IEEE approves standards for data encryption

Dec. 20, 2007
New standards look at encryption on hard drives and other storage devices

PISCATAWAY, N.J.--(BUSINESS WIRE)--December 19, 2007--The IEEE has approved two new standards regarding the encryption of data on computer hard drives and other storage devices.

The first standard, IEEE 1619 - "Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices", addresses data storage on disk drives.

The second approved standard, IEEE 1619.1 - "Standard for Authenticated Encryption with Length Expansion for Storage Devices", deals with data encryption on enterprise-class tape drives.

"These standards were developed by an international team of storage technologists, cryptologists and cryptographers," said Matt Ball, Chair for the IEEE Security in Storage Working Group (SISWG) and the 1619.1 task group chair and technical editor. "They will help companies to comply with the data-protection requirements of legislation such as the Sarbanes-Oxley Act and California's SB 1386."

"With the approval of the 1619 and 1619.1 standards, the IEEE has simultaneously reinforced the importance of securing storage technologies and ecosystems as well as offered specific mechanisms that can be used to protect sensitive data," says Eric A. Hibbard, Vice Chair of the SISWG. "IEEE's continued leadership associated with security in storage is critical to the on-going efforts to combat the threats against data."

"Security in storage impacts all kinds of financial transactions, third-party storage of corporate data, military operations, healthcare information, and all other segments of the critical infrastructure of society," says Jack Cole, Chair of the IEEE Information Assurance Standards Committee, which co-sponsored the development of the standards.

"These standards were developed over a period of several years, involving effort from many experts with multiple focuses of interest," says Serge Plotkin, task group chair and technical editor for 1619. "They provide a blueprint for developing encryption systems for storage which are trustworthy and secure, because of the multiple reviews the standard went through, and interoperable, because if everyone uses the standard they can create systems which work together."

IEEE 1619 and 1619.1 are the third and fourth IEEE security in storage standards, following on the heels of IEEE 1667 ? (2007) "Protocol for Authentication of Transiently Connected Storage Devices" and IEEE 1244.2 ? (2000) "Media Management System (MMS) Session Security, Authentication Initialization Protocol (SSAIP)".