1. Technical Field
Embodiments of the present invention relate generally to data storage and security and more particularly to a method, system, and apparatus for dynamically validating a data encryption operation.
2. Description of the Related Art
As data processing systems have become more pervasive, the importance of maintaining the confidentiality, authenticity, and security of the data being processed has proportionately increased. Data encryption is one technique used to ensure the confidentiality of data stored in association with, or manipulated by conventional data processing systems. Using data encryption, the content of message data is obscured such that it is unreadable or decipherable until a reverse data decryption process is performed. While the basic premise remains essentially the same, the specific implementation of encryption can vary widely. For example, encryption may be performed using a code algorithm or process, which operates at the level of meaning (e.g., words or phrases) between users (e.g., message source and destination), using a cipher algorithm or process, manipulating a message at a structurally lower level (e.g., individual alphanumeric characters comprising the words or phrases of a message) or a combination thereof.
Encryption methods can also be divided into symmetric key and asymmetric key algorithms. In symmetric key algorithm encryption systems a message sender and receiver each have exclusive access to a securely-stored shared key. The message sender uses the common key for encryption, and the receiver uses the same key for decryption. In asymmetric key algorithm-based systems by contrast, there are two separate keys: a public key which is made publicly available and enables any sender to perform message data encryption and a related private key which is kept exclusively by the receiver for purposes of performing decryption on message data encrypted using the public key.
Still further distinctions among encryption systems or techniques may be made such as the format or granularity of the message data processed and/or whether additional functionality (e.g., authentication) is also provided. For example, encryption systems which operate on fixed sized data units or “blocks” of symbols or characters are characterized as “block” ciphers whereas those systems which are configured to operate on a continuous stream of data are characterized as “stream” ciphers.
In conventional systems, data produced by a data processing system may be encrypted in real-time as it is being provided to a data storage device, either at the host data processing system or utilizing hardware incorporated into the data storage device itself. Exemplary data storage devices may include the TotalStorage® 3592 Tape Drive Model J1A and/or Tape Controller Model J70 provided by International Business Machines Corporation of Armonk, N.Y. Using such systems and techniques, data may be streamed to/stored by a data storage device as described in an encrypted form with no additional buffering or noticeable transmission or storage latency such that the data is inaccessible by anyone without possession of an associated decryption key (e.g., anyone but the user or entity that generated or stored the data and/or a user designated by such a user).
While the described conventional data encryption and storage systems provide enhanced data security, they lack an elegant mechanism to ensure data integrity. Consequently, consistent or intermittent failures of encryption or related data storage hardware may result in the storage of corrupted data which may not be retrieved and correctly decrypted, even utilizing the proper decryption key, in some circumstances. Moreover, such corruption may not be discovered until part or all of the stored data is eventually read from the device within which it has been stored, at which point the original unencrypted data may have been discarded, rendering all the data stored irretrievable. Such data corruption and loss is particularly problematic with certain encryption techniques or modes of operation (e.g., cipher-block chaining, cipher feedback, output feedback, or the like) where encrypted output or ciphertext associated with one data block is used to encrypt one or more other blocks of data.
One known solution conventionally used to ensure the integrity of stored encrypted data is to read back each block of stored data as it is being encrypted and stored within an associated data storage device. In the majority of implementations however the latency associated with switching between “write” and “read” operations and manipulating a storage device in an appropriate manner such that the correct portion of data may be read in each instance is prohibitive