SlideShare a Scribd company logo

IBM System Storage Data Encryption

Download as PPTX, PDF
B
Behroz Zarrinfar

IBM System Storage Data Encryption

Technology
1 of 24
IBM System Storage Data Encryption Presented By : Esmaeil Zarrinfar zarrinfar@gmail.com
Topic  Data Encryption  Definition  Symmetric key encryption  Asymmetric key encryption  Hybrid encryption  Digital certificates  Key Management  Encryption Key Manager  Tivoli Key Lifecycle Manager  IBM Tape Drive & Disk System Encryption  IBM Tape Drive TS1120 & TS1130 & LTO Model  IBM Disk System DS5000 & DS8000  References 2
Data Encryption Definition  Encryption transforms data that is unprotected, or plain text, into encrypted data, or cipher text, by using a key.  IBM invented one of the first computer-based algorithms, Data Encryption Standard (DES), in 1974.  With the advances in computer technology, DES is now considered obsolete.  Today :Triple DES (TDES) and Advanced Encryption Standard (AES)  Early encryption methods used the same key to encrypt clear text to generate cipher text and to decrypt the cipher text to regenerate the clear text. This method is called symmetric encryption.  asymmetric encryption algorithms use separate keys for encryption and decryption 3
Data Encryption Symmetric Key Encryption 4
Data Encryption Symmetric Key Encryption Known As private or secret key encryption. The Symmetric key encryption method uses one key for encrypting and decrypting data. Well-known symmetric key examples include AES, Twofish, Blowfish, Serpent, Cast5, DES,TDES, and IDEA Adv  Symmetric Key Proccess is Very Fast. Adv  Symmetric Key length is short. DisAdv  Way that keys are exchanged DisAdv  Number of required keys 5
Data Encryption Symmetric Key Encryption 6
Data Encryption Asymmetric Key Encryption  Known As public-private key encryption or public key encryption.  The asymmetric key encryption method uses key pairs for encrypting and decrypting data.  One key is used to encrypt the data, and the other key is used to decrypt the data  Public key used to encrypt the data.  Private key used to decrypt the data.  Well-known Asymmetric key examples include RSA, Diffie-Hellman, Elliptic curve , cryptography (ECC), and ElGamal.  Adv  The ability to share secret data without sharing the same encryption key.  DisAdv  Asymmetric key encryption is computationally more intensive and therefore significantly slower than symmetric key encryption. 7
Data Encryption Symmetric Key Encryption 8
Data Encryption Hybrid Encryption  Hybrid encryption is combine symmetric and asymmetric encryption.  Hybrid methods use a symmetric data key to actually encrypt and decrypt data.  The recipient is able to decrypt the encrypted data key and use the data key to encrypt or decrypt a message.  Adv  Secure and Convenient key exchange with fast and efficient encryption 9
IBM Key Management methods Encryption challenges  Key security :  To preserve the security of encryption keys, the implementation must ensure that no one individual (system or person) has access to all the information required to determine the encryption key.  Key availability :  To preserve the access to encryption keys, many techniques can be used in an implementation to ensure that more than one agent has access to any single piece of information necessary to determine an encryption key.  Solution :  A key server is integrated with encrypting storage products to resolve most of the security and usability issues associated with key management for encrypted storage 10
IBM Key Management methods  Key security :  To preserve the security of encryption keys, the implementation must ensure that no one individual (system or person) has access to all the information required to determine the encryption key.  Key availability :  To preserve the access to encryption keys, many techniques can be used in an implementation to ensure that more than one agent has access to any single piece of information necessary to determine an encryption key.  Solution :  A key server is integrated with encrypting storage products to resolve most of the security and usability issues associated with key management for encrypted storage  IBM Tivoli Key Lifecycle Manager and Encryption Key Manager 11
IBM Key Management methods IBM Encryption Key Manager 12
IBM Key Management methods IBM Encryption Key Manager EKM is a Java software which works as a external program. EKM works on IBM encryption-enabled Tape Drive Like TS1120 and Tape-Open (LTO) Ultrium 4. EKM is providing, protecting, storing, and maintaining encryption keys that are used to encrypt information being written to, and decrypt information being read from, tape media. There are three methods of encryption management from which to choose. These methods differ in where you choose to locate your Encryption Key Manager application The EKM does not perform any cryptographic operations, such as generating encryption keys, and it does not provide storage for keys and certificates. To perform these tasks, Encryption Key Manager has to rely on external components. 13
IBM Key Management methods IBM Encryption Key Manager - Component • The tape drive table is used by EKM to track the tape devices that it supports. • The configuration file is an editable file that tells your EKM how to operate. • A keystore holds the certificates and keys used by EKM to perform cryptographic operations. • EKM uses the IBM Crypto Services for its cryptographic capabilities. 14
IBM Key Management methods IBM Tivoli Key Lifecycle Manager 15
IBM Key Management methods IBM Tivoli Key Lifecycle Manager Announce in 2008. EKM works on IBM encryption-enabled such as the IBM System Storage DS8000 Series family and the IBM encryption-enabled tape drives (TS1130 and TS1040). TKLM provides, protects, stores, and maintains encryption keys that are used to encrypt information being written to, and decrypt information being read from, an encryption- enabled disk. Two Tivoli Key Lifecycle Manager key servers provide redundancy. Tivoli Key Lifecycle Manager communicates with the managed storage devices using TCP/IP. Tivoli Key Lifecycle Manager is supported on a variety of operating systems. 16
IBM Tape Drive & Disk System Encryption DS 5000DS 8000 LTO Ultrim TS 1120 IBM Disk systems IBM Tape drives 17
IBM Tape Drive & Disk System Encryption IBM TS1120 , TS1130 and LTO Tape Drives Encryption Diagram 18
IBM Tape Drive & Disk System Encryption IBM DS 5000 Disk Storage Encryption Diagram 19
IBM Tape Drive & Disk System Encryption Unauthorized access to the drive results 20
IBM Tape Drive & Disk System Encryption IBM DS 8000 Disk Storage Encryption Diagram 21
IBM Tape Drive & Disk System Encryption IBM DS 8000 Disk Storage Encryption Diagram 22
IBM Tape Drive & Disk System Encryption IBM DS 8000 Disk Storage Encryption Diagram 23
References 1. IBM Storage Data Encryption Solutions - IBM Redbooks 2. IBM System Storage Tape Encryption Solutions 3. IBM System Storage Product Guide 4. IBM Security Key Lifecycle Manager 5. Using IBM Tivoli Key Lifecycle Manager: Business Benefits and Architecture Overview 24

