SPYRUS
SPYRUS® USB Encryption Device Approved to Move Classified Data Between Microsoft Windows 7 And Other Systems
San Jose, Calif. – June 22, 2010 – SPYRUS, Inc. today announced that their Hydra Privacy Card® (Hydra PC™) Personal Encryption Device has acquired additional approval by the U.S. National Security Agency (NSA) for protecting data at rest when used with a PC running Microsoft Windows 7.
The patented Hydra PC Personal Encryption Device was the first and is still the only commercial-off-the-shelf (COTS) USB encryption device approved to protect tactical data in accordance with CNSS Instruction 4009 at the SECRET level and below, when used with the approved operational security doctrine.
The Hydra PC Personal Encryption Device is validated to FIPS 140-2 Level 3 and exceeds the new security requirements recently issued by the US Department of Defense (DoD) on the Joint Task Force Global Network Operations (JTF-GNO) Computer Task Order (CTO) for encrypted flash drives approved for use on DoD networks.
Need more storage? Insert a microSD card from any source. Because the security is built into the base unit, the Hydra PC Personal Encryption Device offers infinite memory expandability. Without the base unit to decrypt it, the encrypted information is fully protected even if the card is moved to a generic card reader or to a different Personal Encryption Device.
The Hydra PC Personal Encryption Device, like its big brother the Hydra PC Digital Attaché, protects your data no matter where it is stored—on the drive, on your PC, or in the cloud, because every file is encrypted with a unique AES-256-bit CBC key. Think of it as a bank vault with individual safe deposit boxes.
Both Hydra PC devices offer secure data containment by limiting the use of a specific device to administrator-authorized computers within a defined security domain, preventing both removal of sensitive data and unauthorized access to the Hydra PC or its data, and blocking the use of non-approved "rogue" USB storage devices. Even with the correct password, the encrypted data cannot be decrypted outside of the security domain.
The Hydra PC Digital Attaché adds the capability to securely share encrypted files and the removable micoSD memory with other designated Hydra PC Digital Attaché devices. No other encrypting drive has this capability.
A third member of the Hydra Privacy Card family is the Kingston DataTraveler® 5000 Secured By SPYRUS™. Designed as a high-security replacement for conventional secure flash drives from IronKey, MXI, and SanDisk, this device can be used on any PC.
Hydra PC devices protect your data with advanced hardware security by drawing upon XTS-AES 256, AES 256 CBC, ECDH, ECDSA, ECC P-384, and SHA-384, which make up the National Security Agency's Suite B cryptography.
"Once again, we are extremely proud to have worked closely with NSA to qualify the commercial Hydra Privacy Card Personal Encryption Device for use on the latest operating systems to safeguard tactical data at the SECRET level," said Tom Dickens, SPYRUS Chief Operating Officer. "Because we know that one size does not fit all, we offer a family of USB encryption drives. Whether you need a works-anywhere secure encrypting drive like the Kingston DataTraveler 5000, want to move classified data between systems, or need to share data among a group of authorized users, we have a solution for you, all based on the same hardware security platform. Since that platform is secure enough to protect classified data, it's more than secure enough to protect commercially sensitive or personally identifiable data."
The Hydra Privacy Card Personal Encryption Device and other Secured by SPYRUS™ USB encryption devices can be ordered through several government contracts.
Email sales@spyrus.com for more information.
About SPYRUS
SPYRUS holds patents in the U.S. and abroad that enable solutions for secure authentication, secure communication, and full disk encryption, as well as patents relating to data protection and rights management for digital content. Secured by SPYRUS™ security technology is designed, developed, and manufactured in the USA to meet FIPS 140-2 Level 3 standards. SPYRUS is headquartered in San Jose, California. See www.spyrus.com for more information.
SPYRUS, the SPYRUS logo, Secured by SPYRUS, Hydra Privacy Card, Hydra PC, and Digital Attaché are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization, and product names are trademarks of their respective organizations.
The National Security Agency's USB Flash Drive Program has developed specifications for physically transferring SECRET data between secure enclaves. SPYRUS, Inc. asserts that the Hydra PC meets NSA's USB Flash Drive specifications, documented in the "Universal Serial Bus (USB) Flash Drive Personal Token for Tactical SECRET Minimum Essential Requirements 1.0," and as such, is acceptable for use in national security systems.
<< Top >>
--------------------------------------------------------------------------
Small Form Factor SPYRUS® Hydra PC™ USB Personal Encryption Device Approved to Protect Classified Data
San Jose, Calif. – April 20, 2010 – SPYRUS, Inc. today announced that their new smaller form factor SPYRUS® Hydra Privacy Card® (Hydra PC™) Personal Encryption Device has successfully completed a detailed review by the National Security Agency (NSA) against strict security requirements for protecting data at rest in a personal encrypting USB flash drive.
