New NVMe Communications Interface/Driver Technology and Encrypted Flash Drives Meets the Needs of Today’s Demanding Applications

Richard Kanadjian,
Business Manager,
Kingston Technology

The demand for performance continually increases. Large amounts of data must be strongly secured, easily accessed, and quickly processed. DOD demands adherence to its requirements about the size, weight, and power (SWaP) of components and systems. NVMe (Non-Volatile Memory Express) communications interface and driver, and the use of hardware-based encrypted Flash USB drives are viable solutions.

It has been over five years since the Department of Defense initiated its SWaP purchasing push. It basically requires that components and systems bought for military purposes – be they infantry, command, or administrative – be small in size, weight, and lower in power consump- tion. A noble ideal for sure, and one that continues today.

Two critical, technical areas that benefit from the SWaP concept are communications, and the mobile storage and transfer of data via USB Flash drives. The following is a discussion of best practice solutions for each.

NVMe Communications Interface and Driver

Applications such as big-data analytics, server virtualization, and high-performance databas- es require ultra-low latency and extreme storage performance to deliver unmatched application results and better ROI at both the server and data center levels. Many of today’s data center architects are forced to use legacy “Good Enough” technologies in order to deliver the high performance required by DOD demands, as well as new and existing applications, while also attempting to lower overall cost to improve ROI. This approach often increases complexity without providing the sought-af- ter benefits of improved TCO. Solution providers are looking at newer technologies like NVMe (Non-Volatile Memory Express) and PCIe (Peripheral Component Interconnect Express), the next generation storage pro- tocol and interface, to replace legacy interfaces such as SATA/AHCI. Replacing these technologies will help re- duce complexity and cost, while increasing performance and lowering latency.

It is important to understand the number of drives required, the requirements for HBAs, the differences in total power consumption, and the impact on application latency. It is expected that a single NVMe SSD will be able to replace banks of legacy SATA SSDs or worse, Hard Disk Drives, deployed behind host bus adapter cards. NVMe SSDs will reduce complexity, lower power consumption, provide increased performance, and im- prove data center TCO.

Industry testing has revealed a clear advantage of using NVMe-based storage compared to the lega- cy “good enough” approach of SATA-based storage.

Compared to using banks of SATA SSDs behind HBAs, direct connect NVMe SSDs, such as those used in our upcoming KC2000 SSD enable higher performance, higher reliability, lower power, and improved TCO for data centers demanding high-performance SSD storage. What previously required an entire box of SATA devices now can be done with a single card.

The benefits derived from using high-performance NVMe SSDs will lead to a natural migration away from legacy protocols towards PCIe and NVMe-based storage. Replacing these technologies will help reduce complexity and cost, while increasing performance and lowering latency.

NVMe is a communications interface and driver that defines a command set and feature set for PCIe-based SSDs. It is the most efficient way to increase perfor- mance and productivity for enterprise and client needs. It provides increased and efficient performance, and interoperability on a broad range of enterprise and client systems. It was designed for Flash SSDs. It handles communications between the storage interface and the System CPU using high-speed PCIe sockets, indepen- dent of storage form factor.

Input/output tasks performed using NVMe drivers be- gin faster, transfer more data, and finish faster than older storage models, such as AHCI (Advanced Host Control- ler Interface). Because it is designed for SSDs, NVMe is becoming the new industry standard.

Comparatively speaking, PCIe Gen 4 can transfer data at a rate of 2,000MB per second (32,000MB per second using 16 lanes) vs. SATA III’s transfer rate of just 600MB per second and is restricted to one lane.

In a nutshell, NVMe is designed for SSDs with flash technology, has 64K command queues, can send 64K commands per queue, low CPU cycle commands, has a latency of 2.8 microseconds, communicates directly with the System CPU, and has over one-million IOPs.

NVMe technology provides optimal performance.

  • Superior storage

PCIe socket transfer greater than 25x than their SATA equivalent.

  • Superior speed

NVMe begins sending commands more than 2x faster than AHCI drivers.

NVMe input/output operations per second exceed one million and are up to 900% faster than its AHCI equivalent.

  • Superior compatibility

NVMe cuts out the middle man by communicating directly with the System CPU.

NVMe-based drives work with all major operating systems, regardless of form factor.

