Applied Cryptography Techniques and Use Cases

The rapid growth in infrastructure to support real time and continuous collection and sharing of data to make better business decisions has led to an age of unprecedented information storage and easy access. While collection of large amounts of data has increased knowledge and allowed improved efficiencies for business, it has also made attacks upon that information—theft, modification, or holding it for ransom — more profitable for criminals and easier to accomplish. As a result, strong cryptography is often used to protect valuable data. The SNIA Networking Storage Forum (NSF) has recently covered several specific security topics as part of our Storage Networking Security Webcast Series, including Encryption101, Protecting Data at Rest, and Key Management 101. Now, on August 5, 2020, we are going to present Applied Cryptography. In this webcast, our SNIA experts will present an overview of cryptography techniques for the most popular and pressing use cases. We’ll discuss ways of securing data, the factors and trade-off that must be considered, as well as some of the general risks that need to be mitigated. We’ll be looking at: Read More

Key Management FAQ

Key management focuses on protecting cryptographic keys from threats and ensuring keys are available when needed. And it’s no small task. That's why the SNIA Networking Storage Forum (NSF) invited key management and encryption expert, Judy Furlong, to present a “Key Management 101” session as part our Storage Networking Security Webcast Series. If you missed the live webcast, I encourage you to watch it on-demand as it was highly-rated by attendees. Judy answered many key management questions during the live event, here are answers to those, as well as the ones we did not have time to get to.

Q. How are the keys kept safe in local cache?

Read More

Encryption Q&A

Ever wonder how encryption actually works? Experts, Ed Pullin and Judy Furlong, provided an encryption primer to hundreds of attendees at our SNIA NSF webcast Storage Networking Security: Encryption 101. If you missed it, It’s now available on-demand. We promised during the live event to post answers to the questions we received. Here they are:

Q. When using asymmetric keys, how often do the keys need to be changed?

A. How often asymmetric (and symmetric) keys need to be changed is driven by the purpose the keys are used for, the security policies of the organization/environment in which they are used and the length of the key material. For example, the CA/Browser Forum has a policy that certificates used for TLS (secure communications) have a validity of no more than two years.

Read More

Encryption 101: Keeping Secrets Secret

Encryption has been used through the ages to protect information, authenticate messages, communicate secretly in the open, and even to check that messages were properly transmitted and received without having been tampered with. Now, it’s our first go-to tool for making sure that data simply isn’t readable, hearable or viewable by enemy agents, smart surveillance software or other malign actors. But how does encryption actually work, and how is it managed? How do we ensure security and protection of our data, when all we can keep as secret are the keys to unlock it? How do we protect those keys; i.e., “Who will guard the guards themselves?” It’s a big topic that we’re breaking down into three sessions as part of our Storage Networking Security Webcast Series: Encryption 101, Key Management 101, and Applied Cryptography. Join us on May 20th for the first Encryption webcast: Storage Networking Security: Encryption 101 where our security experts will cover:
  • A brief history of Encryption
  • Cryptography basics
  • Definition of terms – Entropy, Cipher, Symmetric & Asymmetric Keys, Certificates and Digital signatures, etc. 
  • Introduction to Key Management
I hope you will register today to join us on May 20th. Our experts will be on-hand to answer your questions.

RSA Conference Shows that KMIP Is “Key” To Encryption and Protection of Enterprise Data

By Marty Foltyn

In the vast exhibit halls of last week’s RSA Conference, Cyber (aka cybersecurity) was the mantra.  With customers asking for confidence in the encryption and protection of enterprise data, attendees found  proven interoperability in the OASIS booth where developers of the OASIS Key Management Interoperability Protocol (KMIP) showcased their support for new features.

OASIS (Organization for the Advancement of Structured Information Standards) is a nonprofit consortium that drives the development, convergence20160301_135949, and adoption of open standards for the global information society.   The OASIS KMIP TC works to define a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. The resulting Protocol, its profiles, and test cases are defined by the OASIS KMIP Technical Committee. By removing redundant, incompatible key management processes, KMIP  provides better data security while at the same time reducing expenditures on multiple products.

Tony Cox, OASIS KMIP Technical Committee Co-Chair and Interoperability Event Lead, stressed that “The OASIS 2016 Interop is a small window into the reality of proven interoperability between enterprise key managers, HSMs, cryptographic devices, storage, security and cloud products.  The interoperability demonstration helped to reinforce  the reality of choice for CIOs, CSOs and CTOs, enabling products from multiple vendors to be deployed as a single enterprise security solution that addresses both current and future requirements.”

