Ultrium LTO4 Backup Tape Drive Encryption
The LTO-4 format has the capability to encrypt/decrypt data within the tape drive hardware. The LTO4 Ultrium backup tape does not require the software based encryption and its inherent performance overheads. The LTO4 Ultrium Tape Drive allows data to be encrypted following compression maintaining optimum storage efficiency. Through compression, the tape drive hardware-based data encryption also improves the efficient use of available storage capacity. The other methods of encryption leave compression until after the encryption process has taken place, often producing random data that cannot be compressed.
Encryption is a standard part of the Ultrium LTO4 format which requires that all drives must be encryption aware. All LTO4 tape drives from any vendor will return the appropriate sense codes when presented with an encrypted LTO4 backup cartridge tape. The implementation of the encryption capability is, however, optional and consequently some manufacturer's LTO-4 drives may not have this capability. Where drives have encryption enabled, interchange of encrypted data is made possible by the standard nature of the format specification, regardless of manufacturer.
The Ultrium LTO4 backup tape drive can read the LTO-2 format tapes and on other hand, reads and writes LTO-3 format tapes. However, encryption is not a supported feature of either the LTO3 or LTO2 tape format or drives. The encryption function of the tape drive is controlled by two new SCSI commands that are approved by the SCSI T10 standards committee, Security Protocol In (SPIN) and Security Protocol Out (SPOUT). SPOUT is used to enable encryption and sets the key, while SPIN is used to obtain the encryption status of the drive.
The Ultrium LTO4 Tape Drive encryption standard is AES Galois Counter Mode with a 256-bit key. This is a secret key (or symmetric) algorithm, requiring the same key encrypt and decrypt data. To maintain security the key is not transferred to the tape cartridge under any circumstances and is only retained by the drive while power is retained, otherwise a new key is selected. Keys are supplied using the SPOUT SCSI command. Typically, a new key would be provided for a backup session, or for each tape.
The key associated data (additional authentication data (ADD), sometimes known as authenticated key-associated data (AKAD) is written in plaintext on the tape and is used by software applications or key management appliances as a reference to the required key. This enables a backup and recovery application to reference the correct key for the tape to be read. While reading encrypted data, the correct key must be supplied or a check condition is returned and the subsequent status indicates that either the wrong key has been supplied or to notify the user that the data on tape is encrypted (for example, if decrypt has not been selected).
Tape4backup.com
34972 Newark Blvd, # 501, Newark CA 94560
Tel: 888-491-4949
Fax: 888-449-5050
Visit us at: http://tape4backup.com
Email us: links@tape4backup.com
Encryption is a standard part of the Ultrium LTO4 format which requires that all drives must be encryption aware. All LTO4 tape drives from any vendor will return the appropriate sense codes when presented with an encrypted LTO4 backup cartridge tape. The implementation of the encryption capability is, however, optional and consequently some manufacturer's LTO-4 drives may not have this capability. Where drives have encryption enabled, interchange of encrypted data is made possible by the standard nature of the format specification, regardless of manufacturer.
The Ultrium LTO4 backup tape drive can read the LTO-2 format tapes and on other hand, reads and writes LTO-3 format tapes. However, encryption is not a supported feature of either the LTO3 or LTO2 tape format or drives. The encryption function of the tape drive is controlled by two new SCSI commands that are approved by the SCSI T10 standards committee, Security Protocol In (SPIN) and Security Protocol Out (SPOUT). SPOUT is used to enable encryption and sets the key, while SPIN is used to obtain the encryption status of the drive.
The Ultrium LTO4 Tape Drive encryption standard is AES Galois Counter Mode with a 256-bit key. This is a secret key (or symmetric) algorithm, requiring the same key encrypt and decrypt data. To maintain security the key is not transferred to the tape cartridge under any circumstances and is only retained by the drive while power is retained, otherwise a new key is selected. Keys are supplied using the SPOUT SCSI command. Typically, a new key would be provided for a backup session, or for each tape.
The key associated data (additional authentication data (ADD), sometimes known as authenticated key-associated data (AKAD) is written in plaintext on the tape and is used by software applications or key management appliances as a reference to the required key. This enables a backup and recovery application to reference the correct key for the tape to be read. While reading encrypted data, the correct key must be supplied or a check condition is returned and the subsequent status indicates that either the wrong key has been supplied or to notify the user that the data on tape is encrypted (for example, if decrypt has not been selected).
Tape4backup.com
34972 Newark Blvd, # 501, Newark CA 94560
Tel: 888-491-4949
Fax: 888-449-5050
Visit us at: http://tape4backup.com
Email us: links@tape4backup.com
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- Backup Software
- The advantage of cryptographic algorithms in Ultrium LTO Backup Tape Drive
- Data Backup in Windows Vista
- Data Backup - Why, What and How
- Backup Files Automatically by Using Macro Program
- Four Common Myths About Backup Software
- Does Your Current Backup System Meet Federal Regulations?
- Is email backup vital?
- Backup Solution
- Backup Service
- Offsite Backup
- Offsite Backup: Benefits and Threats Unveiled
- Computer Data Backups: Test Now or Cry Later
- Backup Software- Don’t Buy It!
- Computer Backups
- File Recovery - Basic Backup Guidelines
- Should you backup your email data?
- Why Should I take Backup ? Think Again
- New USB Storage & Data Backups - Prevent the Need for USB Flash Drive Repair & USB Drive Recovery
- Follow Backup Strategy to Avoid Data Loss & Data Recovery