manualshive.com logo in svg

Mercury Systems ASURRE-Stor ADR256, Administrative Guidance

The Mercury Systems ASURRE-Stor ADR256 user manual offers comprehensive administrative guidance for setting up and using the product efficiently. Download the manual for free from manualshive.com to access detailed instructions and ensure seamless operation of the advanced ADR256 storage system.

Share
Download
background image

 

 

Mercury Systems 

ASURRE

-Stor

®

 

SSD 

 

 

 

 

 

 

 

   Administrative Guidance 

 

 
Copyright 2020   Mercury Systems.  May only be reproduced in its original form (without revision) 

Rev. 1.5.1   February 2020    © 2020 Mercury Systems.   All rights reserved 

 

Mercury Systems, Inc. • (602) 437-1520 •  

www.mrcy.com

 

6

 

1

 

Introduction 

This document provides administrative guidance for the 

ASURRE-S

tor

®

 

2.5” Solid State enc

rypting hard drive, hereafter 

denoted TOE

 or 

ASURRE-S

tor

®

 SSD.  The document describes how to identify the product, install it in a typical host 

system, and describes the steps necessary to begin the initial secure configuration of the TOE.   The document is 
intended for use by the Administrator or Crypto Officer responsible for configuring the product prior to field 
deployment.   

The reader may notice that the document refers to a value called the BEV.  The BEV is a term that originated in the FDE 
Collaborative Protection Profile and stands for Border Encryption Value.  The BEV performs the same function in the 

ASURRE-S

tor

®

 SSD as a KEK (Key Encryption Key) and is used to decrypt the media DEK (Data Encryption Key).  The 

document uses the terms BEV and KEK interchangeably.  

2

 

Product Description 

The Mercury Systems 

ASURRE-S

tor

®

 

SSD

 

is a secure solid state hard drive.  A hard drive is a storage device used in 

computers as the primary booting device to load the Operating System or as a device to store large amounts of data.  In 
the simplest of terms, the 

ASURRE-S

tor

®

 

SSD is a highly secure version of an industry standard 2.5” SATA hard drive.  

 

Unlike most other secure solid state drive products, the Mercury Systems 

ASURRE-S

tor

®

 

SSD does not depend on a 

TPM module, TCG, or OPAL to implement security.  Instead the 

ASURRE-S

tor

®

 

SSD implements security using 

hardware-based AES-256 XTS encryption and key management techniques that are compatible with the industry 
standard ATA specification.  These techniques provide superior and flexible solutions for mission critical defense 
applications and have no requirements for unencrypted shadow MBR sectors or 3

rd

 party Opal software. 

The 

ASURRE-S

tor

®

 

SSD was evaluated against the Common Criteria Collaborative Protection Profile for Full Drive 

Encryption - Encryption Engine, v2.0 dated January 2, 2019 and the Collaborative Protection Profile for Full Drive 
Encryption 

 Authorization Acquisition, v2.0 dated January 2, 2019. 

3

 

Product Configuration and Deployment 

The Mercury Systems 

ASURRE-S

tor

®

 

SSD is shipped with the optional MDU configuration utility.  While the MDU 

provides an easier-to-use method of performing some of the required administrative configuration functions, the MDU 
is a utility provided by Mercury that is not part of the evaluated configuration and this should be taken into account by 
users of the system.  The use of this utility was not evaluated.  Therefore, the interfaces used as part of the evaluation 
are the direct SATA interfaces.  

The programmer's guide and security configuration programmer's guide describe the administrative interface that is 
used in the evaluated configuration that was tested.  The configuration instructions for activities mandated by the ST 
are provided in this document; locations of the instructions are given by reference to the programmer's guides, and for 
convenience some references using the MDU visual interface are given as well. 

4

 

Deployed TOE usage scenario

The TOE usage scenario is a re-occurring mission model.  The TOE supports two CC compliant modes of operation: 

1.

 

ATA password with Self-generated Permanent key (Mode 1) 

2.

 

ATA Password with KEK and BLACK key (Mode 6) 

Mode 1: ATA password with Self-generated Permanent key 

This scenario begins with the Crypto Officer (CO) configuring the TOE in a secure location using MDU or a similar 
custom utility program.  The CO configures the TOE to operate in Mode 1.   The TOE uses a hardware based NDRNG and 
a DRBG algorithm to self-generate a random DEK.  The DEK consists of a 256-bit AES key and a different 256-bit XTS key.  
The CO enters a password of up to 64 characters.  The TOE conditions the password with PBKDF (Password Based Key 
Derivation Function SP 800-132) to create a derived 256-bit key (BEV/KEK) that the TOE uses to AES key wrap (AES-KW-

Summary of Contents for ASURRE-Stor ADR256

Page 1: ...20 Mercury Systems All rights reserved Mercury Systems ASURRE Stor SSD Administrative Guidance Mercury Systems ASURRE Stor ASD256 512 and ADR256 512 Solid State Self Encrypting Drives Non Proprietary...

Page 2: ...oduct Identification 8 11 Evaluated Configuration 9 12 Part numbers 10 13 Scope of evaluation 11 14 Operating Environment 11 15 Operating environment assumptions and requirements 12 16 Unattended oper...

Page 3: ...y 17 Table 7 LED Indicator Port 17 Table 8 Password strength in bits 21 List of Figures Figure 1 View of the holographic label located in the center of the main label 9 Figure 2 Images of the ASURRE S...

Page 4: ...ration of the TOE Please note that use of the MDU utility is optional and not part of the evaluation Programmer s Guide or SSD Programmer s Guide ssdProgrammersGuide pdf This document provides detaile...

