Keyless Encryption – Secureslice™ – brings the benefits of secret sharing schemes to storage by combining information dispersal with all or nothing transform (AONT) encryption to preserve data confidentiality and integrity in the event slices are compromised. AONT is a mode of encryption in which the information can only be deciphered if all the information is known. With Cleversafe, an encryption key is created using AONT and the key and the data are encrypted, sliced and dispersed as a package thus eliminating the need for key management while ensuring high levels of key security and reliability. Data can be packaged with AES-256/SHA-256 encryption which is validated for use in the most security conscious federal environments.
Cleversafe's approach to network security ensures all connections between access devices and storage nodes are secure, untappable, and unspoofable. And a built-in certificate authority ensures no rogue devices enter the system.
All network traffic is encrypted using TLS, SSL, or SNMPv3 with AES. Storage nodes may be placed anywhere without complex firewall or VPN setup. And, if network traffic is tapped or routed through an attacker, the attacker learns nothing about content of the transmission. Best yet, any alterations will be detected and discarded. Finally, an approach that's secure.
Both secret sharing and encryption rely on having an authentication system in place. Assuming both authentication systems are created equally, here's a comparison of the two security methods.
No master key. Unique protection for each segment stored.
Often uses a master key which protects a large amount of data.
After compromise, credentials can be changed instantly.
After compromise, data must be re-encrypted with a new key.
There are no keys to be lost.
If key is lost, so is the data. Key storage system should be as reliable as the data storage system.
Organization remains in control of data. It is not possible for someone to leave with the key.
Individuals may be able to walk off with keys or passwords necessary to recover the data.
Secret sharing schemes don’t sacrifice confidentiality for reliability.
To be reliably stored, keys must be backed up/replicated, which sacrifices confidentiality.
For long term archives, data does not need to be re-encrypted.
Technology advancements may prove data is no longer secure with encryption and require bulk re-encryption.
For more information, please visit Cleversafe's Library