Recommended

Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Random Numbers Certified By Bells Theorem
Random Numbers Certified By Bells TheoremRandom Numbers Certified By Bells Theorem
Random Numbers Certified By Bells Theorem
David Kemp
 
Random
RandomRandom
Random
ivoelenchev
 
Management System Key Elements
Management System Key ElementsManagement System Key Elements
Management System Key Elements
Phil Byrne
 
What to do when pseudo- is not good enough
What to do when pseudo- is not good enoughWhat to do when pseudo- is not good enough
What to do when pseudo- is not good enough
Angel Marchev
 
A securing symmetric key distribution
A securing symmetric key distributionA securing symmetric key distribution
A securing symmetric key distribution
vinothp2k
 
Numerals
NumeralsNumerals
Numerals
Inka Vilén
 

Recommended

Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Random Numbers Certified By Bells Theorem
Random Numbers Certified By Bells TheoremRandom Numbers Certified By Bells Theorem
Random Numbers Certified By Bells Theorem
David Kemp
 
Random
RandomRandom
Random
ivoelenchev
 
Management System Key Elements
Management System Key ElementsManagement System Key Elements
Management System Key Elements
Phil Byrne
 
What to do when pseudo- is not good enough
What to do when pseudo- is not good enoughWhat to do when pseudo- is not good enough
What to do when pseudo- is not good enough
Angel Marchev
 
A securing symmetric key distribution
A securing symmetric key distributionA securing symmetric key distribution
A securing symmetric key distribution
vinothp2k
 
Numerals
NumeralsNumerals
Numerals
Inka Vilén
 
Random numbers
Random numbersRandom numbers
Random numbers
Ernesto Zoffmann Rodríguez
 