Secure, Hardware-Based Encrypted USB Drives

With capacities ranging from 4GB to 128GB today, tremendous portability and the exceptionally easy ability to be connected to various networks, encrypted USB drives can be used securely as file-sharing and mobility tools, backup drives, and more by agencies and depart- ments of all sizes.

Unencrypted USB drives (also commonly known as removable media, flash drives, thumb drives, and other terms), however, pose a major risk. While they have rev- olutionized data transfers, unencrypted USB drives have also introduced grave security concerns, as they are very susceptible to being lost, breached, and misappropriated. And that leads to the possibility of critical, classified, sensitive data landing in the wrong hands. With their extreme portability, USB drives can turn up anywhere– from jacket pockets to parking lots to bad actors – put- ting military data and the like at serious risk. With good reason, many parts of the military have restricted the use of USB drives.

Unencrypted USB drives single handedly can negate millions of dollars spent on cyber security, whether intentionally or through carelessness. No one, especially the military, should have data on an unprotected drive.

Considering that military workers at every level are producing a wide range and reams of information daily

  • everything from top-level national security plans to proposed budgets, staffing needs, meeting minutes, strategic positioning, defense strategies, intelligence, and much more – it is no wonder the use of USB drives is a major security concern.

Blocking or prohibiting staff from all USB ports may sound like an easy solution, however it may also restrict productivity and lower work efficiency. So, how do you deal with the risks without completely forbidding USB- drive usage and forfeiting all of its conveniences?

Secure, hardware-based encrypted USB drives.

These flash drives are an essential pillar of a compre- hensive data loss-prevention (DLP) strategy. Experts say organizations must insist their members use only hardware encrypted USB drives with 256-bit AES XTS encryption, which combine the productivity advantages of allowing USB access while protecting the informa- tion on the drive. Encrypted USB drives are designed to protect even the most sensitive data, using the strictest security regulations and protocols defined by NIST (National Institute of Standards and Technology, and commonly referred to as FIPS 140-2 Level 3 for the most secure drives in the market).

Encrypted USB drives are powerful tools in closing security gaps, and helping ensure security and compli- ance by offering:

  • Complex password protection
    • Protection against drive firmware tampering (also known as Bad USB)
    • Protection against brute-force attacks that limit password guessing
    • Tamper evident technology that disables a drive when tampered or makes it evident
    • Remote management to allow for server-based management of all drives, allowing for password resets through remote drive disabling or geo-locating
  • Wide-capacity range

Encryption of USB drives is performed two ways: ei- ther through the device’s hardware or software. The most effective way is through the hardware. A self-contained encrypted USB drive protects against external snooping of its internal storage and components.

A USB drive with hardware-based encryption is an excellent, non-complicated, simple solution to protecting data from breaches, while also meeting evolving military regulations. Priced between $40 and $600, depending on capacity, they are an ideal solution for applications throughout the military. Such devices meet tough in- dustry security standards and offer the ultimate security in data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-con- tained and do not require a software element on the host computer. No software vulnerability eliminates the pos- sibility of brute-force, sniffing, and memory hash attacks.

Encrypted drives have digitally signed firmware that cannot be altered, as well as a physical layer of pro- tection. Some of these drives come in epoxy-dipped/ filled cases that prevent access to the physical memory. In contrast, a USB drive with software encryption uses software that runs on the host computer and is vulnera- ble to attacks.

The top-of-the-line hardware-based encrypted USB drives (e.g., the Kingston IronKey™ D300 line), use AES 256-bit encryption in XTS mode. This and similar drives reformat after 10 attempts of password guessing to ensure that anyone who finds such a drive cannot access the information.

Flash memory in the form of USB drives are perfect for this smaller, faster, lighter push that the military has been going after. Encrypted USB drives provide a way for the military to use them securely in situations where they are needed and can be the best, most secure solu- tion for data transportation and storage.

A hardware-centric/software-free encryption ap- proach to data security is the best defense against data loss, as it eliminates the most commonly used attack routes. This same software-free method also provides complete cross-platform compatibility with any OS or embedded equipment possessing a USB port and file storage system.

Flash memory in the form of USB drives are perfect for this smaller, faster, lighter push that the military has been going after. Encrypted USB drives provide a way for the military to use them securely in situations where they are needed and can be the best, most secure solu- tion for data transportation and storage.


About Author

Leave A Reply