LTO-4 encryption secures data

By Mark Ferelli

About 70% of all data is stored on tape. As such, security is a challenge, with corporate governance, e-discovery requirements, and state and federal regulations driving the sometimes conflicting calls for personal data privacy, data portability, and confidentiality of business records.

Federal regulations can be stiff (see table).

Storage security as it applies to tape technology involves issues such as access control and the encryption of data. The use of encryption, coupled with effective key management, can solve many of the data security requirements in the data center. And a compelling case can be made for tape-based encryption, as exemplified by the encryption scheme used in LTO-4 tape drives.

The amount of data placed at risk through lost tape media is a matter of public record. Federal and state agencies, and businesses of all sizes, have suffered data-loss episodes. As such, readers might wonder whether transporting media shouldn’t go the way of the dodo bird. However, the physical transportation of tape media to other locations is a continuing part of government and business operations.

Security breaches can cost serious money. According to the Ponemon Institute, from January 2005 to July 2007, 158 million Americans had personal data exposed. With the estimated cost per breach at $182, the total runs $28.7 billion. And that is only the dollar cost. The loss of public confidence, customer good will, continued customer relationships, and business opportunities translate into incalculable lost revenues over time.

All of the tales of lost tapes and the continued use of tape as an essential transport for backup and archival information lead to the conclusion that tapes should be encrypted.

However, encryption has encountered resistance in the data center, in part due to the cost, time, and personnel needed to oversee tasks such as key management.

If organizations don’t encrypt their backup or archive tapes, how do they secure such information? The answer is that many don’t. Others place their faith in physical perimeter security, such as locks, keys, guards, etc. This all helps, but if one of the selling points of tape is its portability, perimeter security is a slender reed to lean on.

LTO-4 encryption

LTO-4 doubles the capacity of LTO-3 to 800GB (native) per cartridge and increases the read/write speed by 50%—from 80MBps for LTO-3 to 120MBps for LTO-4. The increased capacity is due to two methodologies common to tape advancements: improved head technology and longer tape lengths with thinner base films. How-ever, increased density with LTO-4 also comes from PRML encoding technology.

LTO-4 tape drives include onboard, 256-bit Advanced Encryption Standard—Galois Counter Mode (AES-GCM) encryption to mitigate or eliminate the performance penalty of software-based encryption and the expense of dedicated encryption appliances. LTO-4 encryption is included in the LTO Ultrium specification, and the AES-GCM algorithm is implemented in the tape drive’s formatting chip.

AES-256 was designated “unbreakable” by the US government, and therefore—when correctly implemented—obviates the risks associated with loss, theft, or disposal of tapes.

The AES-256 encryption engine is implemented in the buffer management silicon of LTO-4 drives, thereby adding encryption functionality at very low cost. Key management systems can be implemented to allow tapes to be exchanged among drives, libraries, and geographic locations.

AES is an encryption algorithm that describes the encryption of a 4-byte-by-4-byte array of data using a single key. GCM is a mode of operation for AES. GCM operates by seeding a counter with a random number known as an initialization vector. This element is increased by one and the output is operated upon by the AES algorithm. The result is a stream of encrypted data.

The GCM spec requires that the initialization vector be created anew at the end of each record and be recorded in the tape format. During a read operation, the internal counter is reset for that record by the vector. Galois-field mathematics then generates authenticated encryption of the message. The spec also calls for a computed tag value to provide additional security for the record. Additional Authenticated Data (AAD) is likewise generated and used as the hook to retrieve keys from a key management appliance.

Coupled with a key management system, AES-GCM provides the protection required for tapes in transit. If the tapes are encrypted, lost media cannot be decrypted.

There is some concern that LTO-4’s encryption algorithm does not meet the Federal Information Processing Standard 140-2—FIPS.

The FIPS 140-2 Level-3 standard requires that the systems used to store encryption keys be physically secure, use two-part authentication, produce audit logs showing all accesses, and encrypt all communications between systems.

But while this may be a gold standard for dealing with federal organizations, it may be excessive for many, if not most, companies.

Looking at the two-part authentication, 128-bit key lengths or keys that change every few weeks may be overkill, depending on what data you’re encrypting and why. If you use the same key for every encrypted tape, key management will be easier. But one security lapse will make all the data vulnerable. Secure key management is a must, but the exacting standard of FIPS may not be appropriate for your enterprise.

No matter what the standard, tape encryption with effective key management is a reliable, relatively trouble-free way to secure data against the crippling effects of loss or theft.

Complete systems will require encryption management systems. Software vendors will be releasing key management systems, and other vendors will be releasing server-based key management systems. And some tape library vendors provide encryption management systems integrated into their libraries.

Mark Ferelli is a freelance writer. He can be contacted at mcferelli@yahoo.com.

LTO revenues grow 15%

 Market research firm IDC says revenues for the overall midrange tape drive market grew about 10% last year, and LTO revenues grew 15%. In 2007, revenues from LTO tape drives topped $883 million. The overall tape market is expected to generate revenues of more than $1.4 billion in 2009, says IDC.

The latest generation of the LTO tape format—LTO-4—provides up to 1.6TB of capacity per cartridge (assuming 2:1 data compression) and a transfer rate up to 240MBps with 2:1 compression. Key features include WORM functionality and 256-bit AES-GCM encryption. LTO-4 is read/write-compatible with LTO-3 cartridges, and is read-compatible with LTO-2 cartridges.

This article was originally published on August 01, 2008