Data encryption
Data encryptionData encryption
Data encryption
Deepam Goyal
 
Key Management System Presentation: Jaguar
Key Management System Presentation: JaguarKey Management System Presentation: Jaguar
Key Management System Presentation: Jaguar
m_phull
 
Google drive on linux
Google drive on linuxGoogle drive on linux
Google drive on linux
維泰 蔡
 
Algorithms for Computer Games - lecture slides 2009
Algorithms for Computer Games - lecture slides 2009Algorithms for Computer Games - lecture slides 2009
Algorithms for Computer Games - lecture slides 2009
Jouni Smed
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
Random Number Generators
Random Number GeneratorsRandom Number Generators
Random Number Generators
Andrew Collier
 
Symmetric key encryption
Symmetric key encryptionSymmetric key encryption
Symmetric key encryption
mdhar123
 
Random number generation (in C++) – past, present and potential future
Random number generation (in C++) – past, present and potential future Random number generation (in C++) – past, present and potential future
Random number generation (in C++) – past, present and potential future
Pattabi Raman
 
Pseudo Random Number Generators
Pseudo Random Number GeneratorsPseudo Random Number Generators
Pseudo Random Number Generators
Darshini Parikh
 
What is pseudo random number
What is pseudo random numberWhat is pseudo random number
What is pseudo random number
Akshay Tikekar
 
Technology Trends in 2013-2014
Technology Trends in 2013-2014Technology Trends in 2013-2014
Technology Trends in 2013-2014
KMS Technology
 
Modern symmetric cipher
Modern symmetric cipherModern symmetric cipher
Modern symmetric cipher
Rupesh Mishra
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
subhradeep mitra
 
Web前端性能优化 2014
Web前端性能优化 2014Web前端性能优化 2014
Web前端性能优化 2014
Yubei Li
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta
Amazon Web Services
 
Distribution of random numbers
Distribution of random numbersDistribution of random numbers
Distribution of random numbers
neeta1995
 
AWS Solutions Architect 準備心得
AWS Solutions Architect 準備心得AWS Solutions Architect 準備心得
AWS Solutions Architect 準備心得
Cliff Chao-kuan Lu
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
Cloudflare
 
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS
 
Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques
ShrikantSharma86
 
CNS team 6.pptx
CNS team 6.pptxCNS team 6.pptx
CNS team 6.pptx
KannanN45
 

More Related Content

Viewers also liked

Key Management System Presentation: Jaguar
Key Management System Presentation: JaguarKey Management System Presentation: Jaguar
Key Management System Presentation: Jaguar
m_phull
 
Symmetric key encryption
Symmetric key encryptionSymmetric key encryption
Symmetric key encryption
mdhar123
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
subhradeep mitra
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
Cloudflare
 

Viewers also liked (20)

Random numbers
Random numbersRandom numbers
Random numbers
 
Data encryption
Data encryptionData encryption
Data encryption
 
Key Management System Presentation: Jaguar
Key Management System Presentation: JaguarKey Management System Presentation: Jaguar
Key Management System Presentation: Jaguar
 
Google drive on linux
Google drive on linuxGoogle drive on linux
Google drive on linux
 
Algorithms for Computer Games - lecture slides 2009
Algorithms for Computer Games - lecture slides 2009Algorithms for Computer Games - lecture slides 2009
Algorithms for Computer Games - lecture slides 2009
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
Random Number Generators
Random Number GeneratorsRandom Number Generators
Random Number Generators
 
Symmetric key encryption
Symmetric key encryptionSymmetric key encryption
Symmetric key encryption
 
Random number generation (in C++) – past, present and potential future
Random number generation (in C++) – past, present and potential future Random number generation (in C++) – past, present and potential future
Random number generation (in C++) – past, present and potential future
 
Pseudo Random Number Generators
Pseudo Random Number GeneratorsPseudo Random Number Generators
Pseudo Random Number Generators
 
What is pseudo random number
What is pseudo random numberWhat is pseudo random number
What is pseudo random number
 
