Information technology, in the form of computer systems, is a pervasive and critically important aspect of modern society. The appropriate and correct operations of these systems is just as essential for the smallest of individual efforts as it is for the greatest enterprises and governments. Data security is one of the paramount issues that impacts the acceptability of a computer system's operations. Keeping data secure includes both being able to selectively restrict access to and the use of data, as well as maintain and protect data from unauthorized modification or destruction. Beyond solely safeguarding the use and integrity of the data stored, data security also affects the overall security of the computer system as a whole. For example, compromised permissions data can facilitate unauthorized use of computer system resources, and even malicious damage to its operations. Additionally, virtually all large scale endeavors are implemented in concert with computer systems, and the endeavors themselves can be hampered or worse by degraded data security. The ascendance to prominence of the Internet, and other large-scale computer networks, has further magnified the consequences of data security flaws.
Approaches to the security of computer data have generally taken two paths, controlling the access to data and encrypting the data to prevent its reading by an unauthorized entity. Among the tactics for controlling access are passwords or other information based restrictions, and firewalls or other hardware based portal restrictions. Encryption based security methods endeavor to prohibit data from being comprehended if accessed without proper authorization. For the ever-increasing benefits of large scale public and private networks to be realized, substantial volumes of communication both within and between these networks is vital. The speed and ease of these communications directly correlates with the benefits garnered from them, and is inversely related to the security of the communicating systems' data. The value being realized from communications between computer systems is too great for the institution of substantial hardware-based restrictions to become a viable alternative for protecting data. A popular alternative is information-based access controls, such as passwords. The vulnerabilities of information-based access controls to security lapses are evident from the billions of dollars in damages caused by computer viruses that are spread over the Internet and malicious attacks on Web sites.
The first step towards more substantially protecting a computer system requires ensuring the security of the system's data. The ability to comprehend the data can be selectively controlled with encryption. Encryption methods generally utilize a mathematical algorithm to transform the legible data (plaintext) into an encrypted form (ciphertext), that can not be comprehended without the knowledge and use of a key to decrypt the encrypted form. The quality of the data protection relies on the complexity of the algorithm, plus the size and the safekeeping of the key. In 1972 the National Bureau of Standards, now the National Institute of Standards and Technology (NIST), issued the first public request for an encryption standard. The result was the Data Encryption Standard (DES). This 30-year old symmetric algorithm standard uses a 64-bit block cipher to encrypt data with a 56-bit private key. Recent advances in distributed key search techniques have demonstrated that the DES' 56-bit key, which is the source of security when using the DES, is too short for today's security applications.
An improvement on DES was accomplished with the use of Triple-DES. Triple-DES uses a 168-bit key which is broken into three different 56-bit keys that are used to successively encrypt, then decrypt, and finally re-encrypt 64-bit blocks with the DES algorithm. While an improvement on DES, Triple-DES shares the characteristic limitation of DES' 64-bit block length, which is exposed to attacks when large amounts of data are encrypted under the same key. Due to the shortness of the 56-bit key, and the significant number of repeated encryptions necessary to handle large amounts of data with relatively small 64-bit blocks, patterns of encryption can repeat themselves, can become apparent and thus enable the key to be solved and the data compromised.
In response to the need for an improvement on DES, NIST announced the Advance Encryption Standard (AES) program in 1997. The AES program requested a larger block cipher. Block ciphers can be used to design stream ciphers with a variety of synchronization and error extension properties, one-way hash functions, message authentication codes, and pseudo-random number generators. Because of this flexibility, block ciphers have become the workhorses of modern cryptography. Other design criteria specified by the NIST included a larger key length, a larger block size, faster execution speed, and greater flexibility. The NIST' s intent was for the AES to become the standard symmetric block cipher algorithm of the next decade. In October, 2001, the NIST announced the approval of the Rijndael cipher, designed by Vincent Rijmen and Joan Daemen, as the Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard, FIPS-197. Rijndael was chosen based primarily on its efficiency and low memory requirements.
Rijndael is a 128-bit symmetric block cipher that accepts a variable-length key of 128-, 192-, or 256-bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4 by 4 maximum distance separable matrix over GE, a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, data size, key setup time, and memory. Rijndael is a cryptoanalyzed algorithm which is intended to be difficult to either reverse the engineering process to find the keys or guess the code to break the system from the limited amounts of data available. The Rijndael algorithm is a now a well-known technology in the field of encryption, and is explicated in depth at the publicly accessible NIST website “AES home page” at the world wide web URL http://csrc.nist.gov/encryption/aes/.
Today's computers can store and process data at ever increasing rates. This processing power makes them attractive to individuals and businesses, which use them to store and process personal data, hospital records such as patient histories, confidential business data, and other vital information. To ensure that the data is accessed by only authorized users, the data can be protected in a variety of ways. For example, most computer systems require that a user enter a password or pass phrase before she can access the data. Additionally, the computer system can require that the user belong to a specific group that has been granted permission to access the data.
These systems have several drawbacks. First, if the storage device is removed from the computer system, an unauthorized user can access the data on secondary computer storage (e.g., a hard disk), bypassing the security mechanism that relies on a password or pass phrase. Second, because passwords and pass phrases are often limited in length, computer programs can be used to quickly try combinations of symbols to guess user-generated passwords and pass phrases to gain access to the storage device and thus the confidential data.
Several computer systems have offered various solutions. Some versions of the UNIX operating system, for example, support the “crypt” program, an application program that requires the user to enter a password each time she wishes to store data on or retrieve data from a storage device. Other computer systems provide application programs that allow a user to enter a password each time she wishes to store or retrieve data. Still other application-based encryption systems encrypt whole file partitions and do allow encryption of individual files.
These application programs are inefficient for several reasons. First, the application programs require the user to execute it when transferring data between computer memory and secondary memory, a time-consuming process. Second, the application program is inefficient, requiring a context switch each time it traps to the kernel, which contains lower-level, hardware specific code for storing and retrieving data. The extra overhead of a context switch can slow the execution of the program that calls the encryption application program. Furthermore, these application programs can be pre-empted by kernel routines or by other applications having a higher priority. Third, these application programs are not always portable. They may not execute properly on platforms that do not support the application program.
What is needed is a method of and a system for encryption that is fast, seamless to the user, portable, and efficient.