Protecting data in data processing environments becomes increasingly important in data centers. With the rise of cloud computing environments, the need to protect data against unauthorized access is paramount for these more and more dominant computing architectures. Typically, data are stored on devices which store the data in blocks of data, i.e., block devices. Today, the data are often stored in an encrypted form. For this, an effective encryption/decryption key may be used which may also in encrypted form be stored on the block device. However, in order to read or write data from/to the block device in an encrypted form, it may be required to have the effective key available in the memory of the related computer system. This represents a security weakness besides the fact that the additional encryption/decryption for writing or reading to/from the block device represents an additional overhead for the computing system and thus, performance degradation.
It would be much safer for the data if the effective encryption key used is never being stored in operating system accessible memory an unencrypted form (i.e., in the clear). Additionally, the requirement for encryption operations at “CPU speed” should be met. Furthermore, it would be very helpful if the method used for protecting the data may not depend on specific system configurations.
Some end-to-end encryption methods are available today. However, they always have deficiencies either in terms of speed, special configuration requirements or compromises in terms of an accessibility of the clear key to the operating system and/or application.