In storage systems cryptography may be used to protect data at rest (i.e., when residing on a storage medium) and data in motion (i.e., when traversing a network between components of a storage system). Cryptography refers to the art or science of converting information from its normal comprehensible format into an incomprehensible format rendering it unreadable without secret knowledge and thereby protecting it from illegitimate access. Such unreadable format of data or converted data is called ciphertext. The following two types of cryptographic methods mentioned below are known:                a) Symmetric cryptography (Secret-key cryptosystems)        b) Asymmetric cryptography (Public-key cryptosystems)        
A wide variety of cryptographic algorithms are known for both types of cryptography mentioned before. These cryptographic algorithms result in a wide variety of cryptographically secure systems each based on one of the two types of cryptographic methods listed above or on a combination of them.
FIG. 1 shows an example of symmetric cryptography wherein plaintext is encrypted with a shared or secret key at one site. The result is called ciphertext; it is then transferred to another site, which decrypts it with the help of the key known and shared between the two sites. Note that in this process the same key is used for encryption and decryption therefore the process is called symmetric-key cryptography. The parties in the example are called Alice, Bob, and Eve. Alice and Bob are friends exchanging encrypted messages. Eve is an eavesdropper, trying to read the messages being exchanged between Bob and Alice. In symmetric algorithms as shown, Bob needs to send the encryption key information to Alice or they have to agree on a single key in order to exchange protected messages. [The letters above each party indicate what he or she knows. M represents a message being sent from Bob to Alice, and K(M) represents the enciphered message. To decipher the message, Alice simply applies K to K(M).]
FIG. 2 illustrates an example of asymmetric cryptography. In asymmetric algorithms each party uses two keys, a public key and a private key. The public keys are published to every one—even Eve knows them—while each party keeps its private key secret. When Bob wants to send a message M to Alice he encrypts the plaintext with the public key of Alice PA. Then the encrypted data PA(M) is sent to Alice who decrypts said data with the private key of Alice PrA that is known only to her. Even though Eve knows PA and PA(M), Eve can't recover the message without Alice's private key. [Again, letters near each box indicate what each party knows. M is the message Bob sends to Alice (he knows it since he wrote it, and Alice knows it since she has deciphered it). PA(M) represents the message enciphered with Alice's public key. To get M from PA(M), Alice applies PrA to PA(M).]. The most widely used asymmetric cryptographic algorithm today is the Rivest-Shamir-Adleman (RSA) algorithm.
FIG. 3 shows an embodiment of a layered data processing system. Typical examples of layered data processing systems are data storage systems and data communication systems. A layered data processing system consists of a stack of data processing layers that offer the same set of interfaces for reading and writing data. An application writes data to the layer at the top and reads data from the layer at the top. Intermediate layers transform the data in a layer-specific way. The layer at the bottom handles the physical transmission or storage of the data.
FIG. 4 shows one layer in a layered data processing system. The layer may receive write input data from the layer or an application above, transform it in a layer-specific way, and output the result to the layer below. The layer may also receive read input data from below, transform it in a layer-specific way, and output the result to the layer above. The data storage systems of common computer operating systems are typically organized as layered data processing systems. They consist of the data processing layers mentioned below and illustrated in FIG. 5. An application accesses the stored data through a file system interface (fs), which provides the means to write and read data to and from files in byte-sequences of arbitrary length, to group files into directories, and to organize directories and files into a hierarchy. The file system layer (fs) typically translates file system operations into operations on byte containers of variable size, which are known as “inodes” in traditional UNIX file systems or as “objects” in object storage areas. The object layer (obj) transforms these operations into accesses to a block interface, which provides only read and write operations on fixed-length data blocks or sectors, which are typically 512 bytes long. Many data storage devices, such as disks, offer the block interface at the block layer (blk). The layer of the host-bus adaptor (hba) transfers the data to the disk subsystem. A disk subsystem usually contains additional layers internally, for example layers for adding error-correcting or error-detecting codes and for accessing the magnetic media.
A similar layered structure is found also in data communication systems, such as telephone networks and computer data networks, and in many other data processing systems. Commonly known data communication systems might be placed inbetween any layers of a data storage system in order to allow for remote data storage using a networking infrastructure.
Layered data storage systems and layered data communication systems are collectively referred to as layered data processing systems.
Cryptographic protection schemes can be applied at any layer of a layered data processing system. Depending on the layer, they provide different security guarantees to the overall system. A security mechanism protects data only at the layer in which the mechanism is applied between the communication end-points at the said layer. Also data processed at some layer is typically opaque i.e., the layer does not know anything about the structure of the data. However, there are data processing systems that make certain heuristic assumptions about the form of the arriving data, in particular to achieve greater efficiency. For example, analog telephone modems and tape drives apply data compression to save bandwidth and gain efficiency.
In the case of a layered data storage system mentioned before, cryptographic protection is commonly applied at the block layer or at the file layer.
If encryption is provided at the block layer, where data is divided into blocks of fixed length, encryption is performed on all blocks of data with a single key. The benefits of this system are simplicity and efficiency. The drawback is that anyone with access to the block storage device can decrypt all the information. Encryption at the block layer can be advantageous for instance in tape archival devices where a single key per tape is required.
If encryption is provided at the file-system layer a different key is used for every file. The advantage of this system is that fine-grained protection is possible because access to the file-encryption key can be controlled depending on the access permission of the file. An attacker with access to any layer below, for example the block layer, gains only access to the files that it is allowed to read.
Numerous methods have been developed for transmitting data in a secure manner between layered data processing systems using cryptography. Most methods in the prior art for transmitting and migrating data from a first data processing system to a second data processing system decrypt on the first processing system the encrypted data stored on the said first processing system with a key associated to the said first data processing system before the actual transmission or migration of data to the second processing system takes place. The said data is encrypted again on the second data processing system after it reaches its destination, the second data processing system, with a key associated with said second data processing system. This incurs an additional overhead of decrypting the data before migration and performing the process of data encryption more than once.
An example of the aforementioned situation is when data stored on a cryptographic file system is written to a tape archival device for backup. Typically a backup application first reads the data from the file system and thereby decrypts the data with the associated file key. Later, it re-encrypts the data with the key maintained by the tape backup device. In such cases, additional overhead is incurred due to transformation of data from one encrypted format to another which can be avoided. Analogously, data communication systems might re-encrypt already encrypted data unnecessarily.
The aforementioned problem is further aggravated due to a layered structure found in most of the storage systems and, more generally, also in other layered data processing systems. Such data processing systems are connected through their standard interfaces at the top layer, so the data must be decrypted before leaving the first system, and re-encrypted again at the destination. This incurs an overhead that can be prohibitive for large amounts of data.
It would therefore be desirable to provide a method for efficient and secure data migration between layered data processing systems.