Storage System Solutions

Join our Community
Section 508 support
RoHS
Printable Version CipherChain and Cipherchain-e Frequently asked questions eNova X-Wall 128-bit TDES

Following Q&A applies to both CipherChain and CipherChain-e

  1. Q: Does the CipherChain have any limit on the drive capacity?
    A: There is no capacity limitation on the hard drive. Any hard drive can be partitioned and formatted as one single large volume.

  2. Q: What type of storage device can the CipherChain support?
    A: CipherChain supports any SATA storage device that stores data in the hard drive format. So the CipherChain can be used to encrypt any SATA hard drive, SSD (Solid State Drive), or SATA RAID set (e.g. a RAID volume created by one of the Addonics Port Multipliers), CF or SD media when it is used with one of the Addonics SATA-CF adapters.

  3. Q: Can I use the CipherChain on a removable drive system?
    A: Yes.

  4. Q: Can I use the CipherChain on a boot drive?
    A: Yes

  5. Q: Can CipherChain work with all types of SATA disk drives, including SSD?
    A: Yes. It supports both SATA I and SATA II hard drives and SATA SSD.

  6. Q: Can CipherChain work with all types of operating systems?
    A: The CipherChain cryptographic engine requires no device drivers and is compatible with all operating systems.

  7. Q: Is everything in the hard drive encrypted?
    A: CipherChain encrypts every thing on your disk drive without exception. It encrypts the entire volume of your disk drive such that if you have a 300GB hard drive, the entire disk drive such that if the drive is 300GB, then all 300GBs will be encrypted, including the boot sector and partition tables.

  8. Q: How can the CipherChain encrypt the entire disk without decreasing performance?
    A: The CipherChain is specifically engineered for high speed communications with the disk drive. Its high throughput enables real-time communications with all SATA hard drives. The operations of encryption and decryption are accomplished using high speed hardware circuits to ensure there is no decrease in performance. There is no extra software device driver required. Thus memory and interrupt overheads are completely eliminated.

  9. Q: Is the CipherChain certified?
    A: Addonics hardware encryption is based on the eNova's MX Cryptographic engine that has been certified by NIST and CSE. These certificates are available on NIST web links: (http://csrc.nist.gov/cryptval/des/desval.html and http://csrc.nist.gov/cryptval/des/tripledesval.html).

  10. Q: Does the Cipher key always have to be inserted in the CipherChain in order for it to work?
    A: Once the CipherChain encrypted drive is detected and registered by the operating system, the Cipher key can be removed from the CipherChain without affecting the operation of the CipherChain encrypted drive. All the data transferring in and out of the CipherChain drive will continue to be encrypted and decrypted instantly. When the Cipher key is removed, the power LED on the CipherChain will still remain lit, indicating the key code is present and active.

    The CipherChain encrypted drive can then be powered off or removed from the system. A different encrypted hard drive that uses the same key code can be attached to the CipherChain and be immediately recognized by the system; therefore, for security purposes, it is always a good idea to reset the CipherChain to clear the key code when an encrypted hard drive is removed from the system. Once the key code is cleared, the power LED will turn off.

    Note that once the power LED is off, in order to power the CipherChain back on, the Cipher key must be inserted into the CipherChain.

  11. Q: What is the function of the RESET button?
    A: Under certain applications, the RESET button enables the adding and removing of hard drives without restarting the system.

    The following is an example of such an application:
    1. When the CipherChain is connecting a removable drive system to a SATA port that supports hot swap, the drive can be removed without powering off the computer, however, the drive icon will still be there as the system does not realize a hard drive is removed from the system. In addition, the key code still resides inside the CipherChain. Resetting will turn off the CipherChain, clear the key code, and remove the drive icon. It is recommended to reset the CipherChain whenever a hard drive is removed from a system to ensure better security.
    2. When a new hard drive is added to a removable drive system, the CipherChain can be initialized again by pressing the RESET button while with the Cipher key inserted.  Note that if the new hard drive is not encrypted or the Cipher key does not match what is on the encrypted hard drive, it will show up as an unallocated drive under the drive management screen and no drive icon will show up in the My Computer folder; therefore, it is very important to make sure that the correct Cipher key is used on the hard drive. Proceeding to initialize the hard drive will erase all the data beyond any possibility of recovery.

    As a common practice, it is best to RESET the CipherChain whenever adding or removing the hard drive in a hot swapping drive system. This will ensure security and eliminate any confusion.

