Field of the Invention
This disclosure relates generally to methods and apparatuses for protecting data in a data storage system. More specifically, this application relates to a Flash memory data storage system and method therefor that can encrypt the data stored on the system as well as eliminate or minimize any correlations that may be drawn from the encrypted data.
Description of the Related Art
One way to improve the security of a data storage system and prevent theft of data is to encrypt the data stored on the data storage system. Any number of data encryption techniques known to those having ordinary skill in the art may be used, including AES, DES, RCS, Blowfish, IDEA, NewDES, SAFER, CAST5, FEAL, and the like. Once encrypted, even if the data storage system is stolen or somehow falls into the wrong hands, an unauthorized user will be unable to make any meaningful use of the stored data without the encryption key that was used to perform the encryption.
In many data storage systems, encryption is performed automatically by a software program installed and executed on the host system. The software program encrypts the data sent to the data storage system and subsequently decrypts the data received from the data storage system. The encryption and decryption may also be performed by the data storage system itself through dedicated system hardware specifically designed for that purpose. Alternatively, system hardware may be custom coded or programmed to perform the encryption and decryption.
Software-based encryption and hardware-based encryption each have their advantages and benefits. Software-based encryption is easier to implement, but is generally slower because the extra layer of software can slow down the host system. Hardware-based encryption is generally faster, but may be more expensive to implement, maintain, and upgrade. But hardware-based encryption is also generally considered to be more difficult for unauthorized users to bypass or overcome.
The encryption itself can be implemented using one of several modes of operation, or procedures, for enabling the repeated and secure use of a block cipher, which is an encryption algorithm that uses a single encryption key. The simplest of the encryption modes is the electronic codebook (ECB) mode. In ECB mode, a message is divided into blocks and each block is encrypted separately. Typically, the last block in a message is padded so that it has the same length as the other blocks.
While ECB mode is relatively easy to implement, a disadvantage is that it does not hide repetitions or patterns within the data well. In ECB mode, identical plaintext blocks are encrypted into identical ciphertext blocks. Thus, although the encrypted data itself is not discernible, it is possible to determine whether a given block of encrypted data is the same as another block of encrypted data. Therefore, patterns or repetitions that may exist in the data, such as a string of 0's to indicate the beginning of a file, could be correlated. This is commonly referred to as loss or lack of “confidentiality.”
Accordingly, what is needed is an improved method and system for encrypting data in a Flash-based data storage system that is capable of storing and encrypting data without losing or compromising confidentiality.