• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Encryption Chronology.doc

Encryption Chronology.doc






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Encryption Chronology.doc Encryption Chronology.doc Document Transcript

    • Data Encryption Strategies By :Fred Moore, President Horison, Inc. http://www.horison.com Introduction to Encryption As the amount of network-based data storage grows, so does the exposure to data loss. Unless you are using a mainframe computer, the level of risk to data loss and theft from unauthorized access is growing daily. The risk has reached a level that data encryption is being implemented for stored data in addition to the traditional use of encrypting data in transit. Data encryption is defined as the process of scrambling transmitted or stored information making it unintelligible until it is unscrambled by the intended recipient. With regard to computing, data encryption has historically been used primarily to protect mission critical data, government records and military secrets from foreign governments. It has been used increasingly over the past 10 years by the financial industry to protect money transfers, by businesses to protect credit-card information, for electronic commerce, and by corporations to secure sensitive transmission of proprietary information. Most of the encryption focus had been on data transmission prior to 2000 but the events of Sept. 11th, 2001 and the rise of compliance are moving the topic of encrypting data at rest, or stored data, much higher on the priority list of leading-edge data protection strategies today. The enciphering and deciphering of messages in secret code or cipher is called cryptology. DES In 1977 the Data Encryption Standard (DES and later Triple DES) was adopted in the United States as the first federal standard. DES applies a 56-bit key to each 64-bit block of data. Other encryption algorithms in use include Secure Sockets Layer (SSL) for Internet transactions, Pretty Good Privacy (PGP), and Secure Hypertext Transfer Protocol (S-HTTP). DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small as DES keys have been broken in less than 24 hours or less as microprocessor speeds increase. Computer chips currently exist for under
    • $10 that can test 200 million DES keys/second. Since there was growing concern over the viability DES encryption algorithm, NIST (National Institutes of Standards and Technology) indicated DES would not be recertified as a standard and submissions for its replacement to become the encryption standard were accepted. AES The second encryption standard to be adopted was known as the Advanced Encryption Standard (AES). Advanced Encryption Standard is a symmetric (Secret or Private Key) 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. The U.S government adopted the algorithm as its encryption technique in October 2000 after a long standardization process, replacing the DES encryption algorithm. On December 6, 2001, the Secretary of Commerce officially approved (FIPS) Federal Information Processing Standard 197. It is expected to be used extensively worldwide as was the case with its predecessor DES. AES is more secure than DES as it offers a larger key size, while ensuring that the only known approach to decrypt a message is for an intruder to try every possible key. The AES algorithm can specify variable key lengths of 128-bit key (the default), a 192-bit key, or a 256-bit key. AES is a mutually acceptable algorithm that effectively protects sensitive government information. AES was initially used on a selective basis and is backwards compatible with DES. Symmetric standards such as DES and AES provide very high levels of security. Symmetric standards require that both the sender and the receiver must share the same key and also keep it secret from anyone else. Top Secret information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect US national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use. As of 2005, no successful attacks against AES have been recognized. Asymmetric Encryption Asymmetric Encryption differs from symmetric encryption in that uses two keys; a public key known to everyone and a private key, or secret key, known only to the recipient of the message. Asymmetric encryption lessens the risk of key exposure by using two mathematically related keys, the private key and the public key. When users want to send a secure message to another user, they use the recipient's public key to encrypt the message. The recipient then uses a private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to determine the private key if you know the public key. There are a number of asymmetric key encryption systems but the best known and most widely used is RSA, named for its three co-inventors Rivest, Shamir and Adleman. The Secure Sockets Layer used for secure communications on the Internet uses RSA (the https protocol is simply http over SSL). Asymmetric encryption is based on algorithms that are more complex and its performance overhead is more significant making it unsuitable for encrypting very large amounts of data. It is possible to take advantage of the strengths of both key methods by encrypting data with a symmetric key, and then
