Highly Reliable Systems: Removable Disk Backup & Recovery


4 Things You Have To Know About Encryption for Backup

By Darren McBride

 Encryption is becoming a more important topic as more companies struggle to meet compliance requirements and keep their data secure.  Encryption is used more than you might expect, including for various website security functions.  Backups are another important area to consider using encryption on. To completely protect your data and your backup, you should consider encrypting both the data in motion and at rest.  Here are 4 things you have to know about encryption for backup that will help you understand the landscape.

  1. There are 2 types of Encryption: Symmetric and Asymmetric. Symmetric encryption means the same mathematical “key” is used for both encrypting and decrypting.  A common example of symmetric encryption is AES (Advanced Encryption Standard), which is used for data at rest such as on hard drives or to encrypt private networks.  By contrast, in asymmetric encryption 2 different keys are used – a “public key” for encrypting and a “private key” for decrypting.  This type asymmetric encryption is referred to as public key Infrastructure (PKI) or public-key cryptography and is often used for encryption of data in motion over the Internet.  Asymmetric encryption key lengths must be longer than symmetric key lengths to provide similar protection.  A key length of 2048 bits is considered a very secure standard when using asymmetric encryption.  However, a key length of only 256 bits using AES is considered all but unbreakable when using symmetric encryption.
  2. Encrypting data can reduce Backup Performance by 80%.  There can be serious speed penalties to encryption. There is a common misconception that you can totally overcome the CPU intensive calculation penalty using the proper hardware.  But encryption can increase the size of your data and no amount of fancy hardware will change this.  AES is a block cipher and requires the input to be multiple of block size (16 bytes or 128 bits), which means padding schemes are used. Sometimes the padding is negligible, but under some conditions encrypted data sizes can increase significantly.  For example a VPN IPSec Tunnel with an Encrypted IP GRE Tunnel can increase the size of a G.711 voice packet and require 40% more bandwidth than would otherwise be required. But let’s talk about encrypting a hard drive on a typical Network Attached Storage (NAS) appliance to protect your backup.  Since many consumer grade boxes use Intel Atom or similar low end CPUs, encryption can be a big drag.  One test we did on an Atom based (and Gigabit connected) NAS showed the backup speed dropped from 89MB/sec to 19MB/sec.  That’s a difference of backing up around 320 Gigabytes of data per hour to around 68 GB/Hr.  Which brings us to our next topic – how do we improve that?
  3. Modern CPUs have hardware encryption built in.  If you will be doing encryption, you should consider using special hardware or making sure you’re doing it with a CPU that has additional hardware instructions to help your performance. intelcpu  Both AMD and Intel offer encryption support in hardware.   This feature is called AES-NI.  Starting in 2010 Intel offered their Core processor family (codename Westmere) with seven special AES instructions. Beyond improving performance, the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES.  As you might expect, your software must be capable of using the instructions too.  Many Intel i5, i7, and Xeon processors have AES-NI.  A few Atom processors also have it.  The difference in performance when encryption is turned on using these features can be night and day, although if you have a fast CPU doing nothing else it can sometimes overcome even it if lacks the new instructions.  Refer to this link for a list of compatible CPUS from intel.  To find out if you have AES-NI on your machine already, load and install the Intel Processor identification utility.  Check the “CPU Technologies” tab for AES New instructions as shown in the screen shot nearby.
  4. Your Backup Software Must Support the Encrypting Hardware.  OK you’ve got the right hardware.  But you won’t achieve good backup speed unless you’re OS and backup software (which is often where encryption is turned on) uses the hardware.  Check with your backup vendor to insure that not only they support encryption, but that they use the AES-NI instruction sets to do it.  A backup product like ShadowProtect supports AES-NI encryption techniques but other top tier vendors such as Veeam do not.  Either way, you can use an encrypting NAS such as a NetSwap from Highly Reliable Systems or an encrypting backup drive to overcome the software limitations.  You should also be aware if you use encryption on a laptop that some devices have an option in the BIOS that lets you enable/disable AES-NI to save battery life. 

Encryption is a necessary part of your data protection strategy.  Compliance laws like HIPAA dictate you strongly consider using it to protect yourself and your clients. Use a combination of hardware and software supporting AES with a 256 bit key to insure encryption doesn’t impact your backup or recovery time objectives.