Protecting sensitive information, whether personal or third-party, is one of IT’s ongoing challenges. There are two fronts for this, on the one hand the creation of new algorithms for encryption and decryption of data and on the other hand the implementation of the necessary hardware for greater efficiency in data security.
What are SED units?
Abbreviations BUT they are from Self-encrypting disk, in Spanish “Drive” with self-encryption, refer to hard drives and SSDs which contain inside hardware for encryption and decryption of the data they store. Who follow the data encryption standards from the Trusted Computer Group such as AES, Opal 2.0 and Enterprise encryption. About which we will not go into its operation in this article.
SED storage units are generally not seen, in theory, in the home market. For what its adoption occurs more in environments where data protection is critical. Especially for military and government uses. However, this does not mean that there are no SED storage units in the domestic market and that many SSDs and hard drives that you can find in the market are SED storage units.
SED units are integrated hardware encryption and decryption systems that are completely transparent to the rest of the PC, For what they don’t require CPU work for data encryption and decryption and not complex systems built into the operating system and applications, the security of which could easily be breached.
How do SED units work?
It should be noted that an SED drive is no different from a hard drive or even a conventional SSD. They don’t use seemingly different hardware and you can connect them to your PC like conventional storage drives, so do not require special interfaces. However, it is inside and therefore in the internal circuits that the hardware in charge of the encryption and decryption of the data is located.
Each of the SEDs contains what we call a cryptoprocessor, it is nothing more than a processor that operates independently from the rest of the system. In the sense that the memory it is working on is inside the same processor. This is done to prevent access to data through a data analyzer.
When the CPU, GPU or other processor needs to store data from RAM or VRAM to the storage unit due to lack of space or RAM usage, andThe SED cryptoprocessor encrypts data using two elements. The first of these is what is called a Data encryption key or DEK. Which is a different key for each unit for sale and installed in the cryptoprocessor.
Say key it is used as a variable to generate the encrypted code via a complex mathematical formula, which converts the binary code that stores the data into a binary code that the CPU cannot understand if there is no decryption step, which is also performed by the cryptoprocessor of the SED unit completely opaque to the rest of the system.
Data speed matters
Any memory must not only have the capacity to hold the data, but also the speed sufficient to transfer it at the proper speed and that does not mean a bottleneck in performance. The storage system in the PC is based on a hierarchy where each new level has more storage capacity than the previous one, but is slower in access time and transfer speed. Thus, the data is copied from the most distant levels to the closest.
With the arrival of NVMe SSDs based on high-speed PCI Express interfaces, we have gone from a few tens or even hundreds of megabytes per second of transfer speed to several gigabytes per second already with the third and fourth generation of the PCI Express standard. This means that the work of encryption and decryption needs to be done an order of magnitude faster. Something that forces the development of cryptoprocessors for SED units much more powerful than what can currently be found on the market.
remember that the purpose of SEDs is to prevent access to encrypted data on the disk. An encryption or decryption system requires two memory areas, one for data at the source and one for data at the destination. If a processor takes care of it, this information will be exposed in RAM. Therefore, one cannot rely on the power of the CPU to encrypt and decrypt the data, and that would defeat the definition of what an SED is.
How do I know I have an SED reader on my PC?
Marketing departments of various hard drive manufacturers do not consider talking about secure data encryption as a feature that sells drives to users, who prefer to hear about storage capacity and transfer speed.
However, and as we have already said, SED drives exist in the PC and SSD hard drive market Yes just take a look at the specs and features of an SSD or hard drive to know if we are facing an SED unit.
If you have a business and you work with very sensitive data, either from third parties or from yourself we recommend using SED units. The reason is very simple, today there is an information economy where your data and that of your customers are sensitive information with which to exchange. Every day, thousands of businesses experience security attacks against the data stored in their computer systems.
Table of Contents