    • protecting this key with asymmetric encryption though this area of encryption is in its early stages. Asymmetric encryption is considered one level more secure than symmetric encryption, because the decryption key can be kept private. Keys are the Key The basic idea of key-based encryption means that a block, file or other unit of data is scrambled in a way so that the original information is hidden within a level of encryption. The scrambled data is called cyphertext. In theory, only the person or machine doing the scrambling and the recipient of the cyphertext know how to decrypt or unscramble the data since it will have been encrypted using an agreed-upon set of keys. The difficulty of cracking an encrypted message is a function of the key length. For example, an 8-bit key allows for only 256 possible keys (28) and could be cracked quickly. A 128-bit key (which equates to searching 2128 keys) might take decades to crack. The same computer power that yields strong encryption can be used to break weak encryption schemes. Strong encryption makes data private, but not necessarily secure. To be secure, the recipient of the data, often a server, must be positively identified as being the approved party. This is usually accomplished online using digital signatures or certificates. Encryption keys and passwords should be stored in escrow with a secure third party. It is important to establish an effective key management plan. Key management is the key to successful use of encryption! Hashing A third category of cryptology is called Hashing (One-Way) Encryption. A hash is a cryptographic algorithm that takes data input of any length and produces an output of a fixed length. The hash output is called a digital signature and is used for data integrity. Some hash algorithms such as MD5 (Message Digest 5) have the possibility of producing the same signature making it vulnerable to attack as a duplicate key can be produced. Digital signatures typically range from 128 bits using the MD5 algorithm to160 bits in size using the more secure SHA1 (Secure Hash Algorithm 1) algorithm. The larger the signature, the more secure the hash though performance degrades as hash size increases. Encryption Chronology Date Year Event NBS (National Bureau of Standards) publishes a first request for a standard 15 May 1973 encryption algorithm 27 August 1974 NBS publishes a second request for encryption algorithms 17 March 1975 DES is published in the Federal Register for comment August 1976 First workshop on DES September 1976 Second workshop, discussing mathematical foundation of DES November 1976 DES is approved as a standard
    • 15 January 1977 DES is published as a FIPS standard FIPS PUB 46 1983 DES is reaffirmed for the first time 1986 Videocipher II, a TV satellite scrambling system based upon DES begins use by HBO 22 January 1988 DES is reaffirmed for the second time as FIPS 46-1, superseding FIPS PUB 46 Biham and Shamir publish the first theoretical attack with less complexity than brute 1992 force: differential cryptanalysis. However, it requires an unrealistic 247 chosen plaintexts (Biham and Shamir, 1992). 30 December 1993 DES is reaffirmed for the third time as FIPS 46-2 The first experimental cryptanalysis of DES is performed using linear cryptanalysis 1994 (Matsui, 1994). The DESCHALL Project breaks a message encrypted with DES for the first time in June 1997 public. July 1998 The EFF's DES cracker (Deep Crack) breaks a DES key in 56 hours. Together, Deep Crack and distributed.net break a DES key in 22 hours and 15 January 1999 minutes. DES is reaffirmed for the fourth time as FIPS 46-3, which specifies the preferred use 25 October 1999 of Triple DES, with single DES permitted only in legacy systems. 26 November 2001 The Advanced Encryption Standard is published in FIPS 197 26 May 2002 The AES standard becomes effective The withdrawal of FIPS 46-3 (and a couple of related standards) is proposed in the 26 July 2004 Federal Register [1] Source: http://en.wikipedia.org/wiki/DES Data exposure grows For years the storage industry focused its high availability developments on protecting data from technology failures such as disk crashes or tapes that couldn’t be read. Technology failures were addressed with concepts such RAID, clustering, component redundancy, and replication software, and vastly improved intelligent error recovery capabilities for both disk and tape. With the use of vulnerable IP storage networks in full swing by 2000, a new threat to data loss appeared called intrusion and it became the next big data exposure issue for the IT industry to address. Malicious attacks on company networks are nearly doubling each year and the biggest source is now believed to be employees. Worms, viruses, spyware and spam have contaminated porous IP networks causing significant business losses and an estimated 80% of the e-mail content being transmitted on the Internet is estimated to be useless. This is a growing threat to the future of data protection since over 50% of all disk data is now network-attached via NAS or SAN. This threat is growing as computers and systems become increasingly connected, not only through the Internet but through business partnerships that establish connections and interfaces. Viruses, worms, Trojan horses, zombies, distributed denial-of-service attacks, hacking, blended threats are all out there,
    • and many can hitch rides with e-mails, downloads and electronic transmissions, including instant messages. There are an estimated 60,000 different viruses currently being transmitted via the Internet. Even network routers have become vulnerable to attack. Router products running certain versions of specially written IP Version 6 packets can be affected by the IP design flaw as malicious hackers can compromise routers to stop, redirect and scramble network traffic. An increasing number of companies are deploying encryption appliances for data that is stored on its SANs. Network encryption appliances help fill a growing security gap, securing data both at rest in storage devices and on the SAN itself. Having spent a huge amount of time and money shoring up their physical security, many enterprises are beginning to guard their stored data against insider attacks, disgruntled employees, and unprincipled contractors and visiting clients. Another reason for the heightened interest in encryption is the advent of government regulations like HIPAA, Sarbanes-Oxley and PHIPA in Canada. Total claims filed in the US in 2004 for damages caused by worms and viruses