Upload
behroz-zarrinfar
View
85
Download
3
Embed Size (px)
Citation preview
2Topic
Data Encryption Definition Symmetric key encryption Asymmetric key encryption Hybrid encryption Digital certificates
Key Management Encryption Key Manager Tivoli Key Lifecycle Manager
IBM Tape Drive & Disk System Encryption IBM Tape Drive TS1120 & TS1130 & LTO Model IBM Disk System DS5000 & DS8000
References
3Data EncryptionDefinition
Encryption transforms data that is unprotected, or plain text, into encrypted data, or cipher text, by using a key.
IBM invented one of the first computer-based algorithms, Data Encryption Standard (DES), in 1974.
With the advances in computer technology, DES is now considered obsolete.
Today :Triple DES (TDES) and Advanced Encryption Standard (AES) Early encryption methods used the same key to encrypt clear text
to generate cipher text and to decrypt the cipher text to regenerate the clear text. This method is called symmetric encryption.
asymmetric encryption algorithms use separate keys for encryption and decryption
5Data EncryptionSymmetric Key Encryption
Known As private or secret key encryption.The Symmetric key encryption method uses one key for encrypting and decrypting data.
Well-known symmetric key examples include AES, Twofish, Blowfish, Serpent, Cast5, DES,TDES, and IDEA
Adv Symmetric Key Proccess is Very Fast.Adv Symmetric Key length is short.DisAdv Way that keys are exchangedDisAdv Number of required keys
7Data EncryptionAsymmetric Key Encryption
Known As public-private key encryption or public key encryption. The asymmetric key encryption method uses key pairs for
encrypting and decrypting data. One key is used to encrypt the data, and the other key is used to
decrypt the data Public key used to encrypt the data. Private key used to decrypt the data. Well-known Asymmetric key examples include RSA, Diffie-Hellman,
Elliptic curve , cryptography (ECC), and ElGamal. Adv The ability to share secret data without sharing the same
encryption key. DisAdv Asymmetric key encryption is computationally more
intensive and therefore significantly slower than symmetric key encryption.
9Data EncryptionHybrid Encryption
Hybrid encryption is combine symmetric and asymmetric encryption. Hybrid methods use a symmetric data key to actually encrypt and decrypt data. The recipient is able to decrypt the encrypted data key and use the data key to
encrypt or decrypt a message. Adv Secure and Convenient key exchange with fast and efficient encryption
10IBM Key Management methods
Encryption challenges
Key security : To preserve the security of encryption keys, the implementation
must ensure that no one individual (system or person) has access to all the information required to determine the encryption key.
Key availability : To preserve the access to encryption keys, many techniques can
be used in an implementation to ensure that more than one agent has access to any single piece of information necessary to determine an encryption key.
Solution : A key server is integrated with encrypting storage products to
resolve most of the security and usability issues associated with key management for encrypted storage
11IBM Key Management methods
Key security : To preserve the security of encryption keys, the implementation
must ensure that no one individual (system or person) has access to all the information required to determine the encryption key.
Key availability : To preserve the access to encryption keys, many techniques can
be used in an implementation to ensure that more than one agent has access to any single piece of information necessary to determine an encryption key.
Solution : A key server is integrated with encrypting storage products to
resolve most of the security and usability issues associated with key management for encrypted storage
IBM Tivoli Key Lifecycle Manager and Encryption Key Manager
13IBM Key Management methods
IBM Encryption Key Manager
EKM is a Java software which works as a external program.EKM works on IBM encryption-enabled Tape Drive Like TS1120
and Tape-Open (LTO) Ultrium 4.EKM is providing, protecting, storing, and maintaining encryption
keys that are used to encrypt information being written to, and decrypt information being read from, tape media.
There are three methods of encryption management from which to choose. These methods differ in where you choose to locate your Encryption Key Manager application
The EKM does not perform any cryptographic operations, such as generating encryption keys, and it does not provide storage for keys and certificates.
To perform these tasks, Encryption Key Manager has to rely on external components.
14IBM Key Management methods
IBM Encryption Key Manager - Component
• The tape drive table is used by EKM to track the tape devices that it supports.
• The configuration file is an editable file that tells your EKM how to operate.• A keystore holds the certificates and keys used by EKM to perform
cryptographic operations.• EKM uses the IBM Crypto Services for its cryptographic capabilities.
16IBM Key Management methods
IBM Tivoli Key Lifecycle ManagerAnnounce in 2008.EKM works on IBM encryption-enabled such as the IBM
System Storage DS8000 Series family and the IBM encryption-enabled tape drives (TS1130 and TS1040).
TKLM provides, protects, stores, and maintains encryption keys that are used to encrypt information being written to, and decrypt information being read from, an encryption-enabled disk.
Two Tivoli Key Lifecycle Manager key servers provide redundancy.
Tivoli Key Lifecycle Manager communicates with the managed storage devices using TCP/IP.
Tivoli Key Lifecycle Manager is supported on a variety of operating systems.
17IBM Tape Drive & Disk System Encryption
DS 5000DS 8000
LTO Ultrim
TS 1120
IBM Disk systemsIBM Tape drives