Data encryption strategies; Part 2: encrypting high-performance, high-volume storage.
In 1977 the Data Encryption Standard (DES and later Triple DES) was adopted in the United States as the first federal standard. DES applies a 56-bit key to each 64-bit block of data. DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small as DES keys have been broken in less than 24 hours or less as microprocessor speeds increase. Computer chips currently exist for under $10 that can test 200 million DES keys/second. Since there was growing concern over the viability DES encryption algorithm, NIST (National Institutes of Standards and Technology) indicated DES would not be recertified as a standard and submissions for its replacement to become the encryption standard were accepted. Other encryption algorithms have been in use for years and include Secure Sockets Layer (SSL) for Internet transactions, Pretty Good Privacy (PGP), and Secure Hypertext Transfer Protocol (S-HTTP).
The second encryption standard to be adopted was known as the Advanced Encryption Standard (AES). AES is a symmetric (Secret or Private Key) 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. The U.S. government adopted the algorithm as its encryption technique in October 2000 after a long standardization process finally replacing the DES encryption algorithm. On December 6, 2001, the Secretary of Commerce officially approved AES as FIPS (Federal Information Processing Standard) 197. It is expected to be used extensively worldwide as was the case with its predecessor DES. AES is more secure than DES as it offers a larger key size, while ensuring that the only known approach to decrypt a message is for an intruder to try every possible key. The AES algorithm can specify variable key lengths of 128-bit key (the default), a 192-bit key, or a 256-bit key. AES is a mutually acceptable algorithm that effectively protects any sensitive information. AES was initially used on a selective basis and is backwards compatible with DES. Symmetric standards such as DES and AES provide very high levels of security. Symmetric standards require that both the sender and the receiver must share the same key and also keep it secret from anyone else. Top Secret, classified and government information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect US national security systems and information must be reviewed and certified by NSA (National Security Agency) prior to their acquisition and use. As of 2005, no successful attacks against AES have been recognized.
Asymmetric Encryption differs from symmetric encryption in that uses two keys; a public key known to everyone and a private key, or secret key, known only to the recipient of the message. Asymmetric encryption lessens the risk of key exposure by using two mathematically related keys, the private key and the public key. When users want to send a secure message to another user, they use the recipient's public key to encrypt the message. The recipient then uses a private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to determine the private key if you know the public key.
There are a number of asymmetric key encryption systems but the best known and most widely used is RSA, named for its three co-inventors Rivest, Shamir and Adleman. The Secure Sockets Layer used for secure communications on the Internet uses RSA (the popular https protocol is simply http over SSL). Asymmetric encryption is based on algorithms that are complex and its performance overhead is more significant making it unsuitable for encrypting very large amounts of data. It is possible to take advantage of the strengths of both key methods by encrypting data with a symmetric key, and then protecting this key with asymmetric encryption, though this area of encryption is in its early stages. Asymmetric encryption is considered one level more secure than symmetric encryption, because the decryption key can be kept private.
Keys are the Key
The basic idea of key-based encryption means that a block, file or other unit of data is scrambled in a way so that the original information is hidden within a level of encryption. The scrambled data is called cyphertext. In theory, only the person or machine doing the scrambling and the recipient of the cyphertext know how to decrypt or unscramble the data since it will have been encrypted using an agreed-upon set of keys. The difficulty of cracking an encrypted message is a function of the key length. For example, an 8-bit key allows for only 256 possible keys (28) and can be cracked quickly. A 128-bit key (which equates to searching 2128 keys) might take decades to crack. The same computer power that yields strong encryption can be used to break weak encryption schemes. Strong encryption makes data private, but not necessarily secure. To be secure, the recipient of the data, often a server, must be positively identified as being the approved party. This is usually accomplished online using digital signatures or certificates.
Encryption keys and passwords should be stored in escrow with a secure third party. It is important to establish an effective key management plan. Key management is the key to the successful use of encryption!
