Storage encryption and the IEEE P1619 standards

Shai Halevi

Abstract: In this talk I will cover some cryptography issues that are related to encryption of storage, with examples drawn from the work of the IEEE 1619 standard committee. The issues that I plan to touch upon are: * Modes of operation: "authenticated" vs. "transparent" modes, and "wide block" vs. "narrow blocks" modes. I will cover in some detail the "transparent narrow-block" modes of LRW and XTS, and the "transparent wide-block" modes of EME and TET, and will briefly mention many other modes that are considered for storage encryption. * Issues with key- and IV- management for authenticated encryption. I will discuss some differences between the treatment of the GCM encryption mode in IEEE 1619.1 and in NIST 800-38D. I will also discuss some methods of key-wrapping. * Issues related to self-encryption of keys.

Time and Place

27 March 2008 (Thursday) at 1630 hrs
Gates 4B (opposite 490)