In the last quarter of 2009, SPYRUS, Inc. announced that the patented Hydra PC Personal Encryption Device was the first and only commercial-off-the-shelf (COTS) encryption device approved to protect tactical data in accordance with CNSS Instruction 4009 at the SECRET level and below, when used with the approved operational security doctrine. Until yesterday, this was the only device to have this distinction.
The two versions of the Hydra PC Personal Encryption Device are the only two COTS personal USB encryption devices that have ever passed this review or met these strict security requirements. Both versions of the Hydra PC Personal Encryption Device are validated to FIPS 140-2 Level 3, and both versions also exceed the new security requirements recently issued by the US Department of Defense (DoD) for encrypted flash drives approved for use on DoD networks.
While the first Hydra PC Personal Encryption Device is about the size of three stacked Express Cards, the new design is 30% smaller—closer to the size of a traditional USB flash drive at 66.85 mm (2.63") x 24.21 mm (.91") x 8 mm (.31").
The new Hydra PC Personal Encryption Device uses removable microSD memory cards. Because the security is built into the base unit, the Hydra PC Personal Encryption Device offers infinite expandability. Need more storage? Insert any microSD card from any source. When an unknown microSD card is inserted into the base unit, it is not accessible until it is formatted, encrypted, and locked to the base unit. When the microSD card is removed from the base unit, the information on the card is completely unintelligible, even if it is later inserted into a different base unit.
With the correct password, you can use the Hydra PC to encrypt files and folders to any accessible location. Only encrypted files or folders can be stored on the memory card, and they can be decrypted or securely deleted but cannot be moved off the card, ensuring mandatory data containment. The entire microSD card can be cloned to create an encrypted, authenticated backup.
Every file stored on the device is encrypted with a unique key—just like a bank vault with individual safe deposit boxes. At encryption, both the plaintext and the resulting ciphertext are digitally signed and time-stamped, and the originator's credentials are embedded. The encrypted file becomes the sealed document of record because, when encrypted, nothing can be altered without destroying the ability to decrypt the file. The content, time of encryption, and the device used to encrypt the file can all be independently verified, ensuring nonrepudiation.
The Hydra PC provides secure data containment by limiting the use of a specific device to administrator-authorized computers within a defined domain, preventing both removal of sensitive data and unauthorized access to the Hydra PC or its data. Even with the correct password, the encrypted data cannot be decrypted outside of the secure domain. Even if a device is captured and the owner forced to give up the password, the data still cannot be decrypted without access to a computer inside the domain. Additionally, all ports on authorized computers can be blocked so that only the Hydra PC, and no other "rogue" USB device, can be used.
"Once again, we are extremely proud to have worked very closely with NSA to qualify the new small form factor Hydra PC Personal Encryption Device as a product secure enough to safeguard tactical data at the SECRET level. AES encryption alone, without equally strong key management and a secure implementation, is just not good enough to protect sensitive data," said Tom Dickens, SPYRUS Chief Operating Officer. "For only the second time in history, NSA has approved a personal USB encrypting memory device that every DoD or Federal employee and contractor can purchase to protect tactical data at the SECRET level and below, without the burden of Type-1 security paperwork and controls. If it is good enough to protect classified data, it will be good enough to protect commercial sensitive or personally identifiable data."
The new small form factor Hydra PC Personal Encryption Device and other Secured by SPYRUS™ USB encryption devices can be ordered through several government contracts. Email sales@spyrus.com for more information.
About SPYRUS
SPYRUS holds patents in the U.S. and abroad that enable solutions for secure authentication, secure communication, and full disk encryption, as well as patents relating to data protection and rights management for digital content. Secured by SPYRUS™ security technology is designed, developed, and manufactured in the USA to meet FIPS 140-2 standards. SPYRUS products support the strongest commercially available cryptographic algorithms, including elliptic curve cryptography (ECC), AES, and SHA-2, collectively known as Suite B. SPYRUS is headquartered in San Jose, California. See www.spyrus.com for more information.
SPYRUS, the SPYRUS logo, Secured by SPYRUS, Hydra Privacy Card, and Hydra PC are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization and product names are trademarks of their respective organizations.
The National Security Agency's USB Flash Drive Program has developed specifications for physically transferring SECRET data between secure enclaves. SPYRUS, Inc. asserts that the Hydra PC meets NSA's USB Flash Drive specifications, documented in the Universal Serial Bus (USB) Flash Drive Personal Token for Tactical SECRET Minimum Essential Requirements 1.0, and as such, is acceptable for use in national security systems.
