|
Message-ID: <4D9AA5E8.5000805@virgin.net> Date: Tue, 05 Apr 2011 06:17:28 +0100 From: Gareth Randall <gareth.randall@...gin.net> To: oss-security@...ts.openwall.com Subject: A new way of writing secure data backups, combining RAID and one time pads. Hi, I have published a free software project called "Triplyx", which writes data to a set of three storage devices in such a way that if any one of them is lost or stolen, it cannot be used to recover the data. Any two storage devices can be brought together to recover the data. It was created for use with offsite data backups. The concept is simple, although I have never seen it done in a commercial or open source product. Triplyx writes three copies of the data input D to separate storage devices. Each copy is exclusive-OR encrypted with a random "one time pad", and one of the other one time pads is written alongside it in the same "volume" (file). In my code, the output can be any file or a Unix device. In the following example, the one time pad (random) data streams are A, B and C. D^A means that each byte of D is XOR'd with the corresponding byte of A. Volume 1 contains: D^A and B Volume 2 contains: D^B and C Volume 3 contains: D^C and A So, for example, storing a 100kbyte file (D) would result in the following being written to the volumes: Volume 1: 100k of D^A, along with 100k of B. Volume 2: 100k of D^B, along with 100k of C. Volume 3: 100k of D^C, along with 100k of A. Note: The D^A and B streams are actually "striped" so that they can both be read and written at the same time without needing to keep copies of large amounts of data. This is designed especially to support tape as a backup medium. Restoring the data simply requires any two volumes. So, for example, volumes 2 and 3 contain C and D^C, allowing the original D to be reconstructed. See: http://www.triplyx.com/ https://sourceforge.net/projects/triplyx/ I've also written a paper describing it. URL of the paper is: http://sourceforge.net/projects/triplyx/files/Triplyx/doc/A%20Backup%20Method%20Providing%20Media%20Redundancy%20and%20One%20Time%20Pad%20Encryption%20v1.1.pdf The paper also documents a similar method which allows more data to be stored but with some implications for security. That is, write the data three times, encrypted with different symmetric keys, and then store the other two keys not used for the current data on each storage medium. I.e. Volume 1: (D enc with J), K, L Volume 2: (D enc with K), J, L Volume 3: (D enc with L), J, K where J, K and L are encryption keys. This allows more data to be stored because it does not need to store an entire one time pad, but contains risks of attacks on either the encryption algorithm or the means of choosing the keys. Coming from an "enterprise" point of view, offsite backups could now be stored for long periods of time without having to worry about encryption passwords being lost due to staff turnover. Also, compliance with data protection legislation should be easier to demonstrate. For the one time pad method, if the random number generator is good enough then a single lost backup device can never result in exposure of confidential data. Yours, -- ======= Gareth Randall =======
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.