Tony Cox is also the Chair of the SNIA Storage Security Industry Forum, and five SNIA SSIF member companies showcased interoperable products using the OASIS KMIP standard — Cryptsoft, Fornetix, Hewlett Packard Enterprise, IBM, and Townsend Security.

20160301_124611 (2)SNIA provides a KMIP Conformance Test Program that enables organizations with KMIP implementations in their products to test those products against test tools and other products at the SNIA Technology Center in Colorado Springs, Colorado.   According to SNIA’s KMIP Test Program Manager David Thiel, the KMIP Test Program provides independent verification from a trusted third party that a given KMIP implementation conforms to the KMIP standard.  Verification gives confidence to both vendors and end users of KMIP solutions that a product will interoperate with other similarly tested KMIP products. KMIP support has become a prerequisite requirement for organizations looking to acquire storage and security key management solutions.

For vendors with a product that supports KMIP, having the product successfully complete SNIA’s KMIP Conformance Test Program is the best way to instill customer confidence. Any organization with a KMIP implementation can test in the SNIA’s vendor-neutral, non-competitive environment.  For KMIP Server testing, the vendor places the Server in the SNIA Technology Center and trains the KMIP Test Program staff on its use.  For KMIP Client testing, the vendor connects the Client over the Internet to the test apparatus at the SNIA Technology Center or installs the Client in the SNIA Technology Center.  The KMIP Test Program staff then tests the Server or Client and reports results to the vendor. All information regarding vendor testing and test results is confidential until the vendor releases successful test results for publication.

To date, products from Cryptsoft, Hewlett Packard Enterprise, and IBM have successfully passed KMIP Conformance Tests.  Test results can be found on the KMIP Conformance Testing Results page.  Visit the KMIP Test Program to learn more.

Security is Strategic to Storage Developers – and a Prime Focus at SDC and SNIA Data Storage Security Summit

Posted by Marty Foltyn

Security is critical in the storage development process – and a prime focus of sessions at the SNIA Storage Developer Conference AND the co-located SNIA Data Storage Security Summit on Thursday September 24. Admission to the Summit is complimentary – register here at http://www.snia.org/dss-summit.DataStorageSecuritySummitlogo200x199[1]

The Summit agenda is packed with luminaries in the field of storage security, including keynotes from Eric Hibbard (SNIA Security Technical Work Group and Hitachi), Robert Thibadeau (Bright Plaza), Tony Cox (SNIA Storage Security Industry Forum and OASIS KMIP Technical Committee), Suzanne Widup (Verizon), Justin Corlett (Cryptsoft), and Steven Teppler (TimeCertain); and afternoon breakouts from Radia Perlman (EMC); Liz Townsend (Townsend Security); Bob Guimarin (Fornetix); and David Siles (Data Gravity). Roundtables will discuss current issues and future trends in storage security. Don’t miss this exciting event!

SDC’s “Security” sessions highlight security issues and strategies for mobile, cloud, user identity, attack prevention, key management, and encryption. Preview sessions here, and click on the title to find more details.SDC15_WebHeader3_999x188

Geoff Gentry, Regional Director, Independent Security Evaluators Hackers, will present Attack Anatomy and Security Trends, offering practical experience from implementing the OASIS Key Management Interoperability Protocol (KMIP) and from deploying and interoperability testing multiple vendor implementations of KMIP .

David Slik, Technical Director, Object Storage, NetApp will discuss Mobile and Secure: Cloud Encrypted Objects Using CDMI, introducing the Cloud Encrypted Object Extension to the CDMI standard, which permits encrypted objects to be stored, retrieved, and transferred between clouds.

Dean Hildebrand, IBM Master Inventor and Manager | Cloud Storage Software and Sasikanth Eda, Software Engineer, IBM will present OpenStack Swift On File: User Identity For Cross Protocol Access Demystified. This session will detail the various issues and nuances associated with having common ID management across Swift object access and file access ,and present an approach to solve them without changes in core Swift code by leveraging powerful SWIFT middleware framework.

Tim Hudson, CTO and Technical Director, Cryptsoft will discuss Multi-Vendor Key Management with KMIP, offering practical experience from implementing the OASIS Key Management Interoperability Protocol (KMIP) and from deploying and interoperability testing multiple vendor implementations of KMIP .

Nathaniel McCallum, Senior Software Engineer, Red Hat will present Network Bound Encryption for Data-at-Rest Protection, describing Petera, an open source project which implements a new technique for binding encryption keys to a network.

Finally, check out SNIA on Storage previous blog entries on File Systems, Cloud, Management, New Thinking, and Disruptive Technologies. See the agenda and register now for SDC at http://www.storagedeveloper.org.