Spearheading advanced encryption

Thomas Edison claimed that genius is one percent inspiration and 99 percent perspiration. Likewise, James Hughes, senior fellow at StorageTek, discovered the same to be true when he had the idea for an advanced encryption technology standard that protects data at rest. It took Hughes 10 years from that first inspiration for an encryption standard before he created what is now called P1619 technology.

While working at Network Systems on VPN technology, Hughes realized that the real value of a network could come from sharing it with people you don’t trust. He set a goal to allow companies and departments within companies who don’t necessarily trust one another to share storage. “I wanted to take VPN technology and apply it to storage,” Hughes says.

By way of example, Hughes points to outsourcers whose customers insist that the outsource company put up a chain link fence inside the datacenter from floor to ceiling to separate them from other companies.

“Even inside corporations, sales and finance don’t trust the engineering department,” Hughes adds.

Thanks to P1619, if someone gains access to the storage media, they can only read nonessential data unless they have the decryption keys. P1619 uses AES (Advanced Encryption Standard), the underlying cipher, in a way that is unique.

All disk sectors hold 512KB. The challenge was how to encrypt data within each of those sectors’ 512KB, without making the sector larger and while still making it resistant to tampering. The solution prevents an attacker from making any changes in the stored data while it is at rest. If a hacker tampers with any single bit in the 512KB, P1619 technology scrambles the entire sector.

The technology is not confined to disk storage and can be used on tape and other media.

Prior to P1619, a hacker could change salary data, for example, while it remained on the storage device without ever having to crack the security code, Hughes says.

The future benefits of P1619 will come from lowering infrastructure costs by creating large datacenters that can share the same storage and security.

But Hughes adds one caveat. “If you encrypt the data correctly, that means if you lose the key, you’ve lost the data,” he says.

Key management is therefore critical, Hughes warns. Rather than having to re-encrypt terabytes of data if and when a company decides to leave vendor A and go to vendor B, the challenge for P1619 technology is to find a standard way for exchanging keys between vendors.