totaled $17.5B according to a survey released by the Computer Economics Impact of Malicious Code Study. The Love-bug attack in 2004 cost an estimated $8.8B in damages alone! Intrusion is being addressed by anti-virus protection software but this remains a catch-up game for now as the exposure to data loss mounts. Viruses and worms are more aggressively targeting handheld devices, cell phones and embedded computers in cars this year, according to a report released by IBM. Security jobs are on the rise and estimates are for 2.1 million information security professionals in 2008, up from 1.3 million in 2005. Data security may well be on its way to becoming the most important storage management discipline. Recent examples of data loss and vulnerability Businesses are storing more data in distributed locations than ever before to guard against physical threats such as loss of electricity, floods, hurricanes or other site related damages. Data may arrive at distributed locations either electronically or the media can be physically transported in an offline mode by other vehicles. What happens if the data being transported to another location is lost or stolen? The growing list of lost data and security breaches includes CardSystems loss of account information for 200,000 credit card holders, some 6,000 current and former employees of the Federal Insurance Deposit Corp. had data revealed through a security breach, a loss of backup tapes at City National Bank, and Bank of America Corp. disclosed early in 2005 that it lost digital tapes containing the credit card account records of 1.2 million federal employees including 60 U.S. senators. Was the data really lost? Was the data stolen? Who has the data now? Is it in the hands of unauthorized personnel? Is this valuable data readable or was it encrypted so it could not be understood? What does this mean to potential identity theft problems? Finding answers to these questions has been difficult. If any of this “data at rest” had been encrypted, the damages would be minimized.
    • Some industry analysts said the rising number of mishaps highlight the risk of physically moving valuable archival data to geographically separated storage facilities and will likely feed a movement toward network-based backup schemes. Others point out that IP- based networks have their own growing number of vulnerabilities and are subject to additional intrusion bringing along an additional set of security issues. Still others say that weak IT security technology is fueling an identity theft crisis. In an Information Week survey published in July, 2005, only 7 percent of the companies indicated that they always encrypted data backed up to tape. These and other breaches have prompted most businesses to conduct a comprehensive review of their security procedures. California Senate Bill 1386 requires that companies publicly disclose instances when they believe unencrypted personal information about California residents might have been compromised. The bill has led many companies to believe that implementing encryption could keep them out of the headlines. A major risk factor associated with stolen or lost data is that it can’t be well protected unless it is encrypted. Stolen data can always be physically destroyed. Data stored on fixed or removable storage is called data at rest (versus data in transit.) Encrypting data in transit has nothing to do with protecting data that is attacked after it is stored at its endpoints. While RAID and redundancy address the device failure problems, anti-virus protection software addresses the access and data intrusion problems, encryption addresses the data loss/data theft problem. With as much as 80% of the world’s digital data estimated to reside on removable storage and with the value of archival data constantly increasing in value, protecting data at rest must be now treated as more than managing an archival repository whether it resides on disk or tape. Presently the majority of IT businesses haven’t directly addressed encryption as part of their high availability strategy for stored data. That trend is about to change. Implementing encryption today Data encryption is nothing new, but when it is used in conjunction with high- performance, high-volume enterprise storage, it poses some legitimate challenges. For example, encryption and decryption are compute-intensive activities that can slow access to stored data, especially when organizations are storing and accessing massive amounts of information. Encryption doesn’t help for device failure, worms or viruses. It does help for data theft, such as from spyware or lost media, as the encrypted data is meaningless. Storage security appliances are the most common method of implementing encryption for data at rest today. The appliances are placed between the storage devices (disk and more commonly tape) and the server running applications requesting the encrypted data. The appliance encrypts all data going to storage, and decrypts data going back to the applications as it monitors all file access attempts. Stored data is encrypted and hence unreadable if the data is lost, stolen or even if spyware is trying to extract your information for undesirable purposes. Storage security appliances can both prevent malicious insiders and unwelcome outsiders from trying to access and make valuable data meaningful. While secure-storage appliances can protect data at rest, they can also purge it after a prescribed time by simply deleting keys. Rules can be implemented for retaining
