 Home Members Only Membership Donations Reviews Store Mail List Legal  |
||
March 24, 2006
Hardware 128-bit DES Hard Drive Encryption
Review: Addonics Saturn Cipher ExDrive and Mobile Rack hard drive security options
By Arthur Whalem
Addonics is shipping the Saturn Cipher Mobile Rack kit for SATA hard drive. It is model SCMRSAUS128 and sells for $160. It comes with the Saturn Cipher 128-bit DES encryption SATA hard drive enclosure model SCSAUSCS128, the Saturn IDE drive cradle model AASIDEBY and two 128-bit keys. This configuration can be used in a PC or in an Addonics Storage Tower with an Addonics IDE to SATA converter model ADIDESA. The Saturn Cipher enclosure uses a hardware DES encryption scheme in an attempt to keep your hard drive data safe from intruders. The hardware encryption engine processes the data in real-time. This article will examine the characteristics of the Addonics Cipher encryption system and how it can be used with a Macintosh computer.
Macintosh users will find using the Saturn Cipher ExDrive kit (SCED) with 64-bit or 128-bit DES encryption works well with FireWire, USB 2.0 or SATA connections. The Saturn Cipher 128-bit ExDrive kit for SATA hard drive with a FireWire 400 connector is model SCEDSAF128. It includes the Cipher ExDrive 128-bit enclosure (SCSAUSCS128), a power adapter (AAPC12V) and a FireWire USIB interface cable (AAFWC-406). This allows the Cipher ExDrive to be used externally with a FireWire 400 port on a Macintosh or a PC. The cost of this kit is $205.
A SATA connection option is also available. It provides the same kit with a SATA USIB interface cable instead of FireWire. The SATA connection (SCEDSAS128) version is less expensive at $189, but requires that a SATA host adapter be installed inside an Apple PowerMac.
During this review, an Apple PowerMac G5 2.0GHz dual and a 2.5GHz Quad-Core were used for testing the Addonics Saturn Cipher ExDrive enclosure with Mac OS X 10.4.5. A FirmTek SeriTek/1VE4 external SATA host adapter was used on the PowerMac G5 2.0GHz Dual for Cipher ExDrive connections and a SeriTek/1eVE4 was used when the Saturn Cipher ExDrive was mounted in an Addonics Storage Tower. A Sonnet Tempo E4i PCIe internal SATA host adapter was used in the PowerMac G5 2.5GHz Quad-Core. The Apple Macintosh FW400 port was used for FireWire connection tests.
System Requirements
Requires a 3.5" SATA hard drive.
Requires a SATA host adapter with external ports or a FireWire/USB port.
Works with Macintosh or PC.
Install
The Addonics Saturn Cipher ExDrive enclosure requires that a 3.5" hard drive be mounted inside. Saturn Cipher ExDrive models are available for both IDE and SATA hard drives with either 64-bit or 128-bit encryption. The model (SCSAUSCS128) that is the subject of this review utilizes a SATA hard drive with 128-bit encryption. To open the Cipher ExDrive you simply turn the screw on the top rear of the enclosure to the right as shown by the arrow on the top cover. The cover easily slides off toward the rear of the ExDrive.
Once the ExDrive is open a hard drive can be placed inside. You simply slide the SATA hard drive back onto the SATA connector and use the four screws provided to secure the hard drive to the aluminum bottom of the enclosure. Once you slide the top back on and screw down the locking screw the Cipher ExDrive is ready to be used with a computer.
The cut away image of the Cipher ExDrive above displays that the SATA model uses a two tier circuit board design to mount the hard drive and to implement the hardware encryption scheme. The Cipher ExDrive is a sturdy design that uses high quality aluminum which provides good cooling characteristics.
Connections
On the rear of the Saturn Cipher ExDrive is a USIB connector, a power light, an on/off switch and a 12v power connector. You will also find a green sticker that says SC-128 for 128-bit encryption models or SC-64 for 64-bit models. This same sticker should be on your keys as well. A special connector is also provided on the bottom of the Saturn Cipher ExDrive so that it can used with the Saturn IDE drive cradle (AASIDEBY) or the Saturn IDE-USIB drive cradle (AASIUSBY).
None of the Addonics drive cradles will fit inside any of the currently shipping Apple PowerMac models but they will work inside a PC with a 5.25" available drive bay or in the Addonics Storage Tower which can be used as an external enclosure with an Apple Macintosh computer.
Interface & Security
The Addonics Cipher ExDrive measures 8.1" long, 4.6" wide and 1.4" high. It weighs 15.6 ounces empty and 2 pounds 5.6 ounces with a Maxtor 300GB SATA hard drive inside. The enclosure has a black face plate and a body made of a high quality aluminum with a rippled texture.
