Data Encryption Strategies
By :Fred Moore, President
Introduction to Encryption
As the amount of network-based data storage grows, so does the exposure to data loss.
Unless you are using a mainframe computer, the level of risk to data loss and theft from
unauthorized access is growing daily. The risk has reached a level that data encryption is
being implemented for stored data in addition to the traditional use of encrypting data in
transit. Data encryption is defined as the process of scrambling transmitted or stored
information making it unintelligible until it is unscrambled by the intended recipient.
With regard to computing, data encryption has historically been used primarily to protect
mission critical data, government records and military secrets from foreign governments.
It has been used increasingly over the past 10 years by the financial industry to protect
money transfers, by businesses to protect credit-card information, for electronic
commerce, and by corporations to secure sensitive transmission of proprietary
information. Most of the encryption focus had been on data transmission prior to 2000
but the events of Sept. 11th, 2001 and the rise of compliance are moving the topic of
encrypting data at rest, or stored data, much higher on the priority list of leading-edge
data protection strategies today. The enciphering and deciphering of messages in secret
code or cipher is called cryptology.
In 1977 the Data Encryption Standard (DES and later Triple DES) was adopted in the
United States as the first federal standard. DES applies a 56-bit key to each 64-bit block
of data. Other encryption algorithms in use include Secure Sockets Layer (SSL) for
Internet transactions, Pretty Good Privacy (PGP), and Secure Hypertext Transfer Protocol
(S-HTTP). DES is now considered to be insecure for many applications. This is chiefly
due to the 56-bit key size being too small as DES keys have been broken in less than 24
hours or less as microprocessor speeds increase. Computer chips currently exist for under
$10 that can test 200 million DES keys/second. Since there was growing concern over the
viability DES encryption algorithm, NIST (National Institutes of Standards and
Technology) indicated DES would not be recertified as a standard and submissions for its
replacement to become the encryption standard were accepted.
The second encryption standard to be adopted was known as the Advanced Encryption
Standard (AES). Advanced Encryption Standard is a symmetric (Secret or Private Key)
128-bit block data encryption technique developed by Belgian cryptographers Joan
Daemen and Vincent Rijmen. The U.S government adopted the algorithm as its
encryption technique in October 2000 after a long standardization process, replacing the
DES encryption algorithm. On December 6, 2001, the Secretary of Commerce officially
approved (FIPS) Federal Information Processing Standard 197. It is expected to be used
extensively worldwide as was the case with its predecessor DES. AES is more secure
than DES as it offers a larger key size, while ensuring that the only known approach to
decrypt a message is for an intruder to try every possible key. The AES algorithm can
specify variable key lengths of 128-bit key (the default), a 192-bit key, or a 256-bit key.
AES is a mutually acceptable algorithm that effectively protects sensitive government
information. AES was initially used on a selective basis and is backwards compatible
with DES. Symmetric standards such as DES and AES provide very high levels of
security. Symmetric standards require that both the sender and the receiver must share
the same key and also keep it secret from anyone else. Top Secret information will
require use of either the 192 or 256 key lengths. The implementation of AES in products
intended to protect US national security systems and/or information must be reviewed
and certified by NSA prior to their acquisition and use. As of 2005, no successful attacks
against AES have been recognized.
Asymmetric Encryption differs from symmetric encryption in that uses two keys; a public
key known to everyone and a private key, or secret key, known only to the recipient of
the message. Asymmetric encryption lessens the risk of key exposure by using two
mathematically related keys, the private key and the public key. When users want to send
a secure message to another user, they use the recipient's public key to encrypt the
message. The recipient then uses a private key to decrypt it. An important element to the
public key system is that the public and private keys are related in such a way that only
the public key can be used to encrypt messages and only the corresponding private key
can be used to decrypt them. Moreover, it is virtually impossible to determine the private
key if you know the public key.
There are a number of asymmetric key encryption systems but the best known and most
widely used is RSA, named for its three co-inventors Rivest, Shamir and Adleman. The
Secure Sockets Layer used for secure communications on the Internet uses RSA (the
https protocol is simply http over SSL). Asymmetric encryption is based on algorithms
that are more complex and its performance overhead is more significant making it
unsuitable for encrypting very large amounts of data. It is possible to take advantage of
the strengths of both key methods by encrypting data with a symmetric key, and then
protecting this key with asymmetric encryption though this area of encryption is in its
early stages. Asymmetric encryption is considered one level more secure than symmetric
encryption, because the decryption key can be kept private.
Keys are the Key
The basic idea of key-based encryption means that a block, file or other unit of data is
scrambled in a way so that the original information is hidden within a level of encryption.
