|
|
FONT RESIZE |
Applications
Storage
Storage security has become the most important issue for IT managers due to the loss of laptops, data being recovered from surplus computer disk drives and even tapes being misplaced by otherwise reputable companies offering off-site storage services. It is now clear that the industry must respond with a comprehensive security standard for data at rest and Elliptic has developed solutions which span all aspects of storage security.
The IEEE has ratified the disk security standard - 1619-2007. The security model works for RAID arrays where a disk might be physically removed by an insider intent upon accessing sensitive corporate information and applies equally well to single SATA or EIDE drives. The standard was updated to replace the LRW-AES cipher as LRW-AES exhibited vulnerability to certain attacks. The latest algorithm is referred to as the XTS-AES (and in some contributions as the AES-XTS) algorithm. It is currently under review by NIST for inclusion as an approved mode under FIPS 140-2 which would permit it to be used in government applications.
The IEEE Std 1619.1-2007 - Standard Architecture for Encrypted Shared Storage Media, is also ratified and is targeted at encrypting information stored on tape for back-up purposes. It specifies the implementation of either AES-GCM or AES-CCM as the symmetric encryption cipher for this standard. Elliptic offers a variety of solutions for these algorithms ranging in performance from 100 Mbps up to 5 Gbps depending on the class of tape drive being targeted.
The following cores can be applied to tape storage security applications:
- CLP-200 Pipelined GCM-AES Core Core - 10 Gbps
- CLP-20 High Throughput AES-CCM Core - 1 Gbps
- CLP-24 High Throughput AES-GCM Core - 5 Gbps
Storage applications must have sophisticated key management designs. This in turn will frequently leverage encrypted key blobs which can be stored in memory such as RAM caches, Flash or on tape and disk. To facilitate the secure storage of key blobs, NIST and the IETF have developed an algorithm for key wrapping that uses the advanced encryption standard. The CLP-34 implements the AES key wrap (encryption) and key unwrap (decryption) algorithms.
