Institute of Electrical and Electronics Engineers IEEE standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group SISWG , which includes a family of standards for protection of stored data and for the corresponding cryptographic key management. The P An encryption algorithm used for data storage has to support independent encryption and decryption of portions of data. So-called narrow-block algorithms operate on relatively small portions of data, while the wide-block algorithms encrypt or decrypt a whole sector. Narrow-block algorithms have the advantage of more efficient hardware implementation. On the other hand, smaller block size provides finer granularity for data modification attacks.

Author:Tojajind Tygoktilar
Language:English (Spanish)
Published (Last):1 May 2012
PDF File Size:17.63 Mb
ePub File Size:16.51 Mb
Price:Free* [*Free Regsitration Required]

Draft Standard for Standard Architecture for. As such, this document is subject to. Because this is an unapproved draft, this document must not be. Committee participants to reproduce this document for purposes of IEEE standardization activities only.

Prior to submitting this document to another standards development organization for standardization. Standard s Activities Department. Other entities seeking permission to reproduce this document, in whole or.

Abstract: This standard specifies the architecture for protection of data in sector-level storage devices,. The purpose of this standard is to describe a method of encryption for data-at-rest in sector-based devices. The standard specifies the. Attention is called to the possibility that implementation of this standard may require use of subject matter.

By publication of this standard, no position is taken with respect to the existence. The IEEE shall not be responsible for identifying.

At the time this draft standard was completed, the Security in Storage Working Group had the following. Test vectors and code supplied by Doug Whiting and Brian Gladman. Robb Elliott helped improve the. The following members of the balloting committee voted on this standard. Balloters may have voted for. Special Terms Annex A in for mative Bibliography Annex B in for mative Test Vectors Annex D in for mative Rationale and Design Choices Narrow Block Tweakable Encryption This standard specifies the architecture for protection-use-data in sector-level storage devices,.

This standard provides a standard architecture for media security and enabling components. Another requirement in some cases is that the encryption trans for m must be length-preserving,.

These two properties allow the use of. It is noted that the. This standard also. The goal is to facilitate a scenario where a standard-. The for mal definition of the security goal of a tweakable block-cipher is due to Liskov, Rivest, and Wagner. The following referenced documents are indispensable for the application of this document. For dated. For undated references, the latest edition of the referenced. For the purposes of this standard, the following terms and definitions apply.

The Authoritative Dictionary. The key. The first data unit in a key scope starts with the. Data units within a key scope are of equal sizes. A data unit does not necessarily correspond to a physical. Decimal and binary numbers are used within this document. For clarity, decimal numbers are generally. Decimal numbers are represented in their usual 0, 1, 2, Binary numbers are represented by a. Thus the decimal number 26 may also be represented. The encryption and decryption procedures described in the following section use multiplication of a 16byte.

In particular, the byte result of. AES encryption or decryption is treated as a byte array, where a0[0] is the first byte of the AES block. The output array is defined recursively by the following for mulas where i is iterated from 0 to j:. Conceptually, the operation is a left shift of each octet by one bit with carry propagating from one octet to. Also, if the 15 th last octet shift results in a carry, a special value decimal is xor-ed into.

The key is parsed as a. The ciphertext. The key is parsed as a concatenation of two fields of equal size called Key1 and Key2 such that:. The plaintext shall then be computed by the following or an equivalent sequence of. The key is parsed as.

The plaintext. The encryption and decryption procedures described in 5. To be compliant with the standard, the implementation shall support at least. The number of bits in a data unit is not necessarily divisible by AES block. The number of byte blocks in the data unit shall not exceed 2 Devices compliant with this standard should include documentation describing this.

To use this standard, a bit or bit key shall be associated with an ordered sequence of data units,. The sequence of data units that are associated with the key is related to the scope.

In order to encrypt or decrypt a data unit, the sequence number of this data unit within the. As defined in 7. The data unit size shall be at least bits. A standardcon for mant. In an application of this standard to sector-level encryption of a disk, the scope of a key typically includes a.

The reason is that. In particular, key reuse enables trivial cut-andpaste. The system surrounding a device compliant with this standard should support the Key Backup structure. The Key Backup structure provides all the in for mation that is needed in order to.

These data units. The sequence of data units that are. Standard Standard Description Standard identifier. Trans for m Trans for m Trans for m description. For example,. It is impossible. Table 2 defines the StructureID element, which is the in for mation needed to uniquely identify a particular. This element is used to uniquely define standard-related in for mation relevant to the time of encryption.

Table 3 defines the Standard element. The KeyScope specifies the scope of the key material that is identified in the key backup structure.

Table 4. The trans for m name shall be one of the supported strings, as specified in Table 6 below. The Key Backup structure is encoded in XML, to facilitate a unified for mat and allow an application. This also provides an automatic generation and parsing of Key. A Key backup structure may be protected as follows. The actual key material KeyMaterial from Table 7.

The cryptographic strength of wrapping keys. The implementation shall provide integrity for the key file, using standard methods. If a wrapping key reference is used as above, the wrapping key is stored as an EncryptedKey element. Mayer and S. Naor and O. Available on-line.

Liskov, R. Rivest, and D. Springer-Verlag, Halevi and P.


Popular Publishers



IEEE P1619™/D11 Draft Standard for Standard Architecture for ...



IEEE P1619



Oh no, there's been an error


Related Articles