Traffic analysis resistant storage encryption using implicit and explicit data
First Claim
1. A method for providing security of data in a data storage device, comprising data ciphering prior to writing to the storage device, which comprises:
- tweaking plaintext of the data to be stored in the storage device to generate tweaked data;
encrypting the tweaked data to generate ciphertext of the data; and
storing the ciphertext in the data storage device.
5 Assignments
0 Petitions
Accused Products
Abstract
An encryption scheme for mass storage devices employing a tweakable encryption scheme to add variability to the encrypted data to resist attacks by traffic analysis. Explicit tweak and implicit tweak may be used to add variability to plaintext prior to encryption and eventual storage. The tweak information is either stored on the storage device along with the encrypted data as in the case of an explicit tweak, or it is derived from another source when needed as in the case of an implicit tweak. The ciphertext is decrypted using either the stored explicit tweak value or derive the implicit tweak value to “de-tweak” the decrypted data prior to usage. The data may be deleted by destroying the cipher key(s) to render the ciphertext useless. The tweak information alone is useless for decryption, as the ciphertext needs to be decrypted with the cipher key(s).
54 Citations
20 Claims
-
1. A method for providing security of data in a data storage device, comprising data ciphering prior to writing to the storage device, which comprises:
-
tweaking plaintext of the data to be stored in the storage device to generate tweaked data; encrypting the tweaked data to generate ciphertext of the data; and storing the ciphertext in the data storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A data storage system, comprising:
-
a data storage medium; a transducer reading and writing data with respect to the data storage medium; a controller providing security of data in a data storage device, including undertaking data ciphering operation prior to writing to the storage device, wherein plaintext of the data is tweak to be stored in the storage device to generate tweaked data, the tweaked data is encrypted to generate ciphertext of the data, and the ciphertext is stored in the data storage device. - View Dependent Claims (18, 19, 20)
-
Specification