Page 5: ...Maximum which determine how the TOE behaves when the Master Password issued to unlock the device Refer to the ATA7 specification V1 page 22 MDU MDU Utility Mercury Systems Drive Utility MDU is a Windo...

Page 6: ...r unencrypted shadow MBR sectors or 3rd party Opal software The ASURRE Stor SSD was evaluated against the Common Criteria Collaborative Protection Profile for Full Drive Encryption Encryption Engine v...

Page 7: ...erformed on the TOE The CO configures the TOE using MDU or a similar custom utility program to operate in Mode 6 The CO fills the BEV KEK and enters a password of up to 64 characters The TOE condition...

Page 8: ...ower is removed from the TOE the TOE enters power state D3 cold a fully powered off condition Only power state D0 allows access to plain text data Since SSDs never receive warning of imminent power lo...

Page 9: ...ommand described in SSD Secure Configuration Programmer s Guide section 2 2 to verify that the TOE reports Firmware revision number 1 5 1 Alternatively the MDU utility can be used Refer to MDU section...

Page 10: ...0 Standard product 1 Electrically isolate enclosure 2 Erase pin 1 option Trigger an erase sanitize operation from SATA pin P1 Option Field z 0 Standard product 1 Legacy erase option Same as field y O...

Page 11: ...and is conditioned by PBKDF SP 800 132 to create an intermediate derived key that is used to AES key wrap AES KW 256 SP 800 38F the DEK The wrapped DEK is saved in NVRAM During normal operation On ea...

Page 12: ...fill cables and any needed voltage translation The Administrator and or system designers shall implement application techniques safeguards and or procedures to assure that power is removed from the TO...

Page 13: ...g mode prior to deployment 18 Secure Configuration Prior to configuration the Administrator must determine the appropriate key management mode for operation Selecting the mode impacts how the host sys...

Page 14: ...lication c Require the ATA user password enables the KEK with BLACK key and ATA Password mode Set the ATA Password Length to 64 bytes d Enable the Secure Erase Trigger option e Select a Default Secure...

Page 15: ...nce are listed below a KEK and BLACK DEK mode must be set to KEK and BLACK DEK b The Key Source selection is determined by the CO as required by the fielded application c Require the ATA user password...

Page 16: ...the ATA password and issue the Get Drive Information command and verify that the TOE is in a CC compliant mode 21 Changing the User or Master ATA Password after the TOE is configured The TOE supports...

Page 17: ...t 23 Installing the TOE into a host system ESD The ASURRE Stor SSD utilizes both active and passive techniques to mitigate damage caused by severe electro static discharge Mercury Systems recommends f...

Page 18: ...SSD SATA Connector Warning The power segments of most commercial SATA connectors have every three pins shorted Refer to images in Figure 7 P1 P2 and P3 3 3V shorted P4 P5 and P6 GND shorted P7 P8 and...

Page 19: ...oves the encrypted result to the NAND media The User Role after successful authentication can access previously encrypted data stored in the NAND media Prior to authentication the User Role cannot wri...

Page 20: ...components in the TOE use production grade materials The printed circuit board is conformal coated and all BGA devices are under filled with a hard opaque epoxy to prevent easy probing of individual...

Page 21: ...ion prevents an attacker from attempting to change to a different firmware version in the field The Crypto Officer shall enforce the use of 8 character minimum password lengths for the User ATA Passwo...

Page 22: ...bel for signs of removal at least once per year While not intended as a tamper seal the label can be difficult to remove and can show signs of damage such as tearing discoloration or other damage if i...

Page 23: ...ugust 16 2017 8 23 17 Modified per Evaluation findings Rev 1 5 1 Bob Laz Sabrina Pi a 8 21 2019 Updates for re certification Document Dates footers and cPP versions updated 11 25 2019 Updated Mercury...

Reviews:

No comments

Related manuals for ASURRE-Stor ADR256

morse 400A-96-125 Operator'S Manual preview
400A-96-125
Brand: morse Pages: 6
G-Technology G-DRIVE mobile USB Product Manual preview
G-DRIVE mobile USB
Brand: G-Technology Pages: 32
SanDisk CruzerSync Getting Started Manual preview
CruzerSync
Brand: SanDisk Pages: 7
Kreg Universal Bench Assembly Instructions Manual preview
Universal Bench
Brand: Kreg Pages: 12
Philips FM16FD05B Specification Sheet preview
FM16FD05B
Brand: Philips Pages: 2
Philips FM16FD00B Specifications preview
FM16FD00B
Brand: Philips Pages: 2
Philips FM04FD30B User Manual preview
FM04FD30B
Brand: Philips Pages: 2
Philips FM02FD05B Specification preview
FM02FD05B
Brand: Philips Pages: 2
Philips FM04FD02B Specifications preview
FM04FD02B
Brand: Philips Pages: 2
Philips FM01SW81 Specifications preview
FM01SW81
Brand: Philips Pages: 2
Philips FM01FD20B Specifications preview
FM01FD20B
Brand: Philips Pages: 2
Philips FM01FD05B Specification Sheet preview
FM01FD05B
Brand: Philips Pages: 2
Philips FM01FD20B/00 Manual preview
FM01FD20B/00
Brand: Philips Pages: 10
Philips FM01FD10B/00 User Manual preview
FM01FD10B/00
Brand: Philips Pages: 10
Philips FM24SS130B/00 User Manual preview
FM24SS130B/00
Brand: Philips Pages: 14
Philips FM16FD02B/00 User Manual preview
FM16FD02B/00
Brand: Philips Pages: 98
Philips FM01FD05B/00 User Manual preview
FM01FD05B/00
Brand: Philips Pages: 130
Philips FM02FD05B/00 User Manual preview
FM02FD05B/00
Brand: Philips Pages: 162

Brands by name

Popular brands

Load more brands