A third category of cryptology is called Hashing (One-Way) Encryption. A hash is a cryptographic algorithm that takes data input of any length and produces an output of a fixed length. The hash output is called a digital signature and is used for data integrity. Some hash algorithms such as MD5 (Message Digest 5) have the possibility of producing the same signature making it vulnerable to attack as a duplicate key can be produced. Digital signatures typically range from 128 bits using the MD5 algorithm to 160 bits in size using the more secure SHA1 (Secure Hash Algorithm 1). The larger the signature, the more secure the hash though performance degrades as hash size increases.
Encryption Data exposure grows
For years the storage industry focused its high availability developments on protecting data from technology failures such as disk crashes, operating system failures, or tapes that couldn't be read. Technology failures were addressed with concepts such as RAID, clustering, component redundancy, replication software, and vastly improved intelligent error recovery capabilities for both disk and tape. With the use of vulnerable IP storage networks in full swing by 2000, a new threat to data loss appeared called intrusion and it became the next big data exposure issue for the IT industry to address.
Malicious attacks on company networks are nearly doubling each year and the biggest source of the attacks is now believed to be employees. Worms, viruses, spyware, scams and spam have contaminated porous IP networks causing significant business losses and an estimated 80% of the e-mail content being transmitted on the Internet is estimated to be useless. This is a growing threat to a successful data protection implementation since over 50% of all disk data is now network-attached via NAS or SAN. This threat is growing as computers and systems become increasingly connected, not only through the Internet, but through business partnerships that establish connections and interfaces. Viruses, worms, Trojan horses, zombies, distributed denial-of-service attacks, hacking, and blended threats are all out there, and many can hitch rides with e-mails, downloads and electronic transmissions, including instant messages. There are an estimated 60,000 different viruses currently being transmitted via the Internet. The number is growing.
Even network routers have become vulnerable to attack. Router products running certain versions of specially written IP Version 6 packets can be affected by the IP design flaw as malicious hackers can compromise routers to stop, redirect and scramble network traffic.
An increasing number of companies are deploying encryption appliances for data that is stored on its SANs in order to prevent data loss from the many sources previously mentioned. Network encryption appliances help fill a growing security gap, securing data both at rest stored on storage devices and on the SAN itself. Having spent significant amounts of time and money shoring up their physical security, many enterprises are beginning to guard their stored data against insider attacks, disgruntled employees, and unprincipled contractors and visiting clients. Another reason for the heightened interest in encryption is the advent of government regulations like HIPAA, Sarbanes-Oxley and PHIPA in Canada.
Total claims filed in the US in 2004 for damages caused by worms and viruses totaled $17.5B according to a survey released by the Computer Economics Impact of Malicious Code Study. The Love-bug attack in 2004 cost an estimated $8.8B in damages alone! Intrusion is being addressed by anti-virus protection software but this remains a catch-up game for now as the exposure to data loss mounts. Viruses and worms are more aggressively targeting handheld devices, cell phones and embedded computers in cars this year, according to a report released by IBM. Security jobs are on the rise and estimates indicate demand for 2.1 million information security professionals in 2008, up from 1.3 million in 2005. Data security may well be on its way to becoming the most important storage management discipline.
Recent examples of data loss and vulnerability
Businesses are storing more data in distributed locations than ever before to guard against physical threats such as loss of electricity, floods, devastating hurricanes or other site related damages. Hurricane Katrina will likely cause more IT losses than any other natural disaster in history. Data may arrive at distributed locations either electronically or the storage media can be physically transported in an offline mode by other vehicles. What happens if the data being transported to another location is lost or stolen?
The growing list of lost data and security breaches includes CardSystems loss of account information for 200,000 credit card holders, some 6,000 current and former employees of the Federal Insurance Deposit Corp. had data revealed through a security breach, a loss of backup tapes at City National Bank, and Bank of America Corp. disclosed early in 2005 that it lost digital tapes containing the credit card account records of 1.2 million federal employees including 60 U.S. senators. Was the data really lost? Was the data stolen? Who has the data now? Is it in the hands of unauthorized personnel? Is this valuable data readable or was it encrypted so it could not be understood? What does this mean to potential identity theft problems? Finding answers to these questions has been difficult. If any of this "data at rest" had been encrypted, the damages would be minimized as the stolen or lost data would be useless.