The Cipher key needs to be inserted in the front of the Saturn Cipher ExDrive enclosure before you can mount the hard drive on the desktop. The encryption hardware looks for the key and if it is not present the hard drive will not mount. The first time that you mount a hard drive in the Saturn Cipher ExDrive you will need to format it using Disk Utility. Once formatted the drive mounts on the desktop and is ready to use.The Cipher ExDrive key needs to be inserted when mounting the hard drive on the computer, but you can remove the key after that. Data is encrypted and decrypted on the fly using a certified cryptographic engine inside an ASIC. This is done without requiring additional CPU time. As no software driver is required for the Cipher ExDrive, it can be used on many different platforms. No passwords are required, just the use of the encryption key to access your data. This keeps training to a minimum. According to Addonics, the Saturn Cipher encryption implementation offers much better security than software encryption. Each time someone tries to break the encryption the hardware requires a power reset. The minimum amount of time that Addonics calculates for a power reset is 0.4 of a second or more. A 64-bit key provides 72,057,594,037,927,936 combinations. When you consider the minimum 0.4 second time required for a hardware reset, the amount of time required to run through 50% of the 64-bit possible key combinations is 456,982,528 years. The 128-bit key is even harder to break. With that in mind, someone getting access to your key is probably a greater security threat than hacking the encryption.
Rules
Cipher users need to know a few rules when using the Saturn Cipher ExDrive. The Cipher key is your security device. You need to remove it when not using the Cipher ExDrive. Leaving the key in the enclosure allows anyone to access the data on the hard drive. If your key is easily accessible by someone else, so is your data. Your security is only as good as your ability is to keep your key out of the hands of others. Think of it as the key to your home. If you leave it in the lock anyone can come in. Each Cipher ExDrive comes with two keys. Those keys only work with that particular Cipher ExDrive system. If you need
more keys you will need to special order duplicate keys from Addonics or purchase a Saturn Cipher key duplicating system. There are NO security back doors. If you lose your keys you also lose your data. As such is the case, it is a good idea to put one of the keys in a safe place for emergency use.When using the Saturn Cipher ExDrive with a Macintosh, you will need to know a few additional rules. While most SATA host adapters and all Apple FireWire 400 connections support sleep, the Cipher key will need to be inserted before waking the computer from sleep when using some SATA host adapters. This is true whether you dismount the Cipher ExDrive before placing the Macintosh in sleep mode or not. From my tests, waking a Mac OS X 10.4.5 computer with the Cipher ExDrive mounted on the desktop without a key installed can completely crash OS X when using some SATA host adapters. Waking the computer with Mac OS X 10.4.5 while the Cipher ExDrive is connected but not mounted without a key can crash Disk Utility. This does NOT happen with FireWire connections. FireWire connections allow you to put the Cipher ExDrive to sleep and wake it without a key with no problems at all. If you are using the Saturn Cipher ExDrive with a Macintosh SATA host adapter, my recommendation is to make sure that the Macintosh OS X energy preference "Put the hard disk(s) to sleep when possible" is unchecked. In addition, if your SATA host adapter does not support sleep properly with the Saturn Cipher ExDrive, you might want to simply dismount and unplug the ExDrive before placing the computer in sleep mode.
SATA Sleep Compatibility
Macintosh SATA host adapters that I have tested, that exhibit a problem when using a PowerMac with the Saturn Cipher ExDrive while waking from sleep without a key inserted, include the following cards. Sonnet Tempo E4i, Sonnet Tempo E4P and Sonnet Tempo X4P SATA host adapters using firmware 2.0, plus the Sonnet Tempo-X 4+4 using firmware 1.2. When using these Sonnet SATA host adapters, Mac OS X totally crashed after waking from sleep with the Cipher ExDrive still mounted on the desktop with no key inserted. The FirmTek SeriTek/1eVE4 and SeriTek/1VE4 SATA host adapters locked the cursor in Mac OS X 10.4.5 upon waking from sleep without the Cipher key installed. However, re-inserting the key and turning the Saturn Cipher ExDrive off and back on allowed Mac OS X to recover. I could then use Disk Utility to mount the Cipher ExDrive again. While the FirmTek cards have issues with the Cipher ExDrive waking from sleep without a key, Mac OS X 10.4.5 can recover if you know what to do. Leaving the key in the enclosure during sleep or re-inserting it before waking from sleep will avoid these SATA connection issues. However, leaving the key in the enclosure is less secure and I typically forget to put the key back in before waking from sleep. As such, I find disconnecting the Cipher ExDrive during sleep is an easier solution when using it with a Macintosh SATA host adapter.
