Spyrus Hydra Privacy Card Series II

Youdon't need a 100-headed monster to control sensitive data that needs tobe transported from the computer. You just need one Hydra PC. In theMay issue (beginning on pg. 50), we looked at tools to manage the USBports on a PC. Among those tools are some encrypted USB thumb drives.These are great tools as far as they go, but for real industrialstrength protection look into the just released Hydra Privacy Card IIfrom Spyrus.

Thisproduct addresses a variety of difficult scenarios. For example,suppose that you have an employee who wants to steal your customerdatabase and offer it to a competitor as an inducement to hire them.With typical memory sticks, the rogue employee simply downloads thedatabase onto the memory stick and takes it home. If it is encrypted,even if the memory stick is confiscated it won’t reveal its contents.However, with Hydra, unless specifically authorized, the device won’twork in any computer except the one for which it was set up. The datais useless anywhere, except where it is supposed to be.

Hydra isa high security, one GB data encryption tool that runs from the USBport on your computer. However, besides being able to transport datasecurely, Hydra can work with other Spyrus products to provide suchservices as strong authentication and support for smart cards anddigital certificates. Hydra is not just a USB memory stick. It is afully functional computer, only slightly larger than a typical memorystick, that executes strong encryption at a variety of levels.

First,since it is an active device, Hydra requires a powered USB port. Thedevice stores encrypted data on a standard one GB miniSD or miniSDHCmemory card. The card can be removed from the Hydra easily and replacedwith another for multiple blocks of secure storage. Most important,however, Hydra can support storage of classified data under U.S.government standards. Spyrus designed Hydra for validation under FIPS140-2 Level 3, making it suitable for virtually any commercialapplication.

Cryptographically, Hydra supports AES, ECC(Elliptic Curve Cryptography), SHA-2, SHA-512 and ECC-521. Default keylengths are ECC P-384, AES-256 and SHA-384. 

However, securitycontrols don’t stop there. Because you can authorize the deviceexplicitly for the computers on which it is allowed to be used, thereis no fear of losing the Hydra and exposing the data on it. Thepass-phrase, or PIN in Hydra-speak, is never stored on the device orthe computer. When the PIN is set up, it is hashed and
theencryption key is derived from the hash. When the user enters a PIN,the process is reversed. The encryption key itself is encrypted on theHydra only, providing very strong security.

One very usefulcapability of the Hydra is that it not only can encrypt data to thedevice, you can use the Hydra to encrypt data to your PC with the sameencryption strength. Without the Hydra in the USB port, your datacannot be unencrypted. Because the key is stored on the Hydra, even astolen PC is not a worry. PINs can be very long and can consist of anycombination of alphanumeric and special characters.

There areaccess levels for the user and for the administrator, and the productcomes with a simple admin tool to help set up the Hydra and manage it.The host authorization code — the code that authorizes the Hydra onmultiple PCs — can be up to 256 characters long.

We tested theHydra using a simple set of encryption tests and forensic analysis ofthe miniSD card. We tested functionally for residue after ungracefullyremoving the Hydra from the USB port, and we exercised each of itsadvertised functions. Our conclusion is that if you are storingsensitive data of any kind — such as personally identifiableinformation, as an example — this is an extremely secure way to do it.The device is physically tamper-resistant and it destroys theencryption keys after a predetermined number of failed PIN attemptsrendering the data stored on the device unrecoverable.

Since itseparates the encryption device from the computer, and you mustauthorize the device explicitly for the computers with which you wantto use it, the Hydra has some advantages over whole disk encryption.Because it can work with other Spyrus products, full data securityschemes can be devised that fit well in a corporate environment. Spyrustells me that they are working on a tool to manage an enterprise fullof Hydras centrally along with all of the usual enterprise managementcapabilities for managing encryption across a large organization.Spyrus claims that Hydra is the "strongest encryption solutioncommercially available," and we believe that likely is true.
If you deal with sensitive data, especially on laptops, you need the Hydra.

— Peter Stephenson, with Mike Stephenson

Product: Hydra Privacy Card Series II
Company: Spyrus Inc.
Availability:  Now
What it does: USB active data encryptor and storage drive for high-security applications.
What we liked: Veryhigh security and flexibility at a reasonable price - three-factorauthentication (what you know, what you have and where you are) andability to encrypt on the device or on the computer with fullconfidence.
What we didn't like: I've got to picknits here because this is one of the most useful and well conceivedproducts I've seen in a long time. However, the form factor is a bitlarge and it really needs enterprise-wide management.

Product title
Spyrus Hydra Privacy Card Series II
Product info
Name: Hydra Privacy Card Series II Description: Price:

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.