Close this Advertisement

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

EmbedEmbed

NIST mulls algorithm for disk encryption

A new algorithm has been submitted to the National Institute of Standards and Technology as a new mode of operation for the Advanced Encryption Standard.

The XTS-AES already has been approved by the Institute of Electrical and Electronics Engineers as a standard for encrypting block-oriented storage devices, and IEEE has submitted it to NIST to get required approval for use by agencies.

'Subject to the 90-day period of public comment, NIST proposes to approve XTS for government use under auspices of FIPS Pub. 140-2,' the Federal Information Processing Standard for encryption modules, the agency announced earlier this month.

AES is the current federal standard encryption algorithm. The IEEE Security in Storage Working Group developed a standard architecture for encrypted shared-storage media based on a specific mode of operation for AES. The working group originally focused on using AES in an alternative mode called LRW, but this was replaced with the XTS mode in 2006 because of weaknesses in the LRW mode. IEEE 1619, 'Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices,' which addresses data storage on disk drives, was approved in December 2007.

'Security in storage impacts all kinds of financial transactions, third-party storage of corporate data, military operations, health care information and all other segments of the critical infrastructure of society,' said Jack Cole, chairman of the IEEE Information Assurance Standards Committee.

But the standard's use in government applications requires NIST approval as an approved mode of operation under FIPS 140-2. Although the agency proposes to approve the standard, it may specify additional requirements or restrictions for government use.

IEEE has agreed to make a relevant extract from the standard available free of charge during the public-comment period. After the comment period, the standard would be available for purchase from IEEE at $85 for members and affiliates and $105 for nonmembers.

Comments should be e-mailed to EncryptionModes@nist.gov by Sept. 3. NIST particularly seeks comments on:
  • The XTS-AES algorithm itself.
  • Depth of industry support.
  • Appeal of the algorithm for wider applications.
  • Proposal to make the specification available only by purchase from IEEE.
  • Concerns about intellectual-property rights.

About the Author

William Jackson is a senior writer of GCN and the author of the CyberEye column.

Related Articles

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above
GCN Awards 2012

Related Podcasts

Related Webcasts

Related White Papers

More Resources

GCN eNewsletters

Editorial Webcasts

  • Cloud Computing: Ushering in the Next Wave of Data Center Consolidation Register Now

    In this webcast, a government IT expert will explore the top considerations, operational requirements and policy challenges inherent to integrating new and legacy applications in the cloud. You will explore the pros and cons of adopting a public vs. private cloud model based on your specific security and operational requirements, as well as how you can fully leverage your cloud investment to achieve efficiency, collaboration and transparency needs. Read more

More Editorial Webcasts