Security in NAND Flash Storage Systems

Security in NAND Flash Storage Systems

Security in NAND Flash Storage Systems

Nowadays, so many storage systems are connected to the internet. This makes them efficient, but vulnerable and it has become vital to provide protection of information through security in all these systems. As the demands on security grow, so too do the security requirements of the flash memory controller.

Attacks can come from many sources. It may be hackers breaking into systems, but increasingly includes cyber gangs looking to steal valuable information or hold systems to ransom. At the extreme, there are claims that some countries are using these techniques to engage in cyberwarfare. Security must be implemented at the core of a design and cannot simply be an afterthought or an add on. As the memory is the place where information is stored, it is essential that it is protected, and access managed accordingly by the flash memory controller.

How to manage the challenge of security

This is an ongoing challenge as new security problems are discovered regularly in both software and hardware.

Maintaining a high level of security requires action at multiple levels. This includes everything from authentication, data encryption, and keeping firmware up to date.

Robust authentication is required not only to identify users but also hardware and software components in a system. User authentication often relies on a simple password. Greater security can be achieved with multi-factor authentication and the exchange of cryptographic keys.

After authentication, the next step is access control, to check that the person or component is authorized to access the relevant functions or data.

The last line of defense for your data

Ultimately, the best way to protect data is encryption. This is routinely used for communication; for example, the transport layer security (TLS) protocol used to provide “padlock-protected” access to websites.

It is also important for data storage. Encryption can be done at the level of individual files or the whole drive. This is often supported by hardware cryptographic acceleration so there is no significant performance penalty for accessing the encrypted disk.

An added advantage of full-drive encryption is the ability to effectively erase all the data very rapidly. This may be required if it is known that a system has been accessed. By changing or deleting the cryptographic key used to read from the drive, the data is made instantly inaccessible. This is faster than physically erasing the data from the drive, which can take a significant amount of time especially if several passes are used to ensure the data cannot be recovered.

Securing your NAND flash systems

Hyperstone NAND flash memory controllers feature a number of interfaces such as ISO7816, SPI and I2C that allow the integration of peripherals, such as key management devices. For example, industry-standard security can be added to an SD Card or a Solid-State Drive (SSD) by integrating a smart card IC, such as those used for SIM or credit cards, along with the flash controller.

These external components can be integrated with Hyperstone controllers using a Custom Firmware Extension (CFE) API. This allows you to add your proprietary firmware support for encryption, or any other functionality, in a way that is independent of the specific version of the Hyperstone controller or firmware. Your extensions can be fully integrated with the Hyperstone flash management functions, but are kept separate. You will maintain full control of your CFE source code, which is particularly important for security-related applications. This way, your system can still benefit from future enhancements to controller firmware for example to control new generations of flash memory, with the same CFE.

As challenges to the security of our data become more frequent, security needs to be ensured at every level.