It's sad but true: Viruses, worms, rootkits and identity and information theft have become everyday parts of mainstream computing. As a result, the protection of personal and business information on hard drives and removable storage (used for data vaulting) has become an issue at the forefront for IT security pros. It should also be of great interest to system builders.
Advances in threat-detection and data encryption have created a demand for software firms like WinMagic and Cypherix, whose packages can protect individual files or entire disks. You can even encrypt folders under Window XP, but there are costs associated with these solutions when it comes to performance. Specifically, if your CPU is tied up encrypting and decrypting files, it has less time to work on instructions associated with your applications. The result—at least on busy systems—is slow response times, often accompanied by the dreaded hourglass icon.
The solution? Pick and use components with hardware-based data encryption. By working with these components, you'll get a data vault with better performance—and save money, too.
In this Recipe, I'll show you how to beat the performance and cost of software data encryption by building with slick, powerful components that feature breakthrough hardware-based encryption technology.
Further, with this sleek mini-ITX data vault, you can lock up critical data in a tiny package. Best of all, your clients won't see decreased performance from data encryption. That's mainly because, unlike popular software encryption techniques, the complex encryption and decryption algorithms are built right into the mini-ITX mainboard.
At the heart of our data vault is a 6.7-inch x 6.7-inch mainboard that holds the usual complement of motherboard components—CPU, memory, and bus architecture—in a tight little package. It also packs a collection of low-level software routines written specifically to do some serious data encryption. These routines serve the same purpose as a software encryption package, but run much more efficiently, as they don't require loading or translation into hardware instructions.
We'll also equip our little data vault with an affordable (about $50) biometric security device built into the mouse that uses fingerprints to check who is at the keyboard. This will also help your customer manage passwords without having to write them down. This device uses Trueprint technology (more on this later) to read the ridges below the outer layers of a person's skin for foolproof fingerprint identification. That's a whole lot of security in a small and stylish package. Best of all, it's inexpensive.
For system builders who'd like to add hardware-based encryption to their client's existing systems, I'm also including an inventive, military-grade encryption add-on disk system. The result is a system that deters unauthorized users, as it requires an actual hardware key. By deploying this terrific security feature, your clients can easily slip the encrypted disk out of the PC for transport or safe storage.
The Big Picture on Mini-ITX
Mini-ITX's ultra-compact mainboard form-factor was developed by VIA Technologies, a Taiwanese company known for its mini-ITX innovation and manufacturing. The highly integrated features of mini-ITX mainboards from VIA and Phylon (to name but two) are ideal for building information and entertainment systems that are powerful, quiet, and small.
Protected by cases that are both ergonomic and innovative, mini-ITX mainboards can be used to build powerful, compatible PCs with a vastly reduced size. (For example, they're about two-thirds smaller than the FlexATX motherboard, the smallest of the ATX family.) These boards also pack all the punch of a full-sized PC, while running far cooler and more quietly. In short, these features have made mini-ITX solutions the most popular choice for embedded applications and appliance computing—anywhere space is an issue. (For more on mini-ITX, see the Resources section at the end of this Recipe.)
The Pros and Cons of Implementing a Mini-ITX Solution
Here's a brief summary of the highlights of working with a mini-ITX:
Ultra Compact : Offers a 170 mm x 170 mm (roughly 6.7 in. x 6.7 in.) form factor.
Highly Integrated : Boards carry an onboard processor and integrated I/O.
Power Efficient : Low power consumption, cool operation.
OS Compatible : Systems support Microsoft and Linux operating systems.
Modular : Integrates with industry standard components.
Secure : Mini-ITX boards feature onboard encryption technology.
Quiet : Smaller means less noise, and fanless mini-ITX offer less noise with greater stability.
Compatible Interfaces : Supports SATA drives, DIMM memory, PCI cars, and both USB and Firewire peripherals.
