(InfoWorld) - Cisco and RSA announced on Wednesday plans to jointly develop security technology that will provide encryption keys for data at rest first on tape drives and eventually for other types of networked storage media.

Executives said the two firms plan to integrate Cisco's MDS 9000 Storage Media Encryption (SME) and RSA's Key Manager technologies. The latter tool will be used to provide the centralized key management and key provisioning capabilities for Cisco networks. The initial release of the jointly built offering will ship later this year, said Rajeev Bhardwaj, director of product management at Cisco.

A subsequent release of the co-developed product will address heterogeneous storage array encryption, Bhardwaj noted.

The companies announced the joint effort at a press conference at EMC World, the user conference of RSA's parent company, EMC.

Customers will add the encryption technology to Cisco-based storage-area networks by inserting a jointly developed line card into Cisco server chassis. The card will initially enable the encryption of tape drives; future versions will be able to encrypt data stored on virtual tape media, disks, and other storage devices anywhere in a SAN without any rewiring or configuration changes.

Changes like that are necessary in order use data protection appliances that include encryption capabilities, said Bhardwaj. Such appliances are available from Neoscale Systems, Vormetric, and Network Appliance's Decru unit.

"If I want to bring encryption into a SAN [via an appliance], I have to attach the appliance, and I have to rewire the SAN and change zoning so the appliance can talk to a tape library or disk," said Bhardwaj. "From our perspective, with encryption as a service, you install the line card, and with the flip of a switch, you say, 'This backup server encrypts this tape.'"

Dismissing concerns over whether the encryption technology will cause storage performance degradation, Bhardwaj said the line card will provide 10GB of encryption throughput.

Additionally, the RSA-bred encryption technology will support an API for key management, he noted. This will allow end-users to implement policies for managing Cisco's encryption keys for stored data across their backup, disaster-recovery, and archiving systems. Cisco SME technology will integrate with backup systems from any vendor, he noted.

An alarming number of high-profile data breaches and mishaps involving lost data is fostering a greater need among large organizations to establish unity between storage and security efforts across network and IT architecture, according to a Taneja Group study released on Monday.

EMC and Cisco officials acknowledged that the agreement is non-exclusive.

Neither company would say whether similar deals with outside partners are planned.

While neither party offered specific time frame about when users could expect encryption technology to secure data at rest on storage disk and virtual tape media, Rajeev did say that eventually the functionality and will spread across Cisco's product line to smaller form-factor switches and other parts of its commercial efforts.

ADVERTISEMENT

IBM Information On Demand 2006
Industrial Industry Leaders, please join us at IBM's premier information management global event, IBM Information On Demand 2006, October 15-20, Anaheim, CA. More IBM business and technical solutions content in one place than ever before! Select from over 800 sessions. Register today!

(InfoWorld) - The strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributing-computing achievement.

Arjen Lenstra, a cryptology professor at the EPFL (Ecole Polytechnique Fédérale de Lausanne) in Switzerland, said the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key, so it doesn't mean transactions are at risk -- yet.

But "it is good advanced warning" of the coming dusk of 1024-bit RSA encryption, widely used now for Internet commerce, as computers and mathematical techniques become more powerful, Lenstra said.

The RSA encryption algorithm uses a system of public and private keys to encrypt and decrypt messages. The public key is calculated by multiplying two very large prime numbers. Prime numbers are divisible only by "1" and themselves: For example, "2" and "3" and "7" are prime.

By identifying the two prime numbers used to create someone's public key, it's possible to calculate that person's private key and decrypt messages. But determining the prime numbers that make up a huge integer is nearly impossible without lots of computers and lots of time.

Computer science researchers, however, have plenty of both.

Using between 300 and 400 off-the-shelf laptop and desktop computers at EPFL, the University of Bonn, and Nippon Telegraph and Telephone in Japan, researchers factored a 307-digit number into two prime numbers. Factoring is the term to break a number down into prime numbers. For example, factoring the number 12 would give 2 x 2 x 3.

Lenstra said they carefully selected a 307-digit number whose properties would make it easier to factor than other large numbers: that number was 2 to the 1039th power minus 1.

Still, the calculations took 11 months, with the computers using special mathematical formulas created by researchers to calculate the prime numbers, Lenstra said.

Even with all that work, the researchers would only be able to read a message encrypted with a key made from the 307-digit number they factored. But systems using the RSA encryption algorithm assign different keys to each user, and to break those keys, the process of calculating prime numbers would have to be repeated.

The ability to calculate the prime number components of the current RSA 1024-bit public keys remains five to 10 years away, Lenstra said. Those numbers are typically generated by multiplying two prime numbers with around 150 digits each and are harder to factor than Lenstra's 307-digit number.

The next target for Lenstra is factoring RSA 768-bit and eventually 1024-bit numbers. But even before those milestones are met, Web sites should be looking toward stronger encryption than RSA 1024-bit.

"It is about time to change," Lenstra said.

In a rare move by the Chinese government, bloggers may now only be "encouraged" to register their real names with service providers rather than required. But the reason behind the reprieve may be more about money than free speech.

Read More...