Encryptor Save/Restore

Encrypted Tapes Backup/Restore Facility

Latest cryptographic standards - TDES and AES

Secure 128-bit per-file keys

Local & Remote tape operations

Centralized, simple configuration

No additional hardware or software

Practically no learning curve

How will you be judged if one of your company's backup tapes falls into the wrong hands? Considering that gigabytes of data on backup tapes might wind up in malicious hands, would you invest the time and money necessary to make sure that information was completely unreadable to unauthorized users?

Protecting data stored to tape is increasingly important, as many organizations have recently discovered when lost tapes made unwanted headlines and headaches for companies across the US and around the world. If companies encrypted their tapes, then the data would have been considered absolutely secureŚwithout the key, the data cannot be accessed. So, encryption is the logical obvious solution. but how can you easily implement encryption without breaking your budget? You now have a choice that is both affordable and straightforward:

ETF - Encrypted Tape Faclity for Stratus/VOS systems.

Instead of using the standard VOS save command to create tape backups and restore command to load tapes back onto the system, the user would use encrypted-save and encrypted-restore commands to accomplish the same task, but the data on the tape would be completely encrypted and unintelligible to everyone, except to those who know the password / encryption-key.

Where command macros are used to initiate tape save and restore operations, adjustments would have to be made to accommodate the new command name and additional fields. This simple adjustment is the only requirement and implementation procedure.

It is no secret that Encrypted operations will take more CPU cycles than the standard save command, as all the data is encrypted on the fly, before it is deposited onto the tape device. Likewise, an encrypted-restore operation will likely use more CPU cycles than a standard restore operation. One solution is to run the utility at low transaction processing times during the late evening or during weekends The second alternative is to use the Remote save/restore option.

Where a customer installation comprises more than one module, ETF allows for backups to take place to tape devices remote from the system being backed up. Sufficient networking bandwidth must be provided to allow this option to operate in an efficient manner, typically via a 1 Gigabyte Ethernet connection.

When using the remote backup/restore feature, both physical tape reads/writes as well as the encryption algorithm overhead are "pushed" onto the remote module freeing significant CPU power on the primary module. Thus, when executing a remote-encrypted-save operation, the primary module will only read the data and pass it on to the remote module (typically a non-production module) where the encryption will take place followed by the tape-write operation.

The Remote encrypted tape backup option would allow one module (perhaps, a non-production module) to serve as the centralized tape backup/restore facility where multiple modules are present and would cut overhead on the module whose files are being saved.

In a multi-module environment, Data encryption is executed on the Remote (non-production) module as well as all tape operations. This frees up more CPU on the Primary (Production) module which in turn is expected to run much faster during the Save.

About AES Encryption

In June of 2003, the U.S. Government approved the Advanced Encryption Standard (AES) as its standard algorithm for transmitting classified data.

AES was selected by the National Institute of Standards and Technology (NIST) from submissions by the world's leading cryptographers after a 3-year competition.

AES had the best combination of security, performance, efficiency, implementability and flexibility. NIST declared AES secure enough to protect classified information up to TOP SECRET level, that would cause "exceptionally grave damage" to national security if disclosed to the public.

"This standard will serve as a critical computer security tool supporting the rapid growth of electronic commerce," U.S. Secretary of Commerce Norman Y. Mineta said. "This is a very significant step toward creating a more secure digital economy. It will allow e-commerce and e-government to flourish safely, creating new opportunities for all Americans."

It would take a supercomputer 149 trillion years to decode a 128-bit AES key. AES is also the commercial standard for encrypting sensitive digital information, including financial (ATM machines) and telecommunications data.

AES replaces the commonly used Data Encryption Standard (DES).

How Secure is 128-Bit AES Encryption?

For each 128-bit key, there can be 3.4 x 10^38 possible combinations. By comparison, the Enigma code used by the Germans in World War II had approximately 1.1 x 10^7 keys and DES has about 7.2 x 10^16 keys. To put this into perspective, if we assumed a super-computer could break the DES code in one second, it would take the same supercomputer 149 trillion years to decode a 128-bit AES key - longer than our universe has existed. It is to say there no supercomputer in the foreseeable future can brute-force AES 128 bit. As long as no one finds your encryption phrase print-out, your encrypted data can never be deciphered.

Implementation Notes

Below are the steps that are involved in the implementation of Encryptor-Tape:

  1. Find and identify all current tape backup / restore procedures, including all relevant command macros etc.

  2. Identify which files/dirs consist of secure data that should be encrypted.

  3. Change the save/restore command macros to reflect encryptor_admin command line (simple) for the secure data only.

  4. Insert every saved path into the encryptor_files.tin (see example below) This is the ETF configuration file. It consists of the encryption method (AES, DES or 3DES) The file(s) path names, Encryption password, Tape path name. The encryptor_files.tin should contain ALL the secure data path names. It accepts * names, files names or dir or even a whole disk name. There number of records in the table are unlimited.

    /=record_type            tape
     =logical_name           my_cms
     =path_name              %softmark#d03>Soft>SPS>command_library>*cm
     =key_name               aes_key
     =tape_path              %softmark#d03>Soft>SPS>command_library>tape_file
    /=logical_name           MY_TEST2
     =record_type            tape
     =path_name              %ari#d01>SysAdmin>milap>dbq>*.pm*
     =key_name               aes_key
     =tcp_ip_port            5000
     =tape_path              %ari#d01>SysAdmin>milap>tape_file