On the flip side, here are a few limitations you should consider before implementing a mini-ITX solution:
Not Upgradeable : To reduce cost of manufacture, CPUs are permanently installed on the mainboard. The ZIF (Zero Insertion Force) socket on most modern motherboards makes up a significant part of the manufacture cost. In VIA's EPIA (Embedded Platform Innovative Architecture) architecture, the company integrated the mainboard and CPU and removed the socket to streamline production and reduce costs.
Limited Expandability : Typical cases have limited real estate—that's the cost of going "small." Power supplies can be as small as 60 watts, limiting the addition of peripherals. Also, these boards have minimal PCI slots available.
Higher Cost : The cost for an integrated mini-ITX mainboard is likely to be higher than a comparable ATX motherboard/CPU bundle.
Ingredients: Data Vault Hardware
Here's what's required on the hardware side in creating a mini-ITX data vault. We'll take a look at our choices for components for our compact data vault and why these parts are a good fit for this Recipe. But before we start, take a look at the following illustration. It shows the relative size of our compact data vault and how its key components fit together:
Here are the hardware components I recommend:
Mainboard : VIA Technologies' EPIA-SP13000 Compact Mini-ITX form factor with VGA with S-Video and Composite TV-Out, 168-pin DIMM memory sockets (2), 10/100 LAN, AGP2X with 2D/3D Graphics Acceleration with motion compensation for DVD playback, Sound Blaster Pro Compatible Audio, 1 PCI slot and 2 USB 1.1 ports to which an optional 2 port USB 1.1 module may be added. I recommend this product for its on-board data encryption engine.
Memory : Kingston KVR400X64C3A/512 (512-MB, 400-MHz DDR DIMM). This is reliable, affordable memory.
Case and Power Supply : Travia's c158 with 90w power supply and accompanying holders for media and hard drive are the way to go. I chose this power supply for its solid construction, power rating, and good looks. (Back I/O panel is supplied with motherboard.)
Hard Disk : The Seagate Barracuda ST3300831A, 300GB 7200 with 8MB cache provides high speed, high-capacity, and reliable data storage.
CD/DVD burner : Quanta's SDW-082 Slimline CD-RW and 8x +/-DVD writer is a compact and efficient CD drive (also marketed by Phillips). It is also an 8X DVD burner, and it can back up large data stores quickly.
Biometric Mouse : APC's Biometric Mouse (BioM34) with a fingerprint-recognition sensor combines affordable biometic security with convenience. Also, it's very affordable: about $50.
Monitor : Samsung's 740B Monitor is 17-inch LCD unit with 1280 x 1024 resolution. It's a good, all-around monitor that's suitable for both office applications and media use.
Ingredients: Data Vault Software
And here's the software involved for our data vault project:
Operating System : For this Recipe, I recommend Windows XP Professional. Though we won't need the overhead associated with XP Pro's Encrypting Files System (EFS), I like its IPSec features, which encrypts data moving over the network; it is most effective in high-security and VPN environments. XP Home does not support IPSec.
VIA Software Tools : VIA Technologies, manufacturer of the mini-ITX mainboard selected for this Recipe, has integrated a powerful set of security tools into its recent processor cores. The VIA PadLock Security Engine is hardware-based security technology that combines the latest military-grade encryption and protection with what VIA says is the world's fastest x86 security engine. Together, they provide full data encryption with little or no impact to the performance of applications being executed.
A look under the hood reveals that the heart of VIA's PadLock Security Suite is RNG, a hardware-based random number generator, and ACE (Advanced Cryptography Engine), which processes low-level algorithms used in AES (advanced encryption standard) military-grade cryptography. VIA has also released a software development kit (SDK) for both Linux and Windows to help x86 developers use a random number generator and a cryptographic engine.
VIA has also produced a full suite of software that takes advantage of the technology built into its processors. The latest addition to the suite, StrongBox, is freeware on VIA's site. StrongBox works with the company's PadLock Security Engine and lets users create encrypted virtual drives on their systems. With VIA's StrongBox, up to 10 virtual drives can be created, each with a potential size of 4 GB. Best of all, Strongbox is simple to use. Drives created with Strongbox can be unlocked and locked in a simple two-click process and additional features can be accessed through a control center application.
