Privacy and information security concerns have fueled the increased usage in recent years of data encryption. Much of the focus of this activity – and most of the forms in which the related technology has been distributed and implemented – has been on desktop software, mobile applications, and network/system processes.
But hardware-based encryption methods and technologies do exist – and consumer-level goods shipping in the form of encrypted hardware are becoming increasingly available.
In this article, we’ll be considering the principles and mechanisms that make encrypted hardware possible, and how the emerging market for these commodities is faring, in comparison with more traditional software-based products.
Encryption is the process whereby one form of information or content is scrambled into an unrecognizable state, according to the rules of a mathematical formula or algorithm. For data on computer systems and passing between node points on a network, this acts as a protection against snooping or eavesdropping, since the information stream can’t be immediately deciphered, even if it falls into unauthorized hands.
There are several kinds of encryption algorithm in common use today, but all have a basic principle in common: A key is required to initiate the process of encryption, and a recognized key is needed at the receiving end, to decode the cipher and unscramble the masked data.
For encryption with software, these keys usually take the form of an alphanumeric password, which must be set at the start of the encoding process. Once encryption has been initiated, the relevant algorithm scrambles information as it’s written to disk. This data will remain in cipher form until the correct combination of letters, numbers, and/or symbols (i.e., the password key) is entered into the system, at which point the encryption software unscrambles the information as it’s read from the disk of an authenticated user.
Software-based encryption processes are typically quite inexpensive to implement and don’t require additional hardware – making them a popular choice for developers. Numerous tools exist on the market, including the likes of Microsoft’s BitLocker for drive encryption.
On the negative side, a software encryption tool can only be as secure as the device or system that it resides on. If equipment is stolen or passwords fall into the wrong hands, any protection it offers may become academic. Software encryption tools also require processing power to run their encryption or decryption routines – power which must be shared with the system as a whole and can slow down its overall operations considerably.
A separate processor dedicated to encryption and authentication (and therefore not dependent on the main system resources) lies at the heart of hardware encryption – which becomes significantly faster than the software alternative, as a result. This also keeps the encryption/decryption process separate from the system at large, making it harder to intercept or hack.
To encrypt or decrypt information, a key is still required, but this is typically generated as a random figure by the hardware processor itself. Hardware encryption devices may also use alternative technologies such as biometrics (e.g., fingerprint scanning) or PIN numbers, instead of traditional passwords. This makes the process ideal for mobile devices: Apple’s TouchID fingerprint scanner for iPhones is a prime example.
Since the encryption process is embedded within hardware, the system relies on the stability and robustness of the machinery. If a hardware encryption engine fails, it can become a real challenge to regain access to its encrypted data.
Hardware Encryption – Economic Considerations
We’ve already observed that software encryption is usually a cost-effective option for the program developer. The same holds true for the user, as software tools are typically affordable (some, like Microsoft’s BitLocker, are even free).
By comparison, hardware-based encryption is quite expensive, and is an option which is being taken up by consumers who have a specific need for encrypted devices, and the advantages they offer in specific circumstances or applications.
Since they’re largely self-contained, encrypted hardware devices are ideal for protecting sensitive data on portable media such as USB flash drives or laptops. Office-based drives which contain sensitive files such as financial data, health-care information, or intellectual property enjoy a greater degree of protection from hardware encryption keys, which prevent decryption even if the drives are stolen and installed in other computers.
Besides the onboard encryption of smartphones or other mobile devices, encrypted hardware also ships in the form of USB flash drives, fixed and removable hard drives, and solid-state drives.
The encryption standard typically used is AES or the Advanced Encryption Standard, which is a cryptographic module set out by the National Institute of Standards and Technology (NIST). AES has a global user base including government, military, financial institutions, independent and commercial organizations.
Different levels of AES hardware encryption exist – notably, 128-bit, 192-bit, and 256-bit – with each key size representing an increase in the level of protection and complexity of the encryption/decryption processes. But even the lowest level provides an appreciable degree of security protection. As an analyst at Leuven University stated:
“if a hacker were to attempt to “break the code” to gain access to an AES 128-bit encrypted flash drive, the number of steps he would have to take is an 8 followed by 37 zeros. This would take a trillion machines, testing a billion keys per second, two billion years to uncover an AES-128 key.”
The Need for Backups
As we noted earlier, recovering encrypted data from a corrupted system or failed device can be a real challenge.
Some software encryption tools have built-in recovery mechanisms, but options for setting these up have to be selected before using the system.
While encrypted hardware devices don’t usually have recovery options built in, many have a design feature which prevents decryption of the data they hold, in the event of a component failure. This can be effective in stopping hackers from taking them apart.
However, having a complete backup of all your essential data – and storing this in a safe and separate location – remains your best hedge against data losses from a compromised and encrypted device. Cloud storage may be an option worth considering, in the case of mobile devices and mission-critical desktop data.
Share this Post