Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Storage Security Standards Heat Up

http://www.enterprisestorageforum.com/continuity/features/article.php/3742881

April 24, 2008
By Drew Robb



Standalone storage security vendors may be having a rough go of it, but storage security standards are faring much better.

While the likes of NeoScale, Kasten Chase and Decru disappearing from the scene as independent vendors, larger storage vendors are incorporating greater security into their products, and standards groups are taking on the issue too (see Progress Catches Up With Storage Security Vendors).

Storage security standards seem to be blossoming forth in ever-increasing numbers. Here are some of the various standards (and far from a complete list at that): the LTO Consortium implemented the embedded Advanced Encryption Standard (AES) 256-bit encryption that is now native in LTO-4 tape drives; the T10 group is working on SCSI storage interfaces; the Institute of Electrical and Electronics Engineers (IEEE) 1619.3 committee is developing encryption key management; the Trusted Computing Group (TCG) has its trusted security initiative; and the Storage Networking Industry Association's (SNIA) Storage Security Industry Forum (SSIF) is involved on a longer-term overall security framework.

"AES-256 is an established and widely used standard while the others are works in progress," said Jon Oltsik, information security analyst at Enterprise Strategy Group.

The LTO-4 Consortium announced the acceptance of AES 256 bit encryption a year ago, and tape drives incorporating this standard have been shipping since the middle of last year. Quantum, IBM and HP have each implemented this encryption on Fibre Channel, SAS and most SCSI versions of their LTO-4 drives. The result is tangible — encryption is built into the tape drive as opposed to having to implement an appliance or install software to protect tape data.

The Keys to Encryption

The rest of the security standards, as Oltsik pointed out, are not yet finalized. Some may take quite a while to materialize while others are edging closer. The IEEE 1619.3 Key Management Standards group appears to be in the latter category. The 1619.3 committee is working to create a common method for encryption key managers to talk to devices such as tape. The goal is to free users up from having to deploy proprietary key management solutions, since these can create challenges to track and manage. 1619.3 aims to allow users to be able to choose a key management solution that will work across multiple platforms and vendors.

"This committee is working on key management standards, which I believe will become a very important issue as more and more encryption is deployed," said Oltsik.

The committee is composed of engineers from end user companies and vendors. Quantum, for example, is heavily involved in many storage security standards.

"1619.3 creates a standards-based key management API that can be implemented by the various key management vendors and storage providers who offer encryption solutions as part of their storage tape, disk and switch products," said Robert Callaghan, Quantum's senior product manager for Security and Enabling Solutions. "The goal is to provide the customer with choices and interoperability."

He gives the example of a customer using a Quantum i2000 library with LTO-4 drives and encryption. Instead of being locked into a Quantum key manager, the customer would be free to choose one from another vendor if it better suited their needs and budget.

Another problem this potentially solves is having to manage multiple encryption key managers and key sets, as well as managing the backup of those keys, and protecting access and delivery of those keys. Utilizing one key manager for all encryption keys saves time and money and removes the administrative headaches associated with having to manage multiple interfaces and key managers.

So is this standard going to be a reality any time soon? Matt Ball, chair of the IEEE1619.3 committee, is optimistic. Standards from this committee have already been pushed through, such as IEEE 1619 and IEEE 1619.1. And they have obtained broad vendor support.

IEEE 1619 addresses encryption of data on block-oriented storage devices, i.e., disk drives.

"The only negative feedback I've heard about IEEE 1619 is by a large hard disk manufacturer that does not believe the encryption mode is suitable for hard disks," said Ball. "It appears that they are alone in this belief — several hard disk encryption utilities already support the XTS encryption mode: TrueCrypt, FreeOTFE, and dm-crypt."

IEEE 1619.1 deals with encryption of large tape drives. Major tape drive vendors such as IBM, HP, Sun and Quantum all offer encrypting tape drives that support IEEE 1619.1.

"The approval of IEEE 1619 and 1619.1 is a major milestone in storage security because storage vendors now have a proven recipe that they can follow to provide strong data protection," said Ball. "I expect that we'll start to see customers demand adherence to standards instead of the all-too-common practice of 'rolling-your-own' cryptography."

He makes the point that if a vendor is unwilling to divulge the specifics of the encryption algorithm, it's probably not secure. This is what the crypto community calls security through obscurity, and it almost always fails.

With 1619 and 1619.1 signed, sealed and delivered, Ball understandably has confidence that 1619.3 will soon follow suit. The committee began its key management efforts about a year ago and is making good progress. He said the group has strong support by all the major storage companies, such as Cisco, Sun, HP, IBM, Seagate, NetApp, RSA Security (EMC), nCipher and others.

"By this summer, we should expect a framework that companies could start preliminary implementations against," said Ball. "We also plan to have an open source reference implementation to speed adoption across the industry. The project should be finished by the middle of next year."

Meanwhile, the IEEE Security in Storage Working Group (SSWIG) is also working on another standard under the 1619 banner. 1619.2 is aimed at wide-block encryption, and Jim Hughes of Sun is the chair for that committee.

The group is currently standardizing two wide-block encryptions: EME and XCB (EME is used in PGP's full disk encryption utility). The effort should be mostly finished by the summer, with the long balloting and publishing process to follow.

Race Against Time

These IEEE committees, however, will have to ensure that no last-minute disputes foil their intended timelines. Oltsik believes that timing is everything in the standards arena. If a standard is needed and isn't immediately forthcoming, that vacuum tends to be filled by vendor schemes that generally are proprietary in nature.

"If standards are created and approved soon, 1619.3 should gain wide support," said Oltsik. "If it languishes, vendors may take things into their own hands and figure out how to integrate with others."