Validated Product - HDD SecureD v1.6Certificate Date: 18 October 2006 Validation Report Number: CCEVS-VR-06-0047 Product Type: Sensitive Data Protection Conformance Claim: EAL4 Augmented with AVA_VLA.3 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTIONThe SecureD® data storage encryption device (SecureD) is a hardware encryption device, which is fully compatible with the Advanced Technology Attachment (ATA) / ATA Packet Interface (ATAPI)-6 (Integrated Drive Electronics (IDE)) interface, that resides in the data path between an IDE controller and one or two IDE devices(including ATAPI CD_ROM devices). Because SecureD resides “on the wire” between the IDE controller and the storage media, it operates both physically and logically at a level below visibility to operating systems and application programs. SecureD applies Advanced Encryption Standard (AES) encryption at the sector level to protect data at rest from intentional or inadvertent disclosure. It loads its cryptographic keys from an external Key Token - typically a smart card - through an encrypted external interface, logically and physically separate from the data path. SecureD supports multiple key lengths (128, 192, and 256 bits) and up to 32 different keys per Key Token. Each key can be allocated any non-overlapping sector range on the storage medium. If the operating system or an application requests a storage address that the IDE controller maps to an unallocated sector, SecureD returns an I/O error to provide information hiding about the inaccessible sectors. SecureD incorporates hardware functions for zeroizing the data encryption keys. The evaluated configuration of SecureD consists of a Field Programmable Gate Array (FPGA) chip, an FPGA configuration device (a Xilinx Programmable Read-Only Memory (PROM) (Xilinx part no. XCF32) designed to match the FPGA), and a flash memory chip, all of which are mounted to a small, underlying printed circuit board (PCB); the entire PCB and the components mounted to it are encapsulated in a hard, opaque, tamper-evident coating, leaving only the interface pins accessible. A family of SecureD products incorporates the SecureD TOE. The SecureD TOE may be mounted in a suitable carrier, such as a 5-1/4” drive bay adapter, to make it easier to use. Such an adapter is a passive, mechanical extension of the device and the interface pins. It does not affect the physical boundary of the TOE and does not provide any security functionality. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the SecureD TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and International Interpretations effective on 22 March 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 Augmented AVA_VLA.3. The product, when configured as specified in the configuration, satisfies all of the security functional requirements stated in the SecureD version 1.6 Security Target. A validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in October 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for SecureD, prepared by CCEVS. ENVIRONMENTAL STRENGTHSSecureD is a hardware encryption device and, as such, its core security function is to provide encryption for data passing through it. The SecureD device has two ATA interfaces for user data, conventionally labeled “ATA IN” (host side) and “ATA OUT” (storage device side). SecureD encrypts data passing from ATA IN to ATA OUT and decrypts data passing from ATA OUT to ATA IN. SecureD performs this encryption using the Advanced Encryption Standard (AES), with selectable key lengths of 128, 192, and 256 bits. The AES implementation has been validated against the Advanced Encryption Standard Algorithm Validation Suite (Certificate # 174; http://csrc.nist.gov/cryptval/aes/aesval.html). SecureD is OS and software independent. The device functions independently of any software that may be installed on the host system, supports two roles: crypto officer and user enabling “two-man” control of the encryption, enforces the timeout The TOE supports the CD-ROMs in read-only mode. Vendor Information
High Density Devices, AS Aage Kalsaeg, Chief Marketing Officer 850-469-0086 aage@hdd.no 31 W. Garden St. Suite 100 Pensacola, FL 32502 |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:443/assets/images/icon_pdf.gif){kind=icon}