Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Memory/Storage

Boost system security with better data-at-rest encryption

Posted: 10 Apr 2012     Print Version  Bookmark and Share

Keywords:data-at-rest  encryption  self-encrypting drive 

The practical application of tweakable ciphers for the data-at-rest protection problem is the property that the cipher's security doesn't preclude reuse of the IV; thus, media sector number and block offset within the sector provide a perfect fit for tweak selection.

In 2007, IEEE's Security in Storage Working Group (SISWG) published standard P1619.4 The IEEE P1619 standard defines the XTS-AES cipher mode as a result of a thorough study of numerous potential tweak-based algorithms for use in data-at-rest protection.

This choice is further bolstered by NIST in "Special Publication 800-38E", which approves the XTS-AES cipher mode and references its definition in IEEE P1619-2007.5 NIST has also amended FIPS 140-2 to include XTS-AES as an approved cipher for validation.6

The tweak algorithm found in XTS-AES is based on and almost identical to the one originally created by noted cryptographer Phillip Rogaway, called XEX.7 In addition to strong security, XEX (and hence XTS-AES) are also designed for efficiency when applied to storage of many sequential data blocks (as is common with file storage).

The XTS-AES block cipher is depicted in figure 3. Oddly this cipher requires twice the keying material; for 128bit security, 256 bits of key must be used. The first half of the key is used to process the plaintext; the second half is used to encrypt a 128bit representation of the sector number, which acts as the primary tweak, as shown in Figure 3. The result of this encryption is fed to a function that performs a Galois field multiplication (implemented as a sequence of shifts and XORs) of the encryption result with a Galois constant derived from the secondary tweak, the numeric index of the data block within the sector. The result of this Galois multiplication is used twice. First it's added (XOR) to the plaintext block, which is then encrypted with the first key half. The Galois result is added (XOR)again to the plaintext block encryption result to create the final ciphertext block.

Figure 3: The XTS-AES data-at-rest encryption cipher.

Decryption is similar; however, while the AES-ECB decryption algorithm is used to process the ciphertext, the tweak cipher remains the same, using the AES-ECB encryption algorithm.

In practice, data is stored to media in sectors. Therefore, the block encryption algorithm shown earlier must be executed in a loop across the entire sector. Note that while XTS-AES handles partial blocks, that part of the algorithm is often unnecessary. For example, the common sector size of 512B will result in 32 block encryptions, and most media-management layers will access a full sector at a time. For such a system, given a function, xts_encrypt, which takes the sector number and size in bytes, plaintext block, and encryption key as input, the simple code sequence in the listing below handles the sector encryption.

sector_encrypt(uint8_t *sector, uint32_t sector_num, uint32_t
    sector_size, uint8_t key[])
  uint32_t i;
  assert((sector_size % AES_BLOCK_SIZE) == 0); /* 512 % 16 */
  for (i = 0; i < sector_size/AES_BLOCK_SIZE; i++) /* 32x */
    _encrypt(sector+i*AES_BLOCK_SIZE, key, sector_num, i);

It's also easy to see from this code sequence that XTS-AES is parallelizable. If the embedded system contains an AES hardware accelerator (especially one that has direct support for XTS mode), this implementation should be modified to take advantage of the accelerator's ability to process multiple AES blocks at once. Furthermore, if the media allows for sector size configurability, developers may want to vary the sector size to see if better throughput (potentially at the expense of slightly reduced space efficiency) can be achieved.

 First Page Previous Page 1 • 2 • 3 • 4 • 5 Next Page Last Page

Comment on "Boost system security with better da..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top