Technology Trends in 2013-2014
Technology Trends in 2013-2014Technology Trends in 2013-2014
Technology Trends in 2013-2014
 
Modern symmetric cipher
Modern symmetric cipherModern symmetric cipher
Modern symmetric cipher
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
 
Web前端性能优化 2014
Web前端性能优化 2014Web前端性能优化 2014
Web前端性能优化 2014
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta
 
Distribution of random numbers
Distribution of random numbersDistribution of random numbers
Distribution of random numbers
 
AWS Solutions Architect 準備心得
AWS Solutions Architect 準備心得AWS Solutions Architect 準備心得
AWS Solutions Architect 準備心得
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
 

Similar to IBM System Storage Data Encryption

An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
KailasS9
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
Editor IJCATR
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMSECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
Journal For Research
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
phanleson
 
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
 

Similar to IBM System Storage Data Encryption (20)

Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques
 
CNS team 6.pptx
CNS team 6.pptxCNS team 6.pptx
CNS team 6.pptx
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
A Review on Various Most Common Symmetric Encryptions Algorithms
A Review on Various Most Common Symmetric Encryptions AlgorithmsA Review on Various Most Common Symmetric Encryptions Algorithms
A Review on Various Most Common Symmetric Encryptions Algorithms
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
 
Unit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptxUnit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptx
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMSECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
L017136269
L017136269L017136269
L017136269
 
A REVIEW STUDY OF CRYPTOGRAPHY TECHNIQUES
A REVIEW STUDY OF CRYPTOGRAPHY TECHNIQUESA REVIEW STUDY OF CRYPTOGRAPHY TECHNIQUES
A REVIEW STUDY OF CRYPTOGRAPHY TECHNIQUES
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryption
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
 
