|
IEEE P1619
Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of stored data and for the corresponding cryptographic key management. Standards SISWG oversees work on the following standards: The base IEEE 1619 Standard Architecture for Encrypted Shared Storage Media uses the XTS-Advanced Encryption Standard (XEX-based Tweaked CodeBook mode (TCB) with ciphertext stealing (CTS); the proper name should be XTC (XEX TCB CTS), but that acronym is already used to denote the drug ecstasy. The P1619.1 Authenticated Encryption with Length Expansion for Storage Devices uses the following algorithms: * Counter mode with CBC-MAC (CCM) * Galois/Counter Mode (GCM) * Cipher Block Chaining (CBC) with HMAC-Secure Hash Algorithm * XTS-HMAC-Secure Hash Algorithm The P1619.2 Standard for Wide-Block Encryption for ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Institute Of Electrical And Electronics Engineers
The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operations center in Piscataway, New Jersey. The mission of the IEEE is ''advancing technology for the benefit of humanity''. The IEEE was formed from the amalgamation of the American Institute of Electrical Engineers and the Institute of Radio Engineers in 1963. Due to its expansion of scope into so many related fields, it is simply referred to by the letters I-E-E-E (pronounced I-triple-E), except on legal business documents. , it is the world's largest association of technical professionals with more than 423,000 members in over 160 countries around the world. Its objectives are the educational and technical advancement of electrical and electronic engineering, telecommunications, computer engineering and similar disciplines. History Origins ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Disk Encryption Theory
Disk encryption is a special case of data rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware. Problem definition Disk encryption methods aim to provide three distinct properties: # The data on the disk should remain confidential. # Data retrieval and storage should both be fast operations, no matter where on the disk the data is stored. # The encryption method should not waste disk space (i.e., the amount of storage used for encrypted data should not be significantly larger than the size of plaintext). The first property requires defining an adversary from whom the data is being kept confidential. The strongest adversaries studied in the field of disk encryption have these abilities: # they can r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptography Standards
There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis. Encryption standards * Data Encryption Standard (DES, now obsolete) * Advanced Encryption Standard (AES) * RSA the original public key algorithm * OpenPGP Hash standards * MD5 128-bit (obsolete) * SHA-1 160-bit (obsolete) * SHA-2 available in 224, 256, 384, and 512-bit variants * HMAC keyed hash * PBKDF2 Key derivation function (RFC 2898) Digital signature standards * Digital Signature Standard (DSS), based on the Digital Signature Algorithm (DSA) * RSA * Elliptic Curve DSA Public-key infrastructure (PKI) standards * X.509 Public Key Certificates Wireless Standards * Wired Equivalent Privacy (WEP), severely flawed and superseded by WPA * Wi-Fi Protected Access (WPA) better than WEP, a 'pre-standard' partial version of 802.11i * 802.11i a.k.a. WPA2, uses AES and other improvements ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
On-the-fly Encryption
Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage. The expression ''full disk encryption (FDE)'' (or ''whole disk encryption'') signifies that everything on the disk is encrypted, but the master boot record (MBR), or similar area of a bootable disk, with code that starts the operating system loading sequence, is not encrypted. Some hardware-based full disk encryption systems can truly encrypt an entire boot disk, including the MBR. Transparent encryption Transparent encryption, also known as real-time encryption and on-the-fly encryption (OTFE), is a method used by some disk encryption software. "Transparent" refers to the fact that data is automatically encrypted or decrypted as it is loaded or sa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Key Management Interoperability Protocol
The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. Keys may be created on a server and then retrieved, possibly wrapped by other keys. Both symmetric and asymmetric keys are supported, including the ability to sign certificates. KMIP also allows for clients to ask a server to encrypt or decrypt data, without needing direct access to the key. The KMIP standard was first released in 2010. Clients and servers are commercially available from multiple vendors. The KMIP standard effort is governed by the OASIS standards body. Technical details can also be found on thofficial KMIP pageanwiki Description A KMIP server stores and controls ''Managed Objects'' like symmetric and asymmetric keys, certificates, and user defined objects. Clients then use the protocol for accessing ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Key Management
Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols. Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling, which typically refers to the internal handling of keys within the operation of a cipher. Successful key management is critical to the security of a cryptosystem. It is the more challenging side of cryptography in a sense that it involves aspects of social engineering such as system policy, user training, organizational and departmental interactions, and coordination between all of these elements, in contrast to pure mathematical practices that can be automated. Types of keys Cryptographic systems may use different types of keys, with some systems using more ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Full Disk Encryption
Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage. The expression ''full disk encryption (FDE)'' (or ''whole disk encryption'') signifies that everything on the disk is encrypted, but the master boot record (MBR), or similar area of a bootable disk, with code that starts the operating system loading sequence, is not encrypted. Some hardware-based full disk encryption systems can truly encrypt an entire boot disk, including the MBR. Transparent encryption Transparent encryption, also known as real-time encryption and on-the-fly encryption (OTFE), is a method used by some disk encryption software. "Transparent" refers to the fact that data is automatically encrypted or decrypted as it is loaded or s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is possible to decrypt the message without possessing the key but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption techniques were often used in military ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Disk Encryption
Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage. The expression ''full disk encryption (FDE)'' (or ''whole disk encryption'') signifies that everything on the disk is encrypted, but the master boot record (MBR), or similar area of a bootable disk, with code that starts the operating system loading sequence, is not encrypted. Some hardware-based full disk encryption systems can truly encrypt an entire boot disk, including the MBR. Transparent encryption Transparent encryption, also known as real-time encryption and on-the-fly encryption (OTFE), is a method used by some disk encryption software. "Transparent" refers to the fact that data is automatically encrypted or decrypted as it is loaded or sa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Comparison Of Disk Encryption Software
This is a technical feature comparison of different disk encryption software. Background information Operating systems Features * Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established) can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others. * Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk. * Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords. * Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications. * Multiple keys: Whether an encrypted volume can have m ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bit-flipping Attack
A bit-flipping attack is an attack on a cryptographic cipher in which the attacker can change the ciphertext in such a way as to result in a predictable change of the plaintext, although the attacker is not able to learn the plaintext itself. Note that this type of attack is not—directly—against the cipher itself (as cryptanalysis of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service attack against all messages on a particular channel using that cipher. The attack is especially dangerous when the attacker knows the format of the message. In such a situation, the attacker can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force re-encryption with a weaker cipher, thus possibly making it easier for an attacker to decipher the message. When applied to digital signatures, th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Disk Encryption Theory
Disk encryption is a special case of data rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware. Problem definition Disk encryption methods aim to provide three distinct properties: # The data on the disk should remain confidential. # Data retrieval and storage should both be fast operations, no matter where on the disk the data is stored. # The encryption method should not waste disk space (i.e., the amount of storage used for encrypted data should not be significantly larger than the size of plaintext). The first property requires defining an adversary from whom the data is being kept confidential. The strongest adversaries studied in the field of disk encryption have these abilities: # they can r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