The scrambled data is called cyphertext. In theory, only the person or machine doing the
scrambling and the recipient of the cyphertext know how to decrypt or unscramble the
data since it will have been encrypted using an agreed-upon set of keys. The difficulty of
cracking an encrypted message is a function of the key length. For example, an 8-bit key
allows for only 256 possible keys (28) and could be cracked quickly. A 128-bit key
(which equates to searching 2128 keys) might take decades to crack. The same computer
power that yields strong encryption can be used to break weak encryption schemes.
Strong encryption makes data private, but not necessarily secure. To be secure, the
recipient of the data, often a server, must be positively identified as being the approved
party. This is usually accomplished online using digital signatures or certificates.
Encryption keys and passwords should be stored in escrow with a secure third party. It is
important to establish an effective key management plan. Key management is the key to
successful use of encryption!
A third category of cryptology is called Hashing (One-Way) Encryption. A hash is a
cryptographic algorithm that takes data input of any length and produces an output of a
fixed length. The hash output is called a digital signature and is used for data integrity.
Some hash algorithms such as MD5 (Message Digest 5) have the possibility of producing
the same signature making it vulnerable to attack as a duplicate key can be produced.
Digital signatures typically range from 128 bits using the MD5 algorithm to160 bits in
size using the more secure SHA1 (Secure Hash Algorithm 1) algorithm. The larger the
signature, the more secure the hash though performance degrades as hash size increases.
Date Year Event
NBS (National Bureau of Standards) publishes a first request for a standard
15 May 1973
27 August 1974 NBS publishes a second request for encryption algorithms
17 March 1975 DES is published in the Federal Register for comment
August 1976 First workshop on DES
September 1976 Second workshop, discussing mathematical foundation of DES
November 1976 DES is approved as a standard
15 January 1977 DES is published as a FIPS standard FIPS PUB 46
1983 DES is reaffirmed for the first time
1986 Videocipher II, a TV satellite scrambling system based upon DES begins use by HBO
22 January 1988 DES is reaffirmed for the second time as FIPS 46-1, superseding FIPS PUB 46
Biham and Shamir publish the first theoretical attack with less complexity than brute
1992 force: differential cryptanalysis. However, it requires an unrealistic 247 chosen
plaintexts (Biham and Shamir, 1992).
30 December 1993 DES is reaffirmed for the third time as FIPS 46-2
The first experimental cryptanalysis of DES is performed using linear cryptanalysis
The DESCHALL Project breaks a message encrypted with DES for the first time in
July 1998 The EFF's DES cracker (Deep Crack) breaks a DES key in 56 hours.
Together, Deep Crack and distributed.net break a DES key in 22 hours and 15
DES is reaffirmed for the fourth time as FIPS 46-3, which specifies the preferred use
25 October 1999
of Triple DES, with single DES permitted only in legacy systems.
26 November 2001 The Advanced Encryption Standard is published in FIPS 197
26 May 2002 The AES standard becomes effective
The withdrawal of FIPS 46-3 (and a couple of related standards) is proposed in the
26 July 2004
Federal Register 
Data exposure grows
For years the storage industry focused its high availability developments on protecting
data from technology failures such as disk crashes or tapes that couldn’t be read.
Technology failures were addressed with concepts such RAID, clustering, component
redundancy, and replication software, and vastly improved intelligent error recovery
capabilities for both disk and tape. With the use of vulnerable IP storage networks in full
swing by 2000, a new threat to data loss appeared called intrusion and it became the next
big data exposure issue for the IT industry to address.
Malicious attacks on company networks are nearly doubling each year and the biggest
source is now believed to be employees. Worms, viruses, spyware and spam have
contaminated porous IP networks causing significant business losses and an estimated
80% of the e-mail content being transmitted on the Internet is estimated to be useless.
This is a growing threat to the future of data protection since over 50% of all disk data is
now network-attached via NAS or SAN. This threat is growing as computers and systems
become increasingly connected, not only through the Internet but through business
partnerships that establish connections and interfaces. Viruses, worms, Trojan horses,
zombies, distributed denial-of-service attacks, hacking, blended threats are all out there,
and many can hitch rides with e-mails, downloads and electronic transmissions, including
instant messages. There are an estimated 60,000 different viruses currently being
transmitted via the Internet.
Even network routers have become vulnerable to attack. Router products running certain
versions of specially written IP Version 6 packets can be affected by the IP design flaw as
malicious hackers can compromise routers to stop, redirect and scramble network traffic.