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

IBM System Storage Data Encryption

  • 1. IBM System Storage Data Encryption Presented By : Esmaeil Zarrinfar zarrinfar@gmail.com
  • 2. Topic  Data Encryption  Definition  Symmetric key encryption  Asymmetric key encryption  Hybrid encryption  Digital certificates  Key Management  Encryption Key Manager  Tivoli Key Lifecycle Manager  IBM Tape Drive & Disk System Encryption  IBM Tape Drive TS1120 & TS1130 & LTO Model  IBM Disk System DS5000 & DS8000  References 2
  • 3. Data Encryption Definition  Encryption transforms data that is unprotected, or plain text, into encrypted data, or cipher text, by using a key.  IBM invented one of the first computer-based algorithms, Data Encryption Standard (DES), in 1974.  With the advances in computer technology, DES is now considered obsolete.  Today :Triple DES (TDES) and Advanced Encryption Standard (AES)  Early encryption methods used the same key to encrypt clear text to generate cipher text and to decrypt the cipher text to regenerate the clear text. This method is called symmetric encryption.  asymmetric encryption algorithms use separate keys for encryption and decryption 3
  • 5. Data Encryption Symmetric Key Encryption Known As private or secret key encryption. The Symmetric key encryption method uses one key for encrypting and decrypting data. Well-known symmetric key examples include AES, Twofish, Blowfish, Serpent, Cast5, DES,TDES, and IDEA Adv  Symmetric Key Proccess is Very Fast. Adv  Symmetric Key length is short. DisAdv  Way that keys are exchanged DisAdv  Number of required keys 5
  • 7. Data Encryption Asymmetric Key Encryption  Known As public-private key encryption or public key encryption.  The asymmetric key encryption method uses key pairs for encrypting and decrypting data.  One key is used to encrypt the data, and the other key is used to decrypt the data  Public key used to encrypt the data.  Private key used to decrypt the data.  Well-known Asymmetric key examples include RSA, Diffie-Hellman, Elliptic curve , cryptography (ECC), and ElGamal.  Adv  The ability to share secret data without sharing the same encryption key.  DisAdv  Asymmetric key encryption is computationally more intensive and therefore significantly slower than symmetric key encryption. 7
  • 9. Data Encryption Hybrid Encryption  Hybrid encryption is combine symmetric and asymmetric encryption.  Hybrid methods use a symmetric data key to actually encrypt and decrypt data.  The recipient is able to decrypt the encrypted data key and use the data key to encrypt or decrypt a message.  Adv  Secure and Convenient key exchange with fast and efficient encryption 9
  • 10. IBM Key Management methods Encryption challenges  Key security :  To preserve the security of encryption keys, the implementation must ensure that no one individual (system or person) has access to all the information required to determine the encryption key.  Key availability :  To preserve the access to encryption keys, many techniques can be used in an implementation to ensure that more than one agent has access to any single piece of information necessary to determine an encryption key.  Solution :  A key server is integrated with encrypting storage products to resolve most of the security and usability issues associated with key management for encrypted storage 10
  • 11. IBM Key Management methods  Key security :  To preserve the security of encryption keys, the implementation must ensure that no one individual (system or person) has access to all the information required to determine the encryption key.  Key availability :  To preserve the access to encryption keys, many techniques can be used in an implementation to ensure that more than one agent has access to any single piece of information necessary to determine an encryption key.  Solution :  A key server is integrated with encrypting storage products to resolve most of the security and usability issues associated with key management for encrypted storage  IBM Tivoli Key Lifecycle Manager and Encryption Key Manager 11
  • 12. IBM Key Management methods IBM Encryption Key Manager 12
  • 13. IBM Key Management methods IBM Encryption Key Manager EKM is a Java software which works as a external program. EKM works on IBM encryption-enabled Tape Drive Like TS1120 and Tape-Open (LTO) Ultrium 4. EKM is providing, protecting, storing, and maintaining encryption keys that are used to encrypt information being written to, and decrypt information being read from, tape media. There are three methods of encryption management from which to choose. These methods differ in where you choose to locate your Encryption Key Manager application The EKM does not perform any cryptographic operations, such as generating encryption keys, and it does not provide storage for keys and certificates. To perform these tasks, Encryption Key Manager has to rely on external components. 13
  • 14. IBM Key Management methods IBM Encryption Key Manager - Component • The tape drive table is used by EKM to track the tape devices that it supports. • The configuration file is an editable file that tells your EKM how to operate. • A keystore holds the certificates and keys used by EKM to perform cryptographic operations. • EKM uses the IBM Crypto Services for its cryptographic capabilities. 14
  • 15. IBM Key Management methods IBM Tivoli Key Lifecycle Manager 15
  • 16. IBM Key Management methods IBM Tivoli Key Lifecycle Manager Announce in 2008. EKM works on IBM encryption-enabled such as the IBM System Storage DS8000 Series family and the IBM encryption-enabled tape drives (TS1130 and TS1040). TKLM provides, protects, stores, and maintains encryption keys that are used to encrypt information being written to, and decrypt information being read from, an encryption- enabled disk. Two Tivoli Key Lifecycle Manager key servers provide redundancy. Tivoli Key Lifecycle Manager communicates with the managed storage devices using TCP/IP. Tivoli Key Lifecycle Manager is supported on a variety of operating systems. 16
  • 17. IBM Tape Drive & Disk System Encryption DS 5000DS 8000 LTO Ultrim TS 1120 IBM Disk systems IBM Tape drives 17
  • 18. IBM Tape Drive & Disk System Encryption IBM TS1120 , TS1130 and LTO Tape Drives Encryption Diagram 18
  • 19. IBM Tape Drive & Disk System Encryption IBM DS 5000 Disk Storage Encryption Diagram 19
  • 20. IBM Tape Drive & Disk System Encryption Unauthorized access to the drive results 20
  • 21. IBM Tape Drive & Disk System Encryption IBM DS 8000 Disk Storage Encryption Diagram 21
  • 22. IBM Tape Drive & Disk System Encryption IBM DS 8000 Disk Storage Encryption Diagram 22
  • 23. IBM Tape Drive & Disk System Encryption IBM DS 8000 Disk Storage Encryption Diagram 23
  • 24. References 1. IBM Storage Data Encryption Solutions - IBM Redbooks 2. IBM System Storage Tape Encryption Solutions 3. IBM System Storage Product Guide 4. IBM Security Key Lifecycle Manager 5. Using IBM Tivoli Key Lifecycle Manager: Business Benefits and Architecture Overview 24