  12. Q. Can I disable the RESET button?
    A: Yes. There is a jumper to disable the RESET. The default setting on this jumper is set to ENABLE. Removing the jumper will disable the RESET button on the CipherChain. Once disabled, the only way to reset the CipherChain will be to rely on the power reset of the system. Please note a soft RESET or a RESTART of the computer via Windows does not reset the power and therefore does not reset the CipherChain. Be sure the Cipher key is inserted into the CipherChain during the system power reset, otherwise, the system will not boot if the boot drive is secured by the CipherChain or the drive that is secured by the CipherChain will not be detected by the Windows.

  13. Q. Should I disable the RESET button?
    A: This depends on the application and how you want to manage the security on your implementation. If the CipherChain is used on the boot drive, resetting the CipherChain could disrupt the system if the Cipher key is not inserted in the CipherChain during the RESET. If the CipherChain is used on a drive cartridge system or a hot swappable removable drive system, the ability to RESET the CipherChain will allow swapping hard drives in and out of the system with the same, or different, Cipher key without restarting the system. Observe and understand how the system behaves when you RESET the CipherChain before finalizing your final implementation strategy. The recommendation is to leave the RESET button enabled if you are not sure.

  14. Q. Why do I need two or more CipherChains in my system?
    A: A CipherChain is required to secure each drive in a system; therefore, if there is more than one drive in the system and the intent is to secure each drive, a CipherChains is needed for each drive. The same, or different, Cipher key can be used for each CipherChain. You can also daisy chained multiple CipherChains to add stronger encryption and security to each drive.

  15. Q. When daisy chain multiple CipherChains, does each Cipher key has to be inserted into the same sequence to access the drive?
    A: When daisy chaining multiple CipherChains, does each Cipher key have to be inserted into the same sequence to access the drive?

  16. Q. Will the daisy chaining of multiple CipherChains slow down the drive performance?
    A: Yes, only if daisy chaining multiple CipherChains. Although the performance degradation is not noticeable with one CipherChain, when many CipherChains are chained together, the performance decrease will be noticeable; however, there is rarely a need to go beyond daisy chaining 3 or 4 Cipherchains, as this will already achieve a very complex security level. Using a standard hard drive benchmark tool, the impact is approximately 5 MB/sec during a sustained data transfer when daisy chaining 4 CipherChains.

  17. Q: What is the advantage of CipherChain hardware encryption compared to software encryption?
    A: Addonics CipherChain hardware encryption is by far the most secure and simplest to deploy, particularly for large organizations. Below are some of key benefits of Addonics hardware encryption products:
    • High performance - Data is encrypted and decrypted on the fly by a certified cryptographic engine inside an ASIC without utilizing CPU resources
    • Platform independency - There is no software or driver to install to use Addonics encryption products. As a result, it can be deployed in any system, running any operating system. This is important in organizations with multi-platform computing and legacy systems.
    • Data portability - Unlike many software or hardware products that limit accessing the encrypted hard drive to certain specified computer systems, Addonics encrypted storage devices can be accessed by practically any system, while still maintaining a high level of security. For example, the Addonics Diamond Cipher or Ruby Cipher drive enclosure with an encrypted hard drive can be attached to any system externally via eSATA or USB ports. The Cipher key is required to access the hard drive.
    • Low total cost of ownership - With hardware based encryption, there is no IT maintenance required, no software version to maintain, or any updates to of which to keep track.

  18. Q: Can I use one CipherChain to encrypt all the hard drives connected to the port multiplier?
    A: Yes. Simply connect the CipherChain to the host side of the port multiplier. All the hard drives connected to the port multiplier will be encrypted with the same Cipher key.

  19. Q. When connecting the CipherChain between the port multiplier and the SATA host, does it impact the performance of the port multiplier?
    A: Yes. The CipherChain will limit the transfer rate to 150MB/sec. To overcome this limitation, the CipherChain can be moved to the device side of the port multiplier; however, in this arrangement, only the drive connected to the CipherChain is encrypted. One CipherChain will be needed for every drive connected to the port multiplier if the desired result is that all the drives are encrypted. Depending on the RAID configuration, adding a CipherChain to each drive may not be necessary since two encrypted hard drives should provide adequate protection against the entire RAID volume for common configurations, such as RAID 5 or RAID 10.

  20. Q: What is “CipherChain”?
    A: CipherChain is one of the Addonics hardware encryption solutions that incorporates real-time hard drive cryptographic bridge ASIC (Application Specific Integrated Circuit) to encrypt and decrypt the entire hard drive, including boot sector, temp files, swap files, and the operating system without degrading system overall performance. Inside the CipherChain cryptographic engine are the Advanced Encryption Standard (AES) algorithms certified by the National Institute of Standards and Technology (NIST) of the United States of America and Communications Security Establishment (CSE) of Canada.