An increasing number of companies are deploying encryption appliances for data that is
stored on its SANs. Network encryption appliances help fill a growing security gap,
securing data both at rest in storage devices and on the SAN itself. Having spent a huge
amount of time and money shoring up their physical security, many enterprises are
beginning to guard their stored data against insider attacks, disgruntled employees, and
unprincipled contractors and visiting clients. Another reason for the heightened interest in
encryption is the advent of government regulations like HIPAA, Sarbanes-Oxley and
PHIPA in Canada.
Total claims filed in the US in 2004 for damages caused by worms and viruses totaled
$17.5B according to a survey released by the Computer Economics Impact of Malicious
Code Study. The Love-bug attack in 2004 cost an estimated $8.8B in damages alone!
Intrusion is being addressed by anti-virus protection software but this remains a catch-up
game for now as the exposure to data loss mounts. Viruses and worms are more
aggressively targeting handheld devices, cell phones and embedded computers in cars
this year, according to a report released by IBM. Security jobs are on the rise and
estimates are for 2.1 million information security professionals in 2008, up from 1.3
million in 2005. Data security may well be on its way to becoming the most important
storage management discipline.
Recent examples of data loss and vulnerability
Businesses are storing more data in distributed locations than ever before to guard against
physical threats such as loss of electricity, floods, hurricanes or other site related
damages. Data may arrive at distributed locations either electronically or the media can
be physically transported in an offline mode by other vehicles. What happens if the data
being transported to another location is lost or stolen?
The growing list of lost data and security breaches includes CardSystems loss of account
information for 200,000 credit card holders, some 6,000 current and former employees of
the Federal Insurance Deposit Corp. had data revealed through a security breach, a loss of
backup tapes at City National Bank, and Bank of America Corp. disclosed early in 2005
that it lost digital tapes containing the credit card account records of 1.2 million federal
employees including 60 U.S. senators. Was the data really lost? Was the data stolen?
Who has the data now? Is it in the hands of unauthorized personnel? Is this valuable data
readable or was it encrypted so it could not be understood? What does this mean to
potential identity theft problems? Finding answers to these questions has been difficult. If
any of this “data at rest” had been encrypted, the damages would be minimized.
Some industry analysts said the rising number of mishaps highlight the risk of physically
moving valuable archival data to geographically separated storage facilities and will
likely feed a movement toward network-based backup schemes. Others point out that IP-
based networks have their own growing number of vulnerabilities and are subject to
additional intrusion bringing along an additional set of security issues. Still others say
that weak IT security technology is fueling an identity theft crisis. In an Information
Week survey published in July, 2005, only 7 percent of the companies indicated that they
always encrypted data backed up to tape. These and other breaches have prompted most
businesses to conduct a comprehensive review of their security procedures. California
Senate Bill 1386 requires that companies publicly disclose instances when they believe
unencrypted personal information about California residents might have been
compromised. The bill has led many companies to believe that implementing encryption
could keep them out of the headlines.
A major risk factor associated with stolen or lost data is that it can’t be well protected
unless it is encrypted. Stolen data can always be physically destroyed. Data stored on
fixed or removable storage is called data at rest (versus data in transit.) Encrypting data in
transit has nothing to do with protecting data that is attacked after it is stored at its
endpoints. While RAID and redundancy address the device failure problems, anti-virus
protection software addresses the access and data intrusion problems, encryption
addresses the data loss/data theft problem. With as much as 80% of the world’s digital
data estimated to reside on removable storage and with the value of archival data
constantly increasing in value, protecting data at rest must be now treated as more than
managing an archival repository whether it resides on disk or tape. Presently the majority
of IT businesses haven’t directly addressed encryption as part of their high availability
strategy for stored data. That trend is about to change.
Implementing encryption today
Data encryption is nothing new, but when it is used in conjunction with high-
performance, high-volume enterprise storage, it poses some legitimate challenges. For
example, encryption and decryption are compute-intensive activities that can slow access
to stored data, especially when organizations are storing and accessing massive amounts
of information. Encryption doesn’t help for device failure, worms or viruses. It does help
for data theft, such as from spyware or lost media, as the encrypted data is meaningless.
Storage security appliances are the most common method of implementing encryption for
data at rest today. The appliances are placed between the storage devices (disk and more
commonly tape) and the server running applications requesting the encrypted data. The
appliance encrypts all data going to storage, and decrypts data going back to the
applications as it monitors all file access attempts. Stored data is encrypted and hence
unreadable if the data is lost, stolen or even if spyware is trying to extract your
information for undesirable purposes. Storage security appliances can both prevent
malicious insiders and unwelcome outsiders from trying to access and make valuable data
meaningful. While secure-storage appliances can protect data at rest, they can also purge
it after a prescribed time by simply deleting keys. Rules can be implemented for retaining
data for a specific period of time. The appliance can delete the relevant keys when the
specified lifecycle or retention period has expired. In particular, notebook PC storage
resides on disk and it is frequently in transit making it subject to theft. As a result, few
disk drive providers are beginning to provide encryption for disks used in PC’s.
