Disk & Tape Storage
Storage security has become the most important issue for IT managers due to the loss of smartphones, laptops, data being recovered from surplus computer disk drives and even tapes being misplaced by otherwise reputable companies offering off-site storage services. It is now clear that the industry must respond with a comprehensive security standard for data at rest and Elliptic has developed highly-integrated solutions which span all aspects of storage security.
The IEEE has ratified the disk security standard - 1619-2007. The security model works for RAID arrays where a disk might be physically removed by an insider intent upon accessing sensitive corporate information and applies equally well to single SATA or EIDE drives. The standard is based on the XTS-AES (and in some contributions as the AES-XTS) algorithm. It has also been ratified by NIST for inclusion as an approved mode under FIPS 140-2 which would permit it to be used in government applications.
The IEEE Std 1619.1-2007 - Standard Architecture for Encrypted Shared Storage Media, is also ratified and is targeted at encrypting information stored on tape for back-up purposes. It specifies the implementation of either AES-GCM or AES-CCM as the symmetric encryption cipher for this standard. Elliptic offers a variety of solutions for these algorithms ranging in performance from 100 Mbps up to 40+ Gbps depending on the class of tape drive being targeted.
Storage applications must have sophisticated key management designs. This in turn will frequently leverage encrypted key blobs which can be stored in memory such as RAM caches, Flash or on tape and disk. To facilitate the secure storage of key blobs, NIST and the IETF have developed an algorithm for key wrapping that uses the advanced encryption standard. Elliptic's IP portfolio includes AES key wrap (encryption) and key unwrap (decryption) solutions.
Elliptic also offers Ellipsys Cryptography Middleware in support of storage applications, including key management and the recently ratified IEEE Std 1619.2-2010 standard for wide-block encryption and block storage devices. The middleware is split into the symmetric algorithms such as AES and SHA and the asymmetric RSA and ECC algorithms used in authentication and key exchange. The middleware is licensed as C source code.
Security Protocol Accelerators and Processors
- CLP-200: Pipelined GCM-AES Core Core
- CLP-47: Configurable XTS-AES Cipher
- CLP-45: Configurable Look Aside AES Core
- CLP-20: High Throughput AES-CCM Core
- CLP-26: Configurable SHA and MD5 Hash Core
- CLP-100: Flow-Through Hash Core
- CLP-300: RSA and Elliptic Curve Public Key Accelerator
- CLP-27: Compact True Random Number Generator
- CLP-34: AES Key Wrap Core
Ellipsys Cryptography Middleware
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.