The Silicon Data Vault High Assurance (SDV-HA) is a portable self-encrypting solid state storage and processing device housed in a compact rugged enclosure. It attaches to a computer by USB or eSATAp. Hardware implemented, the SDV-HA utilizes NSA Suite B cryptographic algorithms, a distributed key management system and two-factor pre-boot and post-boot authentication (passphrase and USB token) to provide exceptionally strong data protection. The SDV-HA also incorporates highly innovative anti-tamper detection and response mechanisms developed to negate the risk of attempts to subvert the operation of the device. The SDV-HA can detect both physical removal and electrical disconnection of the enclosure as well as internal access and tampering of components. It also monitors environmental and operational conditions with a tamper event triggered if a condition contravenes predefined values. When a tamper event is triggered, the SDV-HA will cause the encryption keys to be destroyed rendering the device inoperable.
The SDV-HA has undergone and passed an extensive and rigorous Australian Signals Directorate (ASD) High Assurance evaluation. This evaluation is a verification and validation program designed to ensure that security in cryptography, anti-tamper and operation adhere to the strictest of conditions. The subsequent High Assurance certification enables Australian government agencies to rely on the strength and quality of the security they use to protect official classified information and systems. The SDV-HA is certified by ASD to secure highly classified data up to and including TOP SECRET yet enable handling as UNCLASSIFIED with Dissemination Limiting Marking For Official Use Only when powered down. SECRET data can be handled as UNCLASSIFIED without the need for a DLM.
SDV Hardware Encryption
NSA Suite B algorithms
Sector level on the fly encryption
Two-factor pre-boot and post-boot authentication
Active tamper detection and response
Distributed key management
Separate administrator and user roles
Customisable operating environment
Customisable operating mode
Large capacity solid state storage (up to 960GB)
Cost Effective: The overall costs incurred for on-going data storage and handling of highly classified information may well be significant and somewhat hidden. TOP SECRET data when stored on the SDV-HA can be handled as UNCLASSIFIED For Official Use Only, thus removing the need for traditional highly secure courier and transport methods and their associated costs and procedural inefficiencies. Cost savings can also be achieved as data classified SECRET or below can be stored and physically transferred as UNCLASSIFIED.
Confidentiality: Lost or misplaced documents or un-encrypted storage products containing highly classified data can put lives and dollars at extreme risk. Highly classified data is afforded total protection when using the SDV-HA. A lost, stolen or captured device thus becomes a hardware replacement administration issue and not a data content confidentiality problem.
The SDV-HA provides a high level of operational versatility through both its dual modes of connectivity and dual modes of authentication. The SDV-HA's two modes of authentication are known as pre-boot (authentication at host PC startup) and post-boot (authentication from within the Windows OS); both authentication modes are available when the SDV-HA is connected to the host PC via the eSATAp port or via the USB port.
Bootable storage device with an OS installed on the SDV-HA itself, using pre-boot authentication: In this mode, the SDV-HA can be used in two ways:
Using eSATAp connectivity with a standard OS on a specific PC.
Using USB connectivity with a portable OS that can be booted from a variety of PCs (as and when required) to provide a truly portable processing environment. Note, when using the SDV-HA with USB connectivity in this mode, the installed OS must support booting from a USB device (e.g. Windows To Go versions).
In this mode, if the SDV-HA is used with a laptop with its internal storage removed, then the laptop and SDV-HA provides a classified processing environment that becomes UNCLASSIFIED when powered down (Note, please refer to ASD ISM publications to ensure compliance in such use cases).
Data storage device accessed via a PC running a Windows OS, using post-boot authentication: This can be as primary storage or as a data backup facility of highly classified data for one or multiple PCs processing highly classified data.
Data transportation device where the SDV-HA is used to store data that can be accessed from different PCs running a Windows OS, using post-boot authentication: The stored data can be transported between locations with ultimate security and ease of handling.
The SDV-HA is also sold and marketed by L3 TRL Technology in the United Kindom as the CATAPAN-SDV. More information on the CATAPAN-SDV can be found on the product page.
Australian Government Australian Signals Directorate (ASD) High Assurance Evaluation.
National Cyber Security Centre (NCSC, previously Communications-Electronic Security Group - CESG) High Grade Evaluation.