Storage encryption products are typically sold as combined hardware/software
appliances. List prices for appliances typically start around $20-25,000 range and are
usually deployed in pairs to enable higher availability and for redundancy. Depending on
the amount of data and devices to be encrypted, the price for encryption can climb
quickly. It may very well be worth it!
What data should be encrypted?
Despite appliances’ ability to encrypt data at rest, knowing what data to encrypt today is
important to optimize costs and more importantly to protect critical information from
theft. It has become crucial for businesses to know the value of their data and classify it
for a growing number of reasons. Some very large businesses are only securing regulated
data in their storage environments since managing the keys and the overall encryption
process can become time consuming. Small and medium-size companies often consider
encrypting just about everything to ease the management challenge. Standard data
classifications listed below are primarily based on a recovery time objective (RTO). Keep
in mind that data in each category can be a candidate for encryption as non-critical data
might not be needed immediately after a failure but is still valuable.
Data Classification Category Description
1) Mission Critical Up to 15% of online data, extremely valuable data
required for business survival in the event of a
disaster. Normally mirrored to disk and also backed
to tape in a different geographic location.
2) Vital About 20% of online data. Highly valuable data
used in normal business processes but may not be
immediately needed for a disaster recovery.
Normally backed up to tape and/or replicated to
lower cost disk storage.
3) Sensitive About 25% of online data. Data used in normal
business processes that has an alternative source or
can be reconstructed and may not be needed for
hours or days after a disaster but may have varying
degrees of value. Normally backed up to automated
4) Non-critical Typically 40% of online data. Data that is not
needed for quick disaster recovery but may have
varying degrees of value. Easily reconstructed or
duplicated from prior backup or archival copies.
Source: Horison, Inc.
Compressing data at rest on disk has only been implemented by one manufacturer,
StorageTek, and never became a de-facto standard for disk data. The decision about
what disk data to encrypt should ultimately stem from a data classification exercise.
Encryption can be applied to an entire disk volume or drive. To use the drive, it is
considered “mounted” using a special decryption key. In this state the drive can be
used and read normally. When finished, the drive is dismounted and returns to an
encrypted state, unreadable by Trojan horses, spyware or other snoop software.
Encryption overhead increases as the keys get larger and it isn’t clear yet how
widespread encryption for disk applications will become since disk applications are
more performance sensitive than tape data.
Despite evidence that stored data is now more vulnerable than data in transit, most
encryption efforts remain focused on data transmission. Encryption makes sense for
backup tapes, laptops, PDAs or other portable storage media containing sensitive
information, as well as credit card numbers stored in databases. The issue of
encrypting data at rest is moving to center stage and it has unfortunately become a
necessity for today’s responsible businesses as the threat of data loss and theft mounts
daily. Implementing encryption has been used selectively in the past and it can be a
trying process. Though encrypting data is quickly gaining momentum, it will continue
to be used for specific applications in the near term.
Encryption for data at rest was considered in parallel with the introduction of in-line
compression for tape drives in the mid-1980’s, but the demand did not warrant
implementation. Today, the march toward encryption is reminiscent of the way data
compression became a standard method for storing data at rest on tape in the
mid-1980 period. Up to that point, a variety of cycle-intensive, server-based software
techniques were used to compress data being written to tape and disk. Each used
different algorithms and the data had to be de-compressed with the same algorithm
that compressed data. Finally, IBM and StorageTek each implemented compression in
an ASIC (Application Specific Integrated Circuit) in their tape drives using
compatible algorithms. In a few years, everything written to magnetic tape drives from
any vendor was compressed and the end-user didn’t have to worry about deciding
what data to compress or not because it was all compressed. Compression for data at
rest (on tape) soon became a de-facto standard function for all tape drive
It may take a while longer to standardize, but a more likely way that widespread
implementation of encryption for data at rest will emerge is in the tape drive itself,
similar to compression, via an ASIC. This presents the scenario that essentially all
data at rest, for mainframe and non-mainframe systems, will be encrypted for a wide
variety of security, legal and lifecycle retention requirements. So far, a surprising level
of disregard for storage security from the large storage providers has created
opportunities for a handful of encryption products and appliances. Companies such as
Decru, NeoScale (acquired by NetApp in 2005), Vormetric, Kasten Chase and Ingrian
Networks have all developed unique software and/or hardware solutions to help
protect against hackers and other attackers. Stay abreast of your storage and IT
vendor’s strategies for encryption, the future of your most valuable asset will most
likely depend on it.
www.decru.com (acquired by NetApp)