Cradle OptionsWhile you can utilize the Cipher ExDrive by itself you should know that you can also use it with a Saturn IDE-USIB drive cradle (AASIUSBY) $28 or the Saturn IDE drive cradle (AASIDEBY) $26. The cradle turns the Saturn ExDrive into a hot swappable removable hard drive for a PC or with the Addonics Storage Tower. The PowerMac hard drive bays are not setup to easily accept this type of cradle system. If you share the hard drive in the Saturn Cipher ExDrive enclosure between a Macintosh and a PC or have an Addonics Storage Tower you may be interested in this solution for hot swapping the Saturn Cipher ExDrive. The cradle adds a fan and a frame for the Saturn ExDrive enclosure to slide into. It provides interface connections to automatically connect the ExDrive. Using a cradle is a nice inexpensive mounting option for PCs and Addonics Storage Tower users.
When using the Saturn Cipher ExDrive in the Addonics Storage Tower you can use a FireWire USIB connection with the Saturn IDE-USIB drive cradle (AASIUSBY) or you could use the Saturn IDE drive cradle (AASIDEBY) and an Addonics IDE to SATA converter model ADIDESA as I did. In this configuration, I am using an eSATA cable between the back of the Storage Tower and a PowerMac G5 Dual 2.0 with a FirmTek SeriTek/1eVE4 SATA host adapter. You could mount several drives in the Storage. However, the image of the Storage Tower below only has a single Saturn Cipher ExDrive installed in it.
Cooling
In the cooling test, the Saturn Cipher ExDrive enclosure was tested using a Maxtor 300GB model 7V300F0 SATA hard drive. A PowerMac G5 2.0GHz Dual running Mac OS X 10.4.5 with a FirmTek SeriTek/1VE4 Four-Port external SATA host adapter was used for this test. The USIB SATA cable has an "L" type SATA connector which works well with the SeriTek/1VE4. The Cipher ExDrive enclosure has no fan, which makes it very quiet. The Maxtor 300GB hard drive was worked very hard duplicating twenty copies of a 4.2GB folder of video files several times simultaneously for 90 minutes. Hardware Monitor 3.4 was utilized to display the hard drive temperature. At the end of 90 minutes the Maxtor "7V300F0" hard drive in the external Saturn Cipher ExDrive enclosure reported a temperature of 122 degrees Fahrenheit.
The next step of the cooling test was to leave the Cipher ExDrive turned on with the Maxtor "7V300F0" hard drive mounted for an hour, but with no usage other than temperature monitoring. I wanted to see how well the hard drive might cool down inside the Cipher ExDrive enclosure. After resting for an hour, the Maxtor hard drive reported a temperature of 111.2 degrees Fahrenheit.
Based on these tests, hard drives mounted in the Cipher ExDrive enclosure will probably operate between 111.2 and 122 degrees Fahrenheit when used over an extended period of time. If you use the Saturn Cipher ExDrive in the Addonics Storage Tower with additional fans the drive operating temperature can be reduced.
Acoustics
The Saturn Cipher ExDrive enclosure has no fan. The only noise you will hear from it is your hard drive accessing data. If you mount the Saturn Cipher ExDrive in the Storage Tower or a PC using one of the cradle options a 40x40x10mm 12v T&T model 4010M12C fan is mounted in the rear of the cradle. This quiet running fan runs at 5000 RPM and can move 4.9 cubic feet of air per minute. It has a sound rating of <24 dBA. The fan is very quiet but is not silent.
Boot Capability
One feature that all of the FirmTek SATA host adapter cards have in common including the SeriTek/1VE4 (which was used in this review), is the ability to boot from each port on the host adapter. I am not aware of any other SATA PCI-X host adapter for the Macintosh that has this feature. If you are trying to create a bootable backup of your hard drive, the FirmTek host adapter allows you to test it while the backup drive is mounted on the host adapter. Non-bootable cards do not have this capability. With that being the case, Macintosh users can use the Saturn Cipher ExDrive as a bootable master hard drive using a FirmTek host adapter or by using the FireWire 400 port with the appropriate USIB cable. Being able to utilize a mobile hard drive with high security and boot capability is very cool.