<< Top >>
--------------------------------------------------------------------------
SPYRUS Responds to Recent Reports of Hacked USB Encryption Drives
SPYRUS USB Encryption Drives Are Absolutely Invulnerable to Such Attacks
San Jose, Calif. - February 19, 2010 - According to InsideDefense.com, on February 12, 2010, U.S. Strategic Command (STRATCOM) issued an “all-DOD message” allowing “the limited return to use of memory sticks and thumb drives in all DOD NIPRNET, SIPRNET and JWICS computers using Windows operating systems.” The caveat is that the devices must be government “procured and owned,” the command said.
SPYRUS, Inc. is pleased to announce that its Secured by SPYRUS™ USB encryption devices can be ordered immediately by DoD, federal, state, local, and NATO organizations through Autonomic Resources (www.autonomicresources.com), a U.S. Small Business Administration Section 8(a) program participant, under DoD ESI/GSA SmartBUY Blanket Purchase Agreement (BPA) FA8771-07-A-0308.
The Secured by SPYRUS™ USB encryption drives include the Hydra PC Personal Encryption Device, the Hydra PC Enterprise Edition, the Hydra PC Digital Attaché, and all Hydra PC ViP (virus protected) versions.
SPYRUS is one of a handful of carefully selected vendors of hardware encrypted secure storage that have been working with Joint Task Force – Global Network Operations (JTF-GNO) to define and implement security that prevents malware from infecting removable storage devices and then migrating from devices onto networks.
John Keese, President for Autonomic Resources explained, “Our Federal customers have been significantly affected by the DoD ban on USB drives for over one year now. The restructuring of the current ban will be well received and appreciated by our customers.”
Again quoting InsideDefense.com, according to the JTF-GNO, STRATCOM has taken steps to ensure that use of the devices does not pose an unacceptable threat. In a separate message summarizing the STRATCOM notice, the task force says it has issued “minimum requirements for limited use of removable flash media devices for mission-essential operations on all operating systems and networks with direct or indirect connections to the Global Information Grid.”
SPYRUS designed its hardware-based security to protect DoD and other sensitive data. Patented technologies for key management and key encryption operations shield cryptographic processing from electronic eavesdropping.
In 2008, the U.S. National Security Agency approved the Hydra PC™ Personal Encryption Device from SPYRUS as the first, and only, commercial USB encryption device to protect classified tactical data at the SECRET level and below.
According to Tom Dickens, Chief Operating Officer for SPYRUS, all Secured By SPYRUS"™ USB encryption devices are based on this same Hydra PC platform and meet or exceed DoD requirements, while many so-called "secure" USB drives fail to meet any of them.
For more detailed information about Secured by SPYRUS™ USB encryption devices, including the Hydra PC models, see www.spyrus.com.
<< Top >>
--------------------------------------------------------------------------
SPYRUS Proud To Be Shipping Devices Implementing Higher Security XTS-AES Mode of AES Encryption Recently Added To FIPS 140-2
San Jose, Calif. – February 8, 2010 - SPYRUS, Inc., today announced that their secure storage devices implement the XTS-AES data encryption algorithm as specified in National Institute for Science and Technology (NIST) Special Publication 800-38E (January 2010). XTS-AES is a mode of operation of the Advanced Encryption Standard (AES) algorithm specifically designed to protect storage media through sector-based encryption.
The NIST publication approves the XTS-AES mode of operation as an option for protecting the confidentiality of data on storage devices. According to the publication, “… XTS-AES provides more protection than the other approved confidentiality-only modes against unauthorized manipulation of the encrypted data.” NIST recently approved adding XTS-AES to the FIPS 140-2 security standard.
SPYRUS is the industry leader in using XTS-AES to protect secure storage devices with hardware-based encryption. Their Hydra PC Digital Attaché USB encryption device first shipped with XTS-AES in 2008, and the newly released Kingston DataTraveler 5000 employs the identical XTS-AES cryptographic engine, algorithms, and key strengths. Both Secured by SPYRUS™ products use Suite B elliptic curve cryptography with P-384 keys to provide the strongest available protection for the AES-256 media encryption keys.
“The XTS-AES encryption mode is a key element of Kingston’s new DataTraveler 5000 USB flash drive,” said Mark Akoubian, Business Manager, Secure USB Products, Kingston Digital®. “We are pleased that the adoption of this standard strengthens Kingston’s leadership position to protect our customers with the latest and most robust approved technology solution for flash drive data encryption.”
