In March 2010, at the RSA Security Conference in San Francisco, SPYRUS representatives issued a security challenge to conference attendees: They handed out dozens of microSD cards and offered $10,000 to anyone who could recover a file that was encrypted using the SPYRUS Hydra Privacy Card personal encryption device. Months later, the company hasn’t heard a peep. And you wouldn’t think so from a device that just recently underwent a detailed review by the National Security Agency (NSA) against strict security requirements for protecting data at rest in a personal encrypting USB flash drive. Let’s take a look at this imposing security device.
Installation is fairly straightforward—and quick, taking all of two or three minutes. You insert the HydraPC CD into your CD drive, and click Install Hydra PC Secure Mass Storage (SMS). The rather clunky setup process first configures the Microsoft Visual C++ 2005 Redistributable, then installs the Hydra software. (I tried installing the software on a 64-bit system and failed. Hydra informed me onscreen that it doesn't support 64-bit systems, preferring 32-bit x86 systems instead. I didn’t see this limitation in the included Installation Guide or Admin Tools Guide PDF documents.) After a required restart, I plugged in the 1GB Hydra PC into an available USB port. The device itself sports a new design that’s smaller than its predecessor—about the size of a typical USB flash drive at 2.6" × .9” × .3".
After some quick configuration steps, the Hydra PC Management Console appeared before me, offering a rather spare UI for the Hydra PC administration tools. (You must be logged on as a member of the Administrator group to start the console.) A dropdown list displays all the available Hydra PCs connected to your computer, and directly adjacent to this list are Refresh, Initialize, Change PIN, Zeroize, and Set HAC buttons. The Refresh button is simply for refreshing drive information. Before you use the Hydra PC for the first time, you initialize it to generate keys and set user and admin PINs. (You can also set an optional Host Authorization Code—HAC.) You use the user PIN to log on to the Hydra PC, and you use the admin PIN for public key infrastructure (PKI) operations such as importing a digital certificate. The Zeroize button erases, or “destroys,” all keys and PINs on the Hydra PC. Before you select this option, understand that files encrypted using the zeroized keys and then deleted from the device can no longer be decrypted.
How does such a simple setup provide some of the best data-theft protection in the industry? Simply put, the Hydra PC—as its name suggests—is more a computer than a USB stick. And it’s a computer with a laser focus on security. Although it runs from the unassuming USB port, it provides extremely powerful encryption for your data. Once the system is configured, it can encrypt and store files and folders within its internal memory, or you can encrypt and store files and folders anywhere—even in the cloud. Every file that you store on the Hydra PC is encrypted with a unique key: Both the plaintext and the resulting ciphertext are digitally signed and time-stamped, and the device embeds your credentials.
The Hydra PC stores encrypted data on a standard 1GB microSD memory card. You simply snap off the end of the device to remove and replace the card with another. When you insert a new microSD card into the device, it’s usable only after you format and encrypt it; when the microSD card is removed from the Hydra PC, it data is unintelligible anywhere else. With proper credentials, you can clone microSD cards to create encrypted backups. Security is built into the base unit, so the Hydra PC offers substantial expandability.
In late 2009, the Hydra PC Personal Encryption Device became the first commercial encryption device approved to protect tactical data in accordance with CNSS Instruction 4009 at the SECRET level and below. Quite a distinction. The device is also validated to FIPS 140-2 Level 3 and exceeds the new security requirements recently issued by the US Department of Defense for encrypted flash drives. Yes, I know I’d feel safe with my data in Hydra’s hands.
