Shostack + Friends Blog Archive


Backup Tapes?

Allan Friedman asks for comments on Lauren Weinstein’s post to Interesting People:

(Lauren W) Ironically, it’s true that the probability of lost backup tapes
being used opportunistically for ID theft is probably fairly low,
at least in comparison to all the “ID theft supermarkets” that are
out there — crooked commercial and government employees willing to
sell access to their files, Internet-based ID theft rings, and so on.

(Allan F) Also, I don’t know enough about enterprise storage to know
whether encrypting all data files that leave “a secure facility” adds a
significant cost component. (All the papers I’ve seen on total-system
encryption with good key management and auditing seem pretty complex, and
thus, I’m assuming, costly).

First, on how hard is it to encrypt backups? There was a long thread on this exact question on the cryptography mailing list. (Here and here.) I think the answer was the crypto is easy, good key management is hard, and good key management may not be needed. Even bad key management would move the attack from “find a tape and read it” to “find a tape, figure out whose it was, find the key, and decrypt.” Figuring out whose it is may be easy, “Citibank Confidential Data. Reward if returned,” or hard, “Tape 79709884324234234238546. No questions asked reward via law offices of Dewey, Cheatem and Howe.”

As to the question of how useful it is, I don’t think we have enough data. We have less than a year’s operation of SB 1386 bringing us data. Backup tape losses are big, rare losses. What are the odds that the tape falls into the hands of a dishonest person who is able to sell it to fraudsters? As Lauren says, pretty low. But low odds multiplied by huge data sets leads to mathematical falacies. Is that worse than a steady trickle? I don’t know.

2 comments on "Backup Tapes?"

  • I also wonder what the cost would be to implement encryption across a series of tape backup systems. And do you then need to go back to your old tapes and encrypt the data (one of those legal due diligence – keep out buuts safer from litigation questions).
    Of course, you are right about the key management problem… you’d probably misplace the keys more often than the actual tapes. Gee – we really need to decrypt this tape – can anyone know where the keys went? 😉

  • Backup Tapes?

    [Source: Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics] quoted: (Lauren W) Ironically, it’s true that the probability of lost backup tapesbeing used opportunistically for ID theft is probably fairly low,at least in comp…

Comments are closed.