Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
IBM System Storage Data Encryption
1. IBM System Storage Data
Encryption
Presented By : Esmaeil Zarrinfar
zarrinfar@gmail.com
2. Topic
Data Encryption
Definition
Symmetric key encryption
Asymmetric key encryption
Hybrid encryption
Digital certificates
Key Management
Encryption Key Manager
Tivoli Key Lifecycle Manager
IBM Tape Drive & Disk System Encryption
IBM Tape Drive TS1120 & TS1130 & LTO Model
IBM Disk System DS5000 & DS8000
References
2
3. Data Encryption
Definition
Encryption transforms data that is unprotected, or plain text, into
encrypted data, or cipher text, by using a key.
IBM invented one of the first computer-based algorithms, Data
Encryption Standard (DES), in 1974.
With the advances in computer technology, DES is now considered
obsolete.
Today :Triple DES (TDES) and Advanced Encryption Standard (AES)
Early encryption methods used the same key to encrypt clear text
to generate cipher text and to decrypt the cipher text to
regenerate the clear text. This method is called symmetric
encryption.
asymmetric encryption algorithms use separate keys for
encryption and decryption
3
5. Data Encryption
Symmetric Key Encryption
Known As private or secret key encryption.
The Symmetric key encryption method uses one
key for encrypting and decrypting data.
Well-known symmetric key examples include AES,
Twofish, Blowfish, Serpent, Cast5, DES,TDES, and IDEA
Adv Symmetric Key Proccess is Very Fast.
Adv Symmetric Key length is short.
DisAdv Way that keys are exchanged
DisAdv Number of required keys
5
7. Data Encryption
Asymmetric Key Encryption
Known As public-private key encryption or public key encryption.
The asymmetric key encryption method uses key pairs for encrypting
and decrypting data.
One key is used to encrypt the data, and the other key is used to
decrypt the data
Public key used to encrypt the data.
Private key used to decrypt the data.
Well-known Asymmetric key examples include RSA, Diffie-Hellman,
Elliptic curve , cryptography (ECC), and ElGamal.
Adv The ability to share secret data without sharing the same
encryption key.
DisAdv Asymmetric key encryption is computationally more
intensive and therefore significantly slower than symmetric key
encryption.
7
9. Data Encryption
Hybrid Encryption
Hybrid encryption is combine symmetric and asymmetric encryption.
Hybrid methods use a symmetric data key to actually encrypt and decrypt data.
The recipient is able to decrypt the encrypted data key and use the data key to
encrypt or decrypt a message.
Adv Secure and Convenient key exchange with fast and efficient encryption
9
10. IBM Key Management methods
Encryption challenges
Key security :
To preserve the security of encryption keys, the implementation
must ensure that no one individual (system or person) has
access to all the information required to determine the
encryption key.
Key availability :
To preserve the access to encryption keys, many techniques can
be used in an implementation to ensure that more than one
agent has access to any single piece of information necessary to
determine an encryption key.
Solution :
A key server is integrated with encrypting storage products to
resolve most of the security and usability issues associated with
key management for encrypted storage
10
11. IBM Key Management methods
Key security :
To preserve the security of encryption keys, the implementation
must ensure that no one individual (system or person) has
access to all the information required to determine the
encryption key.
Key availability :
To preserve the access to encryption keys, many techniques can
be used in an implementation to ensure that more than one
agent has access to any single piece of information necessary to
determine an encryption key.
Solution :
A key server is integrated with encrypting storage products to
resolve most of the security and usability issues associated with
key management for encrypted storage
IBM Tivoli Key Lifecycle Manager and Encryption Key Manager
11
13. IBM Key Management methods
IBM Encryption Key Manager
EKM is a Java software which works as a external program.
EKM works on IBM encryption-enabled Tape Drive Like TS1120
and Tape-Open (LTO) Ultrium 4.
EKM is providing, protecting, storing, and maintaining encryption
keys that are used to encrypt information being written to, and
decrypt information being read from, tape media.
There are three methods of encryption management from which
to choose. These methods differ in where you choose to locate
your Encryption Key Manager application
The EKM does not perform any cryptographic operations, such as
generating encryption keys, and it does not provide storage for
keys and certificates.
To perform these tasks, Encryption Key Manager has to rely on
external components.
13
14. IBM Key Management methods
IBM Encryption Key Manager - Component
• The tape drive table is used by EKM to track the tape devices that it
supports.
• The configuration file is an editable file that tells your EKM how to operate.
• A keystore holds the certificates and keys used by EKM to perform
cryptographic operations.
• EKM uses the IBM Crypto Services for its cryptographic capabilities.
14
16. IBM Key Management methods
IBM Tivoli Key Lifecycle Manager
Announce in 2008.
EKM works on IBM encryption-enabled such as the IBM
System Storage DS8000 Series family and the IBM
encryption-enabled tape drives (TS1130 and TS1040).
TKLM provides, protects, stores, and maintains encryption
keys that are used to encrypt information being written to,
and decrypt information being read from, an encryption-
enabled disk.
Two Tivoli Key Lifecycle Manager key servers provide
redundancy.
Tivoli Key Lifecycle Manager communicates with the
managed storage devices using TCP/IP.
Tivoli Key Lifecycle Manager is supported on a variety of
operating systems.
16
17. IBM Tape Drive & Disk System Encryption
DS 5000DS 8000
LTO Ultrim
TS 1120
IBM Disk systems
IBM Tape drives
17
18. IBM Tape Drive & Disk System Encryption
IBM TS1120 , TS1130 and LTO Tape Drives Encryption Diagram
18
19. IBM Tape Drive & Disk System Encryption
IBM DS 5000 Disk Storage Encryption Diagram
19
20. IBM Tape Drive & Disk System Encryption
Unauthorized access to the drive results
20
21. IBM Tape Drive & Disk System Encryption
IBM DS 8000 Disk Storage Encryption Diagram
21
22. IBM Tape Drive & Disk System Encryption
IBM DS 8000 Disk Storage Encryption Diagram
22
23. IBM Tape Drive & Disk System Encryption
IBM DS 8000 Disk Storage Encryption Diagram
23
24. References
1. IBM Storage Data Encryption Solutions - IBM Redbooks
2. IBM System Storage Tape Encryption Solutions
3. IBM System Storage Product Guide
4. IBM Security Key Lifecycle Manager
5. Using IBM Tivoli Key Lifecycle Manager: Business Benefits
and Architecture Overview
24