Cryptographic splitting

Cryptographic splitting, also known as cryptographic bit splitting or cryptographic data splitting, is a technique for securing data over a computer network. The technique involves encrypting data, splitting the encrypted data into smaller data units, distributing those smaller units to different storage locations, and then further encrypting the data at its new location.[1] With this process, the data is protected from security breaches, because even if an intruder is able to retrieve and decrypt one data unit, the information would be useless unless it can be combined with decrypted data units from the other locations.

History

edit

The technology was filed for patent consideration in June 2003, and the patent was granted in June 2008.[1]

Technology

edit

Cryptographic splitting utilizes a combination of different algorithms to provide the data protection. A block of data is first encrypted using the AES-256 government encryption standard. The encrypted bits are then split into different shares and then each share is hashed using the National Security Agency's SHA-256 algorithm.[2]

Applications

edit

One application of cryptographic splitting is to provide security for cloud computing. The encrypted data subsets can be stored on different clouds, with the information required to restore the data being held on a private cloud for additional security.[3] Security vendor Security First Corp uses this technology for its Secure Parser Extended (SPx) product line.[citation needed]

In 2009, technology services company Unisys gave a presentation about using cryptographic splitting with storage area networks. By splitting the data into different parts of the storage area network, this technique provided data redundancy in addition to security.[2]

Computer giant IBM has written about using the technology as part of its Cloud Data Encryption Services (ICDES).[4]

The technology has also been written about in the context of more effectively using sensitive corporate information, by entrusting different individuals within a company (trustees) with different parts of the information.[5]

See also

edit

References

edit
  1. ^ a b "United States Patent 7391865: Secure data parser method and system". freepatentsonline.com. 2008-06-24. Retrieved 2016-09-23.
  2. ^ a b Dodgson, David. "Storage Security Using Cryptographic Splitting" (PDF). snia.org. Retrieved 2016-09-23.
  3. ^ Balasaraswathi v.r; Manikandan s (2015-01-26). "Enhanced security for multi-cloud storage using cryptographic data splitting with dynamic approach". 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies. ieee.org. pp. 1190–1194. doi:10.1109/ICACCCT.2014.7019286. ISBN 978-1-4799-3914-5. S2CID 16542768.
  4. ^ "Cloud computing news: Security". ibm.com. 2015-10-21. Retrieved 2016-09-23.
  5. ^ Ogiela, Lidia (April 2015). "Advanced techniques for knowledge management and access to strategic information". International Journal of Information Management. 35 (2): 154–159. doi:10.1016/j.ijinfomgt.2014.11.006. S2CID 17463367.