Hardware Assembly for the Mini-ITX
Assembling a mini-ITX box follows all the same principles as a standard ATX PC build, but requires special attention to space and some different-looking parts. For example, while mini-ITX mainboards may support a PCI card, most cases are styled too flat to support the card's full height. To address this issue, cases come with a horizontal riser to reorient the card horizontally. It's clear that most mini-ITX cases are built to take full advantage of the small format to present a correspondingly small footprint. This means that, as with PCI cards, components like media drives are frequently located directly over each other and perhaps the mainboard as well. This presents a dense configuration of parts and close quarters in which to work. The end result, however, yields a powerful, compatible system in a small and stylish package that looks and works great.
Mini-ITX is cool and quiet. One interesting difference from standard ATX formats is that mini-ITX components are designed to run cool. Unless you have a special application—for example, constant drive access or limited access to outside airflow—systems can run with either minimum cooling or, in many cases, no fan at all!
Now let's move on to the 13 steps for assembling our mini-ITX data vault. But first, prior to beginning assembly, download VIA's detailed product manual, as only "Quick Start" directions come packaged with VIA's mainboard. Once you have the manual, dig in:
- Install Memory: Unlock the DIMM socket by pressing the retaining clips outward. Align a DIMM on the socket with a notch over the break in the socket. Firmly insert the DIMM into the socket until retaining clips engage. (Repeat for second DIMM.)
- Install IDE Cables: Connect the drive cable with a red stripe aligned with pin 1 on the socket. (Repeat for second device.)
- Remove the case cover and drive filler panel.
- Remove the media drive holder from the case, and install the media drive on the holder.
- Remove the hard drive holder from the case, and install the hard drive on the holder.
- Install the mini-ITX mainboard and I/O gasket (back panel) in the case.
- Connect the pinheader.
- Locate the mainboard in the chasis to connect LEDs, reset switch, etc.
- Connect the power supply.
- Connect and mount the media drive with holder.
- Connect and mount the hard drive with holder.
- Inspect all connections carefully and replace the cover.
- Connect the PS/2 keyboard, biometric mouse, and monitor.
Software Installation for the Mini-ITX Data Vault
After loading Windows XP Professional, you should download and install VIA's StrongBox application. Your clients can use StrongBox to create virtual disks of various sizes for use with their favorite applications. Here are the two steps for downloading and installing VIA's StrongBox utility:
- Download the StrongBox software from VIA Technologies' Web site
- Double click on the file named "downloaded exe," and follow the prompts.
And here are the four steps toward creating a virtual disk with encryption:
- Provide a base filename and where you want it to be stored.
- Assign the virtual drive a letter.
- Estimate the size drive you will need for your encrypted data.
These first three steps are illustrated in this screenshot:
- Set up a password. StrongBox will also ask you for a reminder question and password hint. Be sure to instruct your customer to remember their password and that their reminder question and hint are effective ones. As with any good encryption, there is no way to undo the encryption without the password.
Here are five steps to installing the APC biometric mouse BioM34's software and password management utilities:
- Plug the mouse into an available USB port, then insert the APC software CD. Note: APC calls its mouse software OmniPass.
- When installation completes, restart the system.
- Upon start-up, the OmniPass will ask to verify your Windows Username, Domain and Password.
- Select the APC Biometric device icon to begin the process of "finger enrollment." Place your finger on the sensor on top of the mouse. The software will then repeat the scanning eight times to unsure a flawless reading. Use a flat finger; a fingertip contains insufficient print information for identification. OmniPass can register up to 20 different users or individual fingerprints.
- Reboot the system.
From the software's system tray icon, you can manage users, enroll new fingers, and change settings. Biometric Mouse Password Manager enables mouse usage, password management, wave-file audio prompts, and even some powerful software file encryption.