SPYRUS became an early adopter of XTS-AES because of the enhanced protection it provides against attacks on sector-based media. The more widely used sector-based encryption schemes, such as the ECB and CBC modes of operation, have always been problematic because the required 128-bit initialization vector is incompatible with disk layout schemes. XTS-AES solves this problem by introducing a “tweak” to each encrypted block. By logically XOR-ing the encrypted “tweak” with the plaintext before encrypting the block, and then XOR-ing it again with the ciphertext after the encryption, XTS-AES is equivalent to double encryption of the text, using two different keys. The result prevents several sophisticated attacks specific to sector-based encrypted data stores. For a detailed explanation of these attacks and how XTS-AES deals with them, see http://en.wikipedia.org/wiki/Disk_encryption_theory.
“InfoGard, through FIPS 140-2 validation testing of SPYRUS and Kingston products, has known of their use of XTS-AES, which can now be officially tested as a FIPS-approved algorithm. SPYRUS is to be commended for their foresight in adopting this scheme, even before NIST had adopted it as an official FIPS-approved algorithm,” said Ken Kolstad, General Manager of InfoGard Laboratories, the market leader in FIPS 140-2 independent validations.
“SPYRUS is committed to implementing the very best leading-edge encryption technology within our products. We were the first hardware vendor to implement Suite B throughout our entire product line, and the first to implement XTS-AES in a high-assurance encryption device,” said Tom Dickens, Chief Operating Officer for SPYRUS. “We will continue to ensure that our customers enjoy the best validated technology for their sensitive data assets. In this context, the inclusion of XTS-AES by NIST as a FIPS-approved algorithm is a highly positive development for the consumer in the assurance of data encryption on sector-based media.”
<< Top >>
--------------------------------------------------------------------------
SPYRUS Responds to Recent Reports of Hacked USB Encryption Drives
SPYRUS USB Encryption Drives Are Absolutely Invulnerable to Such Attacks
San Jose, CA – January 11, 2010 - In response to widely circulated reports regarding a serious vulnerability in certain USB encryption drives, SPYRUS, Inc. today has confirmed that the entire SPYRUS line of Hydra PC USB encryption drives is absolutely invulnerable to the flaw described in the reports. Since 1997, SPYRUS has been making the most secure military-grade commercial encryption flash drives in the world.
On December 18th, researchers at the German firm SySS GmbH published a penetrating analysis (http://www.syss.de/index.php?id=veroeffentlichungen&no_cache=1&L=1) of the flaws inherent in several vendors’ “Enterprise-grade” USB encryption drives. The reported vulnerability focused on the use of a simplistic challenge response authentication method which employs a fixed/constant value which, once known, can be used by a hacker to bypass protection. This is in direct violation of sound security practices.
The entire line of SPYRUS Hydra PC USB encryption drives are invulnerable to such attacks because no password authentication values or keys are ever stored on Hydra PC devices after logoff or removal. Unlike any competing USB encryption drive, the Hydra PC reconstitutes a Master Key Encryption Key at logon using a FIPS-approved Key Derivation Function which utilizes, at a minimum, an Elliptic Curve Diffie-Hellman (ECDH) public/private key pair unique to the device and a random, secret 256-bit “salt” value together with a SHA-256 hash of the user’s password. The secret salt value and all other cryptographic computations are securely bound within the FIPS 140-2 epoxy-encased cryptographic hardware rather than in host system software. Therefore it is not computationally feasible to mount an offline attack against the PIN/password. SPYRUS has the only USB encryption drive that provides such a robust authentication process to protect access to the data encrypted on the device.
SPYRUS has specialized in portable, Government-approved commercial hardware-based encryption devices for more than 15 years. SPYRUS was the first company to merge hardware encryption with flash, the first to implement the full set of Suite B cryptographic algorithms, and the first and only company to support both hardware-based file encryption and sector-based encryption.
All Hydra PC USB encryption drives are designed, developed, and manufactured in the U.S.A. and have FIPS 140-2 Level 2/Level 3 validations. Hydra PC is the only commercial USB encryption drive to be approved for protecting tactical classified data at the SECRET level and below when used in accordance with the applicable security doctrine.
SPYRUS customers, including the U.S. Government and other demanding enterprise customers, can rest assured that their encrypted data remains completely secure.
About SPYRUS
SPYRUS, Inc., a Microsoft Managed ISV Partner, has pioneered portable security products and solutions for the information security market since its inception in 1992. Our primary product lines of LYNKS Hardware Security Modules, Rosetta Series II smart cards and USB security devices, Hydra Privacy Card® Series II encryption and mass storage, Talisman/DS® Data Security Suite, and identity management products (Signal Identity Manager™ and SPYRUS PKI) meet customer needs for high-assurance security. Our mission is to set the standard for the new era of multinational information sharing and long-term data protection. SPYRUS, Inc. is headquartered in San Jose, CA. See www.spyrus.com for further information.
<< Top >>
|