  21. Q: If I already have Diamond Cipher and Ruby Cipher drive kits, can I share the same Cipher key with the CipherChain kit for encrypting some of my hard drives?
    A: Yes. The CipherChain, Diamond Cipher, and Ruby Cipher solution all use the same type of AES 256-bit Cipher key; therefore, a CipherChain encrypted hard drive can be installed into either the Diamond Cipher (for 3.5" SATA drive) or the Ruby Cipher (for 2.5" SATA drive) and the drive can be accessed with a Cipher key that has the same key code.

  22. Q: How does the CipherChain differ from other hardware-based hard drive encryption solutions in the market?
    A: Most of the hardware encryption products in the market are designed into a drive enclosure or embedded inside the hard drive. The CipherChain is an AES 256-bit full disk hardware encryption solution that can be installed to work with any hard drive, removable drive system, or any storage device with SATA interface. The CipherChain is designed to install easily into any system via a standard PCI slot or drive bay. The CipherChain is also the most cost-effective solution that offers the highest level of encryption.

  23. Q: I have the Cipher key management system for other Addonics encryption drive kits, can I use this key management system to program and duplicate the CipherChain key?
    A: Yes. The Addonics Cipher key management system can be used for programming and duplicating all DES, TDES and AES Cipher keys. The key code generating software for the CipherChain AES 256-bit key is different from the Saturn Cipher or Jupiter Cipher. Please contact the technical support department for a copy of this new software. For security purposes, we are required to have your company name and contact information for verification.

  24. Q: Does the CipherChain support SATA II performance?
    A: The CipherChain supports all SATA II specification and supports a maximum transfer rate of 1.5 Gbits/sec. Although SATA II hard drives are all rated for maximum transfer rate of 3 Gbits/sec, this speed is only attainable in burst mode (a short duration of a few hundred milliseconds) when transferring data from the buffer, the sustained transfer rate for the SATA II hard drives is maximized at approximately 80 - 90 MB/sec. This maximum sustained transfer will remain the same even in the future generation 6G/sec SATA hard drive; therefore, the 1.5 Gbits/sec (150 MB/sec) maximum transfer rate for the CipherChain is more than adequate to handle any type of SATA hard drives. In order to achieve a higher sustained transfer rate, two or more hard drives (or CipherChain kits) can be grouped together in a RAID 0 configuration.

  25. Q: Do I need to establish a separate “encrypted folder” under the file directory as required by some software solutions?
    A: No. Everything written to the disk drive is automatically strongly encrypted. There is no need to establish a separate “encrypted folder.”

  26. Q: Can I encrypt a hard drive already with data on it?
    A.
    When a hard drive already has data on it and is then connected to the CipherChain, the computer detects the hard drive as a brand new drive or a drive that is unallocated. Once the drive is partitioned, the data that is already on the hard drive will be erased and cannot be recovered; therefore, to retain the data, it must first be backed up and then transferred to the encrypted hard drive.

    The same holds true for the CipherChain encrypted hard drive: it will look like a brand new drive when attached directly to the SATA controller of a computer. There will be no partition or any indication that the drive contains encrypted data. When the drive is partitioned, all the encrypted data will be lost.

  27. Q: Do I need any training to use CipherChain?
    A: No. After inserting the CipherChain Cipher key, everything will function as before and there is no password to remember.

  28. Q: Should I expect a multi-step log-on and/or complex Graphical User Interface (GUI)?
    A: No. The CipherChain solution does NOT change a user’s regular computing behavior, nor does it require learning a complex GUI or a lengthy log-on process. The Cipher key does need to be inserted every time and the CipherChain will need to be reset when attaching the hard drive to the computer or when restarting the system.

  29. Q: How does the CipherChain compare with Smart Card and PCMCIA encryption products?
    A: CipherChain is dramatically faster than PCMCIA or Smart Card solutions and encrypts the entire hard drive instead of selected files. There is no possibility that any data can be left unprotected on the hard drive. Drive-locking and boot sector encryption solutions do not encrypt the data; thus, it is vulnerable to attack.

  30. Q. Can a CipherChain encrypted hard drive be connected directly to a SATA controller?
    A. No. The hard drive will appear as a new hard drive without any data on any operating system. When proceeding to initialize and format the drive, all the encrypted data will be gone and the hard drive becomes an ordinary hard drive.
  31. Q: Can I encrypt multiple hard drives via a single CipherChain Cipher key?
    A: Yes. You can encrypt multiple hard drives with the same CipherChain Cipher key.