Using the Biometric Mouse and the Encrypted Data StrongBox
Once restarted, the Windows logon screen will appear, along with a new Logon User Authentication screen. You can either enter a username and password as normal, or simply place your finger on the sensor and drive ring of the BioM34 mouse. Upon proper authentication, the BioM34 will automatically fill in the logon screen and log you onto the computer. BioM34 also supports Window's Fast User Switching, so a new person authenticating for using the PC will immediately get their personal settings and desktop with a touch of their finger the mouse.
The StrongBox virtual drive you configured earlier will now appear under My Computer as a green folder with a gold-colored padLock. This icon is shown as locked when the drive is locked or unlocked when the password has been correctly entered.
Right-click on the drive, and choose unlock to enter your password and unlock the drive, as depicted here:
StrongBox automatically locks the virtual drive any time the PC is shut down or restarts. Additional StrongBox drives can be easily added and maintained using the StrongBox Control Center, which is shown in this next screenshot:
You can also choose to have your StrongBox automatically lock up client's data when a screensaver is activated.
Adding Hardware-based Encryption to Existing Systems
If you're not sold on the power built into VIA's mini-ITX mainboards—or if you need transport encrypted disks, or you wish to add hardware-based encryption to your existing ATX designs—then a unique product called Saturn Cipher Hard Drive Kit may well be the solution.
Designed by Addonics, the Saturn Cipher kit offers an external or removable drive with hardware based 64-bit DES/TDES or 128-bit DES/TDES full disk encryption. Addonics says a 192-bit version is on the way, too. The Cipher drive is shown here:
At the heart of this product's data encryption is Enova's ASIC security technology. As with VIA's on-board encryption engine, data is encrypted and decrypted on-the-fly without taking any CPU resources. But the major difference is that Addonics' encryption is based on a hardware "key." Each Saturn Cipher kit comes with a set of unique hardware keys, similar to the ones you might use to start your car or open your front door. Using a hardware key to lock or unlock a drive adds a layer of physical security to your client's data.
Another benefit of the Saturn Cipher kit is that it allows the system builder to use any hard disk without relying on a particular disk manufacturer for encryption technology. Also, some clients might prefer a hardware key solution; it is simple to deploy, requiring little or no training, no software to install, and no password to remember. These benefits could be especially important in organizations that use multi-platform computing.
The Saturn Cipher kit works with SATA, IDE or even 2.5-inch IDE hard drives—and it's easy to deploy and implement. By the way, if your client has already invested in the regular Saturn drive kit, you can add the Saturn Cipher encryption solution by simply purchasing the Saturn Cipher drive enclosure. The only difference in using a Saturn Cipher enclosure is the addition of the encryption key.
SIDEBAR: Learn More About Mini-ITX
If you'd like to do some reading about working with the mini-ITX, here are some useful resources from around the Web:
Mini-ITX Form Factor White Paper : VIA Technologies' original white paper defines the mini-ITX form-factor.
Mini-ITX.com : This site provides coverage of mini-ITX news, projects, and hardware, along with a FAQ.
LinITX.org : This portal is devoted to running Linux on mini-ITX solutions. It includes forums, information, news, and downloads.
VIA's PadLock Initiative : This is a built-in security engine for VIA products.
Advances in Biometric Fingerprint Technology are Driving Rapid Adoption in Consumer Marketplace : This is a fine article concerning how and why Trueprint technology is used to scan fingerprints.
Logic Supply : This company is a supplier of all things for mini-ITX. The site offers a terrific FAQ and a nifty power supply calculator.
EPIACENTER.com : This site offers news and reviews on anything that relates to EPIA building. They also supply technical information on specific boards, cases and power supplies for mini-ITX.
ANDY MCDONOUGH, a regular contributor to TechBuilder.org, is a professional musician, composer, voice actor, engineer, and educator happily freelancing in New Jersey.