Some industry analysts said the rising number of mishaps and disasters highlight the risk of physically moving valuable archival data to geographically separated storage facilities and will likely feed a movement toward network-based backup schemes. Others point out that IP-based networks have their own growing number of vulnerabilities and are subject to additional intrusion bringing along an additional set of security issues. Still others say that weak IT security technology is fueling an identity theft crisis. In an Information Week survey published in July, 2005, only 7 percent of the companies indicated that they always encrypted data backed up to tape. These and other breaches have prompted most businesses to conduct a comprehensive review of their security procedures. California Senate Bill 1386 requires that companies publicly disclose instances when they believe unencrypted personal information about California residents might have been compromised. The bill has led many companies to believe that implementing encryption could keep them out of the headlines.
A major risk factor associated with stolen or lost data is that it can't be well protected unless it is encrypted. Stolen data can always be physically destroyed. Data stored on fixed or removable storage is called data at rest (versus data in transit.) Encrypting data in transit has nothing to do with protecting data that is attacked after it is stored at its endpoints. While RAID and redundancy address the device failure problems, anti-virus protection software addresses the access and data intrusion problems, encryption addresses the data loss/data theft problem. With as much as 80% of the world's digital data estimated to reside on removable storage media and with the value of archival data steadily increasing in value, protecting data at rest must be now treated as more than managing an archival repository whether it resides on disk or tape. Presently the majority of IT businesses haven't directly addressed encryption as part of their high availability strategy for stored data. That trend is about to change.
Implementing encryption today
Data encryption is nothing new, but when it is used in conjunction with high-performance, high-volume enterprise storage, it poses some legitimate challenges. For example, encryption and decryption are compute-intensive activities that can slow access to stored data, especially when organizations are storing and accessing massive amounts of information. Encryption doesn't help for device failures, worms or viruses. It does help for data theft, such as from spyware or lost media, as the encrypted data is meaningless unless it can be successfully decrypted.
Storage security appliances are the most common method of implementing encryption for data at rest today. The appliances are placed between the storage devices (disk and more commonly tape) and the server running applications requesting the encrypted data. The appliance encrypts all data going to storage, and decrypts data going back to the applications as it monitors all file access attempts. Stored data is encrypted and hence unreadable if the data is lost, stolen or even if spyware is trying to extract your information for undesirable purposes. Storage security appliances can both prevent malicious insiders and unwelcome outsiders from trying to access and make valuable data meaningful. While secure-storage appliances can protect data at rest, they can also purge it after a prescribed time by simply deleting keys. Rules can be implemented for retaining data for a specific period of time. The appliance can delete the relevant keys when the specified lifecycle or retention period has expired. In particular, notebook PC storage resides on disk and PCs are frequently in transit making them subject to theft. As a result, a few disk drive providers are beginning to provide encryption for disks used in PC's.
Storage encryption products are typically sold as combined hardware/software appliances. List prices for appliances typically start around $2025,000 range and are usually deployed in pairs to enable higher availability and for redundancy. Depending on the amount of data and devices to be encrypted, the price for encryption can climb quickly. It may very well be worth it!
What data should be encrypted?
Despite appliances' ability to encrypt data at rest, knowing what data to encrypt today is important to optimize costs and more importantly to protect critical information from theft. It has become crucial for businesses to know the value of their data and classify it for a growing number of reasons. Some very large businesses are only securing regulated data in their storage environments since managing the keys and the overall encryption process can become time consuming. Small and medium-size companies often consider encrypting just about everything to ease the management challenge. Standard data classifications listed below are primarily based on a recovery time objective (RTO). Keep in mind that data in each category can be a candidate for encryption as non-critical data might not be needed immediately after a failure but is still valuable.
