Cryptographic splitting

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Cryptographic splitting, also known as cryptographic bit splitting or cryptographic data splitting, is a technique for securing data over a computer network. The technique involves encrypting data, splitting the encrypted data into smaller data units, distributing those smaller units to different storage locations, and then further encrypting the data at its new location.[1] With this process, the data is protected from security breaches, because even if an intruder is able to retrieve and decrypt one data unit, the information would be useless unless it can be combined with decrypted data units from the other locations.

History[edit]

The technology was filed for patent consideration in June 2003, and the patent was granted in June 2008.[1]

Technology[edit]

Cryptographic splitting utilizes a combination of different algorithms to provide the data protection. A block of data is first encrypted using the AES-256 government encryption standard. The encrypted bits are then split into different shares and then each share is hashed using the National Security Agency's SHA-256 algorithm.[2]

Applications[edit]

One application of cryptographic splitting is to provide security for cloud computing. The encrypted data subsets can be stored on different clouds, with the information required to restore the data being held on a private cloud for additional security.[3] Security vendor Security First Corp uses this technology for its Secure Parser Extended (SPx) product line.[4]

In 2009, technology services company Unisys gave a presentation about using cryptographic splitting with storage area networks. By splitting the data into different parts of the storage area network, this technique provided data redundancy in addition to security.[2]

Computer giant IBM has written about using the technology as part of its Cloud Data Encryption Services (ICDES).[5]

The technology has also been written about in the context of more effectively using sensitive corporate information, by entrusting different individuals within a company (trustees) with different parts of the information.[6]

See also[edit]

References[edit]

  1. ^ a b "United States Patent 7391865: Secure data parser method and system". freepatentsonline.com. 2008-06-24. Retrieved 2016-09-23.
  2. ^ a b Dodgson, David. "Storage Security Using Cryptographic Splitting" (PDF). snia.org. Retrieved 2016-09-23.
  3. ^ "Enhanced security for multi-cloud storage using cryptographic data splitting with dynamic approach". ieee.org. 2015-01-26. Retrieved 2016-09-23.
  4. ^ "Security First Corp.: SPx Technology". cioreview.com. Retrieved 2016-09-23.
  5. ^ "Cloud computing news: Security". ibm.com. 2015-10-21. Retrieved 2016-09-23.
  6. ^ Ogiela, Lidia. "Advanced techniques for knowledge management and access to strategic information" (PDF). semanticscholar.org. Retrieved 2016-09-23.