    • data for a specific period of time. The appliance can delete the relevant keys when the specified lifecycle or retention period has expired. In particular, notebook PC storage resides on disk and it is frequently in transit making it subject to theft. As a result, few disk drive providers are beginning to provide encryption for disks used in PC’s. Storage encryption products are typically sold as combined hardware/software appliances. List prices for appliances typically start around $20-25,000 range and are usually deployed in pairs to enable higher availability and for redundancy. Depending on the amount of data and devices to be encrypted, the price for encryption can climb quickly. It may very well be worth it! What data should be encrypted? Despite appliances’ ability to encrypt data at rest, knowing what data to encrypt today is important to optimize costs and more importantly to protect critical information from theft. It has become crucial for businesses to know the value of their data and classify it for a growing number of reasons. Some very large businesses are only securing regulated data in their storage environments since managing the keys and the overall encryption process can become time consuming. Small and medium-size companies often consider encrypting just about everything to ease the management challenge. Standard data classifications listed below are primarily based on a recovery time objective (RTO). Keep in mind that data in each category can be a candidate for encryption as non-critical data might not be needed immediately after a failure but is still valuable. Data Classification Category Description 1) Mission Critical Up to 15% of online data, extremely valuable data required for business survival in the event of a disaster. Normally mirrored to disk and also backed to tape in a different geographic location. 2) Vital About 20% of online data. Highly valuable data used in normal business processes but may not be immediately needed for a disaster recovery. Normally backed up to tape and/or replicated to lower cost disk storage. 3) Sensitive About 25% of online data. Data used in normal business processes that has an alternative source or can be reconstructed and may not be needed for hours or days after a disaster but may have varying degrees of value. Normally backed up to automated tape. 4) Non-critical Typically 40% of online data. Data that is not needed for quick disaster recovery but may have varying degrees of value. Easily reconstructed or duplicated from prior backup or archival copies. Source: Horison, Inc.
    • Compressing data at rest on disk has only been implemented by one manufacturer, StorageTek, and never became a de-facto standard for disk data. The decision about what disk data to encrypt should ultimately stem from a data classification exercise. Encryption can be applied to an entire disk volume or drive. To use the drive, it is considered “mounted” using a special decryption key. In this state the drive can be used and read normally. When finished, the drive is dismounted and returns to an encrypted state, unreadable by Trojan horses, spyware or other snoop software. Encryption overhead increases as the keys get larger and it isn’t clear yet how widespread encryption for disk applications will become since disk applications are more performance sensitive than tape data. Conclusion Despite evidence that stored data is now more vulnerable than data in transit, most encryption efforts remain focused on data transmission. Encryption makes sense for backup tapes, laptops, PDAs or other portable storage media containing sensitive information, as well as credit card numbers stored in databases. The issue of encrypting data at rest is moving to center stage and it has unfortunately become a necessity for today’s responsible businesses as the threat of data loss and theft mounts daily. Implementing encryption has been used selectively in the past and it can be a trying process. Though encrypting data is quickly gaining momentum, it will continue to be used for specific applications in the near term. Encryption for data at rest was considered in parallel with the introduction of in-line compression for tape drives in the mid-1980’s, but the demand did not warrant implementation. Today, the march toward encryption is reminiscent of the way data compression became a standard method for storing data at rest on tape in the mid-1980 period. Up to that point, a variety of cycle-intensive, server-based software techniques were used to compress data being written to tape and disk. Each used different algorithms and the data had to be de-compressed with the same algorithm that compressed data. Finally, IBM and StorageTek each implemented compression in an ASIC (Application Specific Integrated Circuit) in their tape drives using compatible algorithms. In a few years, everything written to magnetic tape drives from any vendor was compressed and the end-user didn’t have to worry about deciding what data to compress or not because it was all compressed. Compression for data at rest (on tape) soon became a de-facto standard function for all tape drive manufacturers. It may take a while longer to standardize, but a more likely way that widespread implementation of encryption for data at rest will emerge is in the tape drive itself, similar to compression, via an ASIC. This presents the scenario that essentially all data at rest, for mainframe and non-mainframe systems, will be encrypted for a wide variety of security, legal and lifecycle retention requirements. So far, a surprising level of disregard for storage security from the large storage providers has created
    • opportunities for a handful of encryption products and appliances. Companies such as Decru, NeoScale (acquired by NetApp in 2005), Vormetric, Kasten Chase and Ingrian Networks have all developed unique software and/or hardware solutions to help protect against hackers and other attackers. Stay abreast of your storage and IT vendor’s strategies for encryption, the future of your most valuable asset will most likely depend on it. Relevant links www.storagetek.com www.ibm.com www.decru.com (acquired by NetApp) www.vormetric.com www.neoscale.com www.kastenchase.com www.ingrian.com