iStorage diskAshur2 PIN Authenticated 2TB USB HDD Review
Bohs Hansen / 7 years ago
Security Features
Tamper Evident and Proof Design
iStorage built the drive in such a way that it isn’t possible to get inside without noticing it. In order to gain access to the critical components inside and tamper with them, you have to physically break the enclosure and that’s something you’ll notice. The protection continues on the inside where all critical components are covered by a layer of super tough epoxy resin.
Even in the event that someone manages to get to this point, breaking the drive open and removing the resin without damaging the components, it won’t help them much. Why? Because next they are greeted by a Common Criteria EAL4+ Ready secure microprocessor in addition to several other impenetrable defence mechanisms.
Certified to the Latest Government Certifications
The diskAshur2 is certified to the latest government certifications which include FIPS 140-2 level 3, NCSC CPA, common criteria and NLNCSA. It is also compliant with the new General Data Protection Regulation (GDPR). In the EU, if a company loses an EU citizens data, it can get really bad. You can be fined up to €20 million or 4% of your global turnover. Whichever is higher. But there’s no need to worry about such things in the event that your drive is stolen or you leave it on a train or bus. No one will get in and the controller complies with Article 34 of the GDPR.
EDGE (Enhanced Dual Generating Encryption) Technology
The drive offers advanced portable data security via built-in FIPS PUB 197 validated AES-XTS 256-bit hardware encryption engine. That means that the data encryption key is randomly generated by a Common Criteria EAL4+ ready Random Number Generator and protected by FIPS validated wrapping algorithms. This is a unique feature!
The security component employs physical protection mechanisms to protect itself from any external tamper, bypass laser attacks and fault injections and incorporates active-shield violation technology. More specifically, the secure microprocessor reacts to all forms of automated hacking attempts by entering the deadlock frozen state.
The security lock feature protects the device against any unauthorised firmware modifications from the host side. That also means that it is fully protected against BadUSB.
Self-Destruct Feature
There’s even a built-in self-destruct feature. And no, you tiny pyromaniacs aren’t getting a new thing to blow up. The self-destruct is for the data contained within the drive. You can pre-program the drive with your own unique self-destruct pin. When implemented, the drive deletes all keys, pins, data and creates a new encryption key instantly.
The same will happen if you input a wrong pin 15 times in a row. The drive will lock itself and render all data on the drive lost forever.
A lesser destructive security feature is the automatic lock when the drive hasn’t been used. You can configure the diskAshur2 to automatically lock after a pre-determined amount of time where the drive hasn’t been in use.
Don’t Give Anything Away
You don’t want to give possible attackers anything to work with, which includes not writing the pin on a sticker and place that on the drive. That’s a given. But what about the keypad? Well, there is nothing to worry about here either. The keypad is epoxy coated for wear resistance which means that continuous use won’t expose you by worn down keys.