Data or information encryption has a long history of thousands of years. Today's communication and information world, which follow so far the Moore law, increases the need for security.
Data resides on storage media accessible to and used by applications, that run on computers that are connected by networks (LAN, WAN, Internet, Intranet, etc). The common security concept is of layers of security, starting by securing the outer circle (networks) and gradually securing the inner circles such as the computers (by access control products) and the applications themselves. Today's solutions for the outer circles include the intrusion prevention systems (like firewalls), application solutions (like anti-spy, anti-virus, etc.) and physical access control (like keys—biometric, etc.). There are also solutions for the most inner circle i.e. the one of the information itself, based on encryption. However, as will be explained, current solutions are not suitable for large storage media such as disks and tapes.
The problem with current encryption methods for data storage is that almost all methods were derived from encryption methodologies that were specially developed for data transfer (i.e. communication) rather than data storage (i.e. stable, static, etc.). There are many differences between the two and the main ones are summarized in the following table:
TABLE 1Information nature of communication vs. storageSubjectCommunicationStorage1.Data lifetimeShort DurationLong Duration2.Unit SizePacketsFiles, Sectors3.Data sensitivityUsually LowHigh4.Applicability ofLowHighStatistical analysisin decryption methods5.Data ownershipMostly SharedFor use by thebetween the senderowner onlyand the receiver
Therefore the encryption solutions for data communication were basically developed to be fast and be applicable for a few packets (leading to relatively small key).
National regulations also enforce the communication software manufacturers (and therefore the end users too) to apply only relatively small key for reasons known to all—the authorities must be able to decrypt the data in reasonable time. It should be noted that in the communication world a reasonable time is as close as possible to real time, since the nature of the transferred information is so, especially the information that bothered the authorities.
However, stored information, as presented in the Table 1 is of a different nature than of communication. Stored information is usually privately protected by law (i.e. non shared), is found on large storage media that contain very large amounts of sensitive data (especially in every large organizations).
Here are some fundamental facts regarding data storage media: the information is very sensitive; the storage media contain enormous amounts of data, which would ease the possibility of decryption based on advanced statistical analysis methods and the data is (as a rule) permanent or at least stored for relatively long durations.
These fundamental facts lead us to realize that encryption methods using relatively short keys (as being used in communication) are not sufficient (i.e. do not provide adequate protection) for data storage media.
There is thus a need in the art for a powerful encryption method in order to prevent an unauthorized object to understand the stored information (after reaching an access to it). There is further need in the art to provide an encryption technique which combines a few levels of data protection and encryption. There follows a brief description on how data is stored on a disk.
Disk Structure
As seen in FIG. 1. a hard disk can contain a few physical plates (1) (FIG. 1.a), each physical plate is divided to tracks (2) (FIG. 1.b), where each track (2) has its own fixed radius. The tracks are then divided to sectors (sometimes called also blocks) (3) (FIG. 1.c). The sectors' division of each of the tracks is azimuthally a division of the circle to a fixed number. Once, all the tracks contained the same number of sectors, but today different tracks can have different numbers of sectors (FIG. 1.f). Essentially, the disk-tracks and disk-sectors are an outcome of a logical division and are disk dependant. The known disk Format is a disk geometrical mapping of all the areas as defined by the track-sectors. The physical disk (hard drive) can be divided to logical units which are called partitions, where each partition is labeled, and virtually behaves as a physical unit.