- 1. Data Encryption StrategiesBy: Fred Moore, President Horison,
Inc. http://www.horison.com Introduction to Encryption As the
amount of digital data grows, so does the exposure to data loss. It
is difficult to find a day when there hasnt been a high-profile
data security incident. The risk has reached such a level that data
encryption is being implemented for stored data and mobile data, in
addition to the traditional use of encrypting data in transit via
the network. Data encryption is defined as the process of
scrambling transmitted or stored information making it
unintelligible until it is unscrambled by the intended recipient.
With regard to computing, data encryption has historically been
used primarily to protect mission critical data, government records
and military secrets from foreign governments. Encryption has been
increasingly used over the past 10 years by the financial industry
to protect money transfers, by businesses to protect credit-card
information, for electronic commerce, and by corporations to secure
sensitive network transmission of proprietary information. Most of
the encryption focus had been on data transmission prior to 2000
but the events of Sept. 11th, 2001, the rise of compliance, and the
tremendous amount of data being stored on mobile personal
appliances are moving the topic of encrypting stored data much
higher on the priority list of leading-edge data protection
strategies today. The enciphering and deciphering of messages in
secret code or cipher is called cryptology and has now become a
topic of serious interest to the storage industry.DES the first
standard In 1977 the Data Encryption Standard (DES and later Triple
DES) was adopted in the United States as the first federal
encryption standard. DES applies a 56-bit key to each 64-bit block
of data. DES is now considered to be insecure for many
applications. This is chiefly due to the 56-bit key size being too
small as DES keys have been broken in less than 24 hours or less as
microprocessor speeds increase. Since there was growing concern
over the viability DES encryption algorithm, NIST (National
Institutes of Standards and Technology) indicated DES would not be
recertified as a standard and submissions for its 1
2. replacement to become the encryption standard were accepted.
Other encryption algorithms have been in use for years and include
Secure Sockets Layer (SSL) for Internet transactions, Pretty Good
Privacy (PGP), and Secure Hypertext Transfer Protocol (S-HTTP).AES
the second standard The second encryption standard to be adopted
was known as the Advanced Encryption Standard (AES). AES, like DES,
is a symmetric (Secret or Private Key) 128-bit block data
encryption technique developed by Belgian cryptographers Joan
Daemen and Vincent Rijmen. Symmetric standards require that both
the sender and the receiver must share the same key and also keep
it secret from anyone else. The U.S government adopted the
algorithm as its encryption technique in October 2000 after a long
standardization process finally replacing the DES encryption
algorithm. On December 6, 2001, the Secretary of Commerce
officially approved AES as FIPS (Federal Information Processing
Standard) 197. It was expected to be used extensively worldwide as
was the case with its predecessor DES. AES is more secure than DES
as it offers a larger key size, while ensuring that the only known
approach to decrypt a message is for an intruder to try every
possible key. The AES algorithm can specify variable key lengths of
128-bit key (the default), a 192-bit key, or a 256-bit key. AES was
initially used on a selective basis and is backwards compatible
with DES. Top Secret, classified and government information
normally requires use of either the 192 or 256 key lengths. The
implementation of AES is intended to protect US national security
systems and secret information and it must be reviewed and
certified by NSA (National Security Agency) prior to its
acquisition and use. As of 2006, no successful attacks against AES
had been recognized.From Symmetric to Asymmetric Encryption public
and private keys Symmetric standards require that both the sender
and the receiver must share the same key and also keep it secret
from anyone else. Asymmetric Encryption differs from symmetric
encryption in that it uses two keys; a public key known to everyone
and a private key, or secret key, known only to the recipient of
the message. Asymmetric encryption lessens the risk of key exposure
by using two mathematically related keys, the private key and the
public key. When users want to send a secure message to another
user, they use the recipient's public key to encrypt the message.
The recipient then uses a private key to decrypt it. An important
element to the public key system is that the public and private
keys are related in such a way that only the public key can be used
to encrypt messages and only the corresponding private key can be
used to decrypt them. Moreover, it is virtually impossible to
determine the private key if you know the public key.There are a
number of asymmetric key encryption systems but the best known and
most widely used is RSA, a public key algorithm named for its three
co-inventors Rivest, Shamir and Adleman. The Secure Sockets Layer
used for secure communications on the Internet uses RSA (the
popular https protocol is simply http over SSL). Asymmetric
encryption is based on algorithms that are complex and its
performance overhead is more significant making it unsuitable for
encrypting very large amounts of data or response time sensitive
data. Asymmetric encryption is considered one level more secure
than2 3. symmetric encryption, because the decryption key can be
kept private. Public key encryption is more computationally
intensive and requires a longer key than a symmetric key algorithm
to achieve the same level of security.Keys are the Key - for
successful encryption The basic idea of key-based encryption means
that a block, file or other unit of data is scrambled by an
encryption algorithm so that the original information is hidden
within a level of encryption. The scrambled data is called
cyphertext. A unique key must be generated for each data element,
device, LUN or other entity that needs to be encrypted. Keys must
be stored and maintained for the life of the data. This can mean
over 100 years for some compliance and archival data applications.
In theory, only the person or machine doing the scrambling and the
recipient of the cyphertext knows how to decrypt or unscramble the
data since it will have been encrypted using an agreed-upon set of
keys. Standard format Encryption algorithm CyphertextKey This is
missionEncryption critical data engine =Encryption
-------------------------------------------------------------------------------------------------------------------------->