  32. Q: Does CipherChain support 48-bit LBA addressing?
    A: Yes. The CipherChain supports 48-bit addressing and supports hard drive volumes over 137GB per drive.

  33. Q: What happens if my Cipher key is lost or stolen?
    A: There are no “back doors” into CipherChain encrypted hard drive; therefore, without the Cipher key, there is no access to the data on the protected disk drive. This means the backup key should always be stored in a safe place. For security reasons, Addonics also does not keep records of the Cipher key codes.

  34. Q: Can I order duplicate Cipher keys?
    A: You can order duplicate Cipher keys directly from Addonics. To have additional keys made, please send in the backup key with the order number for duplication. If only one of the two Cipher keys remains, please be sure to back up the data stored inside the encrypted hard drive prior to sending the sole key to Addonics. Addonics is not responsible for keys lost in the mail or the retrieval of data inside the encrypted hard drive. For customers who are interested in managing and making their own keys, the Addonics Cipher key duplicating system is available for purchase.

  35. Q: If the CipherChain became defective, will I lose my data?
    A: No. The CCE is a generic cryptographic engine and the Cipher key contains the AES cryptographic key; therefore, the defective CipherChain can be replaced if this ever occurs and the original Cipher key will allow access to the data on the hard drive.

  36. Q: Does CipherChain increase the original file size after encryption?
    A: No. AES is a complicated mathematical algorithm that computes the original data with 256-bit cryptographic key length. Regardless of the size of the key, the size of data file after encryption remains unchanged.


  37. Q: How does CipherChain encryption work?
    A: The CipherChain Cryptographic Engine (CCE) intercepts, interprets, translates, and relays commands and data to and from the disk drives, encrypting the data with AES 256-bit key strength. Before all data reaches the disk drive, the CCE encrypts it, and then saves it to the disk drive. When there is a read to the disk drive, the CCE decrypts it before sending the data to the host. The operation of encryption and decryption is totally transparent to all users; thus, the CCE is invisible to the entire system. The CipherChain Cipher key contains the cryptographic key that is used by the CCE. At power up, the cryptographic key will be delivered to the CCE register sets using a proprietary hardware protocol. If by chance the cryptographic key was incorrect or missing, the CCE will not decrypt the hard drive; thus, the CipherChain encrypted hard drive cannot be detected by any operating system without the correct Cipher key, which keeps all the content in the drive is secured. Attempts to surface scan the entire disk drive platters will not return results. Since the CCE is a generic engine and it relies on the cryptographic key to enable all functions, a malfunctioned CCE can be easily replaced with the same model and the content of the disk drive can be safely retrieved as long as the original cryptographic key is intact.

  38. Q: How is key length related to security?
    A: In the case of Symmetric Cipher (DES, TDES, and AES), a larger cryptographic key length creates a stronger cipher, which means anyone attempting unauthorized access must spend more time and resources to find the cryptographic key. For instance, a DES 40-bit strength represents a key space of 1,099,511,627,776 (240, 2’s power 40) possible combinations. While this number may seem impressive, it is definitely feasible for a microprocessor or a specially designed ASIC to perform the huge number of calculations necessary to derive the cryptographic key. Surprisingly an investment of only about $10,000 USD in Field Programmable Gate Arrays (FPGA) will be able to recover a 40-bit key in twelve minutes. Additionally, a $10,000,000 USD investment in ASIC will be able to recover a 40-bit key in 0.05 seconds. A government agency that can afford investing $100,000,000 USD or more will be able to recover a 40-bit key in only 0.002 seconds; therefore, a 40-bit length cipher offers the bare minimum protection for confidentiality and privacy. Fortunately, the manpower required to discover the key code increases exponentially as the key length increases. For example, an increase of one bit in length doubles the key space; therefore, 241 represents a key space of 2,199,023,255,552 possible combinations. A 2112 bit (128-bit) TDES cipher offers extremely strong security; that is, 5,192,296,858,534,827,628,530,496,329,220,096 possible combinations.

  39. Q: Why do I need to use the Cipher key?
    A: The Cipher key contains the AES cryptographic key that is used by the CipherChain to encrypt or decrypt data. Without the key, the protected disk drive cannot be detected and there is no access. Together, the Cipher key and CipherChain cryptographic engine comprise an effective user authentication for access control and encryption for data protection. The Cipher key serves as the user authentication for access control, while CipherChain cryptographic engine handles the encryption and decryption of the data when it is written and retrieved from the hard drive respectively.