[17394] in cryptography@c2.net mail archive
RE: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
daemon@ATHENA.MIT.EDU (Ken Buchanan)
Wed Jun 8 10:11:32 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 8 Jun 2005 10:00:09 -0400
From: "Ken Buchanan" <K.Buchanan@Kastenchase.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>,
"Perry E. Metzger" <perry@piermont.com>
Cc: "Ian G" <iang@systemics.com>, <cryptography@metzdowd.com>
Steven M. Bellovin wrote:
> The bigger issue, though, is more subtle: keeping track of the keys
> is non-trivial. These need to be backed up, too, and kept separate
> from (but synchronized with) the tapes. Worse yet, they need to be
> kept secure. That may mean storing the keys with a different
> escrow company. A loss of either piece,the tape or the key, renders
> the backup useless. =20
This is correct. It is not that nobody ever thought of encrypting =
tapes, it is that there has been no uptake on the idea because the =
management overhead costs outweighed the perceived benefit. The big =
vendors didn't bother offering it because they didn't think they could =
make money, and the start-ups who have been trying to fill the gap found =
the market to be small.
Now it is becoming clear that the perceived benefit has been =
underestimated.
There are a number of small companies making products that can encrypt =
data in a storage infrastructure, including tape backups (full =
disclosure: I work for one of those companies). The solutions all =
involve appliances priced in the tens of thousands. The costs come not =
from encryption (how much does an FPGA cost these days?), but from =
solving the problems you listed, plus some others you didn't.
Now that the benefit of storage encryption is clearer, tape vendors =
(StorageTek, HP, IBM, etc) are almost certainly looking at adding =
encryption capability into their offerings.
There is an IEEE working group developing interoperability standards for =
storage encryption, including tape:
http://www.siswg.org
And in case anyone is really interested in this subject, Networking =
Computing magazine did a round-up of all the storage infrastructure =
security solutions currently on the market:
http://www.networkcomputing.com/showitem.jhtml?docid=3D1607f2
Ken
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