Data Classification Category Description
1) Mission Critical
Up to 15% of online data, extremely valuable data required for business survival in the event of a disaster. Normally mirrored to disk and also backed to tape in a different geographic location.
About 20% of online data. Highly valuable data used in normal business processes but may not be immediately needed for a disaster recovery. Normally backed up to tape and/or replicated to lower cost disk storage.
About 25% of online data. Data used in normal business processes that has an alternative source or can be reconstructed and may not be needed for hours or days after a disaster but may have varying degrees of value. Normally backed up to automated tape.
Typically 40% of online data. Data that is not needed for quick disaster recovery but may have varying degrees of value. Easily reconstructed or duplicated from prior backup or archival copies.
Source: Horison, Inc.
Compressing data at rest on disk has only been implemented by one manufacturer, Storage-Tek, and never became a defacto standard for disk subsystems. The decision about what disk data to encrypt should ultimately stem from a data classification exercise. Encryption can be applied to an entire disk volume or drive though the performance impact should be evaluated. To use the drive, it is considered "mounted" while using a special decryption key. In this state the drive can be used and read normally. When finished, the drive is dismounted and returns to an encrypted state, unreadable by Trojan horses, spyware or other snoop software. Encryption overhead increases as the keys get larger and it isn't clear yet how widespread encryption for disk applications will become since disk applications are more performance sensitive than tape data.
Despite evidence that stored data is now more vulnerable than data in transit, most encryption efforts remain focused on data transmission. Encryption makes sense for data stored on backup tapes, laptops, PDAs or other portable storage media containing sensitive information, as well as credit card numbers stored in databases. The issue of encrypting data at rest is moving to center stage and it has unfortunately become a necessity for today's responsible businesses as the threat of data loss and theft mounts daily. Implementing encryption has been used selectively in the past and it can be a trying process. Though encrypting data is quickly gaining momentum, it will continue to be used for specific applications in the near term.
Encryption for data at rest was considered in parallel with the introduction of in-line compression for tape drives in the mid-1980's, but the demand did not warrant implementation. Today, the march toward encryption is reminiscent of the way data compression became a standard method for storing data at rest on tape in the mid-1980 period. Up to that point, a variety of cycle-intensive, server-based software techniques were used to compress data being written to tape and disk. Each used different algorithms and the data had to be de-compressed with the same algorithm that compressed data. Finally, IBM and StorageTek each implemented compression in an ASIC (Application Specific Integrated Circuit) in their tape drives using compatible algorithms making the media interchangeable. In a few years, everything written to magnetic tape drives from any vendor was compressed and the end-user didn't have to worry about deciding what data to compress because it was all compressed. Compression for data at rest (on tape) soon became a de-facto standard function for all tape drive manufacturers.
It may take a while longer to standardize, but a more likely way that widespread implementation of encryption for data at rest will emerge is in the tape drive itself, similar to compression, via an ASIC. This presents the scenario that essentially all data at rest, for mainframe and non-mainframe systems, will be encrypted for a wide variety of security, legal and lifecycle retention requirements. So far, a surprising level of disregard for storage security from the large storage providers has created opportunities for a handful of encryption products and appliances. Companies such as Decru, NeoScale (acquired by NetApp in 2005), Vormetric, Kasten Chase and Ingrian Networks have all developed unique software and/or hardware solutions to help protect against hackers and other attackers. Stay abreast of your storage and IT vendor's strategies for encryption, the future of your most valuable asset will most likely depend on it.
Fred Moore is President of Horison, Inc. (Boulder, CO).
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Disaster Recovery & Backup/Restore|
|Publication:||Computer Technology Review|
|Date:||Oct 1, 2005|
|Previous Article:||Business continuity in SMB: disaster recovery in the small-to-medium business space.|
|Next Article:||SAS I/O performance: unprecedented flexibility in I/O bandwidth selection.|