Energy UsageThe Addonics Saturn Cipher ExDrive enclosure uses very little energy. According to the Kill-a-Watt electricity usage monitor, the Saturn Cipher ExDrive with a Maxtor 300GB SATA hard drive mounted inside uses 11 watts when idle. When the enclosure with a 300GB Maxtor hard drive is actively copying data, the power usage increases to 16 watts. Once the Macintosh is placed in sleep mode the hard drive in the Saturn Cipher ExDrive still uses 11 watts. It appears that even though the Macintosh is in sleep mode, the hard drive inside the Saturn Cipher ExDrive does not automatically spin down until its power switch is turned off. Once the Cipher ExDrive power switch is turned off Kill-a-Watt reports 0 watts are being used even though the external power adapter is still plugged in. Obviously, the light on the power adapter requires some energy but it is less than Kill-a-Watt can detect.
PerformanceIn the performance test, a PowerMac G5 2.5GHz Quad-Core running Mac OS X 10.4.5 was used with the Addonics Saturn Cipher ExDrive. A Sonnet Tempo E4i PCIe internal SATA host adapter was installed in slot 2. A Maxtor Maxline 300GB model 7V300F0 SATA hard drive was installed in the Cipher ExDrive. DiskTester 1GB read and write tests were performed using a run area test on this 279MB formatted hard drive. DiskTester was used to measure the combined performance of the striped RAID set and the Mac OS X operating system. It is a Terminal application which requires using Mac OS X Terminal with a command line executable. Using the command: ./disktester run-area-test --transfer-size 131072 --iterations 3 --test-size 1024 --delta-percent 10 DriveName, puts DiskTester to work testing how the RAID will perform when empty, 10% full, 20% full and so on. The same test was also done using the same hard drive, computer and host adapter with a standard SATA enclosure (1EN2) without encryption. I wanted to measure how hard drive performance might be impacted as a result of the hardware 128-bit encryption being performed on the fly.
Maxtor 7V300F0 128-bit Performance - DiskTester 1GB Test
| Cipher ExDrive | 128-bit | FirmTek 1EN2 | No Encryption | |
| Area Full | Write | Read | Write | Read |
| Empty | 68.2 | 66.5 | 69.7 | 66.3 |
| 10% | 67.7 | 62.9 | 67.7 | 63.8 |
| 20% | 66.5 | 61.4 | 66.1 | 63 |
| 30% | 64.2 | 59.7 | 64.5 | 60.4 |
| 40% | 63.3 | 59 | 63 | 59.5 |
| 50% | 59.4 | 55.3 | 59.4 | 55.9 |
| 60% | 57.1 | 53.1 | 57.1 | 53.7 |
| 70% | 52.7 | 49.2 | 52.6 | 49.7 |
| 80% | 50.4 | 47.2 | 50.3 | 47.6 |
| 90% | 44.9 | 42.2 | 44.8 | 42.4 |
| Average | 59.44 | 55.65 | 59.52 | 56.23 |
As you can see in the DiskTester average results above the Saturn Cipher ExDrive is able to provide 128-bit encryption on the fly, with almost no hard drive performance impact. Based on these results, users will not notice any speed difference in their hard drive even though 128-bit DES encryption is being applied to their data.
Security Probing
My next task was to see if I could find a way to break or view the Saturn Cipher ExDrive 128-bit encryption. When you use your hard drive in the Saturn Cipher ExDrive without a key it will not mount. With that being the case, I took the drive out of the enclosure and mounted it in another normal SATA enclosure. Once the drive was connected to a Macintosh the first thing it asked me to do was to initialize the drive. The Macintosh does not recognize the formatting of a 128-bit Cipher ExDrive so you get the standard Initialize this disk dialog.
I left the drive dismounted and opened Data Rescue. Data Rescue was unable to see the Cipher hard drive. Next, I launched Disk Warrior and it saw the Cipher drive as an "Unknown Disk". Disk Warrior would not allow me to rebuild the directory or work with the drive in any way except to test if the device was working. Next, I launched Drive Genius. Once I pushed the "Device" tab I was able to see the Cipher unmounted hard drive data including size, SMART status, preferred block size and more. Pushing the "Sector Edit" button allowed me to view blocks of data on the encrypted drive but on the right side all of the data was scrambled with * and _ symbols.
Drive Genius Sector Edit view of Saturn Cipher encrypted drive in another enclosure.
While Drive Genius was able to see the Cipher encrypted blocks on the hard drive, I was unable to recover any of the 128-bit encrypted data. My next test was to erase the Cipher hard drive and see if by using Data Rescue I could recover any of the encrypted data. Using both a Quick Scan and the Data Rescue Content Scan, I was unable to recover any of the video files that I had copied to the Cipher ExDrive. Data Rescue took 90 minutes to perform the recovery operations. It found a few file fragments from previous uses of the hard drive but none of them were the video files that I had placed on the Saturn Cipher ExDrive using the 128-bit encryption.
