• 日本語
• 한국어
• 简体中文
• English

디스크 및 테이프 스토리지

Storage security has become the most important issue for IT managers due to the loss of smartphones, laptops, data being recovered from surplus computer disk drives and even tapes being misplaced by otherwise reputable companies offering off-site storage services. It is now clear that the industry must respond with a comprehensive security standard for data at rest and Elliptic has developed highly-integrated solutions which span all aspects of storage security.

The IEEE has ratified the disk security standard - 1619-2007. The security model works for RAID arrays where a disk might be physically removed by an insider intent upon accessing sensitive corporate information and applies equally well to single SATA or EIDE drives. The standard was updated to replace the LRW-AES cipher as LRW-AES exhibited vulnerability to certain attacks. The latest algorithm is referred to as the XTS-AES (and in some contributions as the AES-XTS) algorithm. It has also been ratified by NIST for inclusion as an approved mode under FIPS 140-2 which would permit it to be used in government applications.

The following cores can be applied to disk security applications:

• CLP-600: Security Protocol Accelerator
• CLP-47: Configurable XTS-AES Core
• CLP-45: Configurable Look Aside AES Core

The IEEE Std 1619.1-2007 - Standard Architecture for Encrypted Shared Storage Media, is also ratified and is targeted at encrypting information stored on tape for back-up purposes. It specifies the implementation of either AES-GCM or AES-CCM as the symmetric encryption cipher for this standard. Elliptic offers a variety of solutions for these algorithms ranging in performance from 100 Mbps up to 40+ Gbps depending on the class of tape drive being targeted.

The following cores can be applied to tape storage security applications:

• CLP-200: Pipelined GCM-AES Core Core
• CLP-45: Configurable Look Aside AES Core
• CLP-24: High Throughput AES-GCM Core
• CLP-20: High Throughput AES-CCM Core

Storage applications must have sophisticated key management designs. This in turn will frequently leverage encrypted key blobs which can be stored in memory such as RAM caches, Flash or on tape and disk. To facilitate the secure storage of key blobs, NIST and the IETF have developed an algorithm for key wrapping that uses the advanced encryption standard. The CLP-34 implements the AES key wrap (encryption) and key unwrap (decryption) algorithms.

• CLP-34 AES Key Wrap Core

Elliptic also offers Ellipsys Cryptography Middleware in support of storage applications, including key management. The middleware is split into the symmetric algorithms such as AES and SHA and the asymmetric RSA and ECC algorithms used in authentication and key exchange. The middleware is licensed as C source code.

• ESS-01: Symmetric Middleware
• ESS-02: Asymmetric Middleware