET (or SECRET) data when stored on the SDV-HA can be handled as PROTECTED, thus removing the need for traditional highly secure courier and transport methods and their associated costs and procedural inefficiencies.

Confidentiality: Lost or misplaced documents or un-encrypted storage products containing highly classified data can put lives and dollars at extreme risk. Highly classified data is afforded total protection when using the  SDV-HA. A lost, stolen or captured device thus becomes a hardware replacement administration issue and not a data content confidentiality problem.

DataAtRest Small

User Examples:

The SDV-HA provides a high level of operational versatility through both its dual modes of connectivity and dual modes of authentication. The SDV-HA's two modes of authentication are known as pre-boot (authentication at host PC startup) and post-boot (authentication from within the Windows OS); both authentication modes are available when the SDV-HA is connected to the host PC via the USB port.
Bootable storage device with an OS installed on the SDV-HA itself, using pre-boot authentication: In this mode, the SDV-HA can be used as follows:
  • Using USB connectivity with a portable OS that can be booted from a variety of PCs (as and when required) to provide a truly portable processing environment. Note, when using the SDV-HA with USB connectivity in this mode, the installed OS must support booting from a USB device (e.g. Windows To Go versions, Windows 10/11).
In this mode, if the SDV-HA is used with a laptop with its internal storage removed, then the laptop and SDV-HA provides a classified processing environment that becomes PROTECTED when powered down (Note, please refer to ASD ISM publications to ensure compliance in such use cases).
Data storage device accessed via a PC running a Windows OS, using post-boot authentication: This can be as primary storage or as a data backup facility of highly classified data for one or multiple PCs processing highly classified data.
Data transportation device where the SDV-HA is used to store data that can be accessed from different PCs running a Windows OS, using post-boot authentication: The stored data can be transported between locations with ultimate security and ease of handling.

SDV-HA Documentation:

Certification Details:

Australian Government ASD High Assurance Evaluation.

For more information on certification, see Certifications.