As I was able to see the drive using a sector edit program, it might be possible to create a sector edit type of application to probe for an encryption key. With the drive mounted in a standard enclosure a .4 second power reset might be able to be avoided. How long it would take for such a program to break the encryption or knowing if this type of code breaking is even possible is beyond my expertise. I am not a forensics expert. What I can say is that without the key, I was unable to access the data on a hard drive that had been encrypted with the Addonics Saturn Cipher ExDrive.
Discussion
The Addonics Saturn Cipher ExDrive provides an easy to use data encryption environment in which the owner simply inserts a key to access the hard drive. DES 64-bit and 128-bit encryption using hardware encoding is amazingly fast. The use of a certified cryptographic engine inside the ASIC of the Saturn Cipher ExDrive provides many advantages including fast hard drive performance, no extra CPU stress, easy key access and little if any training to get started with this very secure system. The Addonics hardware encryption system is superior in many aspects to security software solutions that I have tried in the past. With hard drive performance at its peak, the Saturn Cipher ExDrive allows the user to encrypt the entire hard drive without having to worry about slowing down the system. The Cipher ExDrive even allows an encrypted hard drive to boot a Macintosh as all of the decoding is performed in hardware.
The Saturn Cipher ExDrive has many mounting options. Macintosh users can use the USIB connector on the back of the enclosure with a USIB to FireWire cable, USIB to USB cable, USIB to SATA cable or mount the Saturn Cipher ExDrive in a cradle in the Addonics Storage Tower or a PC. With so many connection options, the Saturn Cipher ExDrive can be used with just about any computer setup. PowerMac G5, G4, iBook, PowerBook, eMac, iMac and Mac mini are all compatible with the FireWire connection option. In addition, the small size of the ExDrive allows it to perform as an ideal secure portable solution.
The only downside I found with the Saturn Cipher ExDrive was that it does not work properly with my FirmTek and Sonnet SATA host adapters when waking from sleep mode without a key. It works properly with FireWire on a Macintosh but with my SATA connections, I need to unplug the ExDrive from the computer before placing the Macintosh in sleep mode to avoid problems.
The Saturn Cipher ExDrive is a DES encryption system that requires the user to keep the extra key in a safe place. If you lose both keys you will not be able to access your data and there is no back door. This system requires good key management on the part of the user.
Pros
Works with OS X, OS 9, Windows, Linux.
Provides DES 64-bit or 128-bit DES encryption.
Cryptographic engine inside an ASIC.
Available in IDE or SATA configurations.
Works with USIB to FireWire cable.
Works with USIB to USB 2.0 cable.
Works with USIB to SATA cable.
Works with a cradle in the Addonics Storage Tower or a PC.
Quiet Operation.
Boot capable using a Macintosh.
Secure hard drive mounting.
Great hard drive performance with full drive encryption.
Sleep mode works with FireWire 400 without a key.
Nice portable DES encryption solution.
Sturdy aluminum construction.
Simple key access.
Cons
Waking from sleep without a key may crash OS X with some SATA adapters.
USIB cables can be expensive.
With no fan, the ExDrive may operate warm with extended use.
If you lose both keys you lose access to your data.
Saturn Cipher ExDrive gets 4 AMUGs out of 5!
If you are looking for a DES hard drive encryption system that does not tax your CPU or hard drive, the Addonics Saturn Cipher ExDrive is worth a look. This hardware encryption system is so fast that I was unable to tell that it was working in real time as I wrote files to the hard drive. The Addonics Saturn Cipher ExDrive is a great way to store or transport sensitive data without worrying about someone stealing the drive and having easy access to your information. You can use the Cipher system with other software encryption too. Creating a disk image using 128-bit encryption and placing it on a Saturn Cipher ExDrive adds an additional layer of security. I am sure you can think of other examples as well. The more layers of security that you provide, the more secure your data will be. The Saturn Cipher hard drive will not boot in the enclosure
without a key. If someone moves the hard drive to another enclosure the operating system will request that the drive be formatted before using it. Security is what the Saturn Cipher ExDrive is all about. AMUG makes no claim as to how secure the Cipher system is. We are not computer forensics experts. With that said, AMUG can easily recommend the Saturn Cipher ExDrive for casual security use. However, only a professional forensics expert can make valid assertions about the level of security that any particular encryption system may provide.Contact Information:
Addonics Technologies
2466 Kruse Drive,
San Jose, CA 95131 USA
408-433-3899
addonics@addonics.com
http://www.addonics.com
Copyright 2006
Arizona Macintosh Users Group, Inc. (AMUG). Visit AMUG at www.amug.org for news, discounts and friends. JOIN AMUG!