Copyright © 2005-2008 eFolder Inc. All rights reserved. eFolder and the eFolder logo are trademarks of eFolder Inc. eFOLDER MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS DOCUMENT.August 2008


The Truth about Data Integrity
5 Questions to ask your Online Backup Provider


Introduction
Competition is fierce in the exploding online backup
industry. With so many providers, whom can you
trust with your customers’ data? As a managed
service provider, your customers are trusting you to
employ solutions that will get them back their data
when they come asking for it. Fewer issues are
more sensitive than lost or corrupt data.

Finding a place to backup data is easy these days,
but discerning which provider can get back the
verifiably correct data all the time every time is
much harder. Slick websites and smooth-talking
sales-people are no help here. This questionnaire
will help you discover the empirical facts you need
to determine whether or not to entrust your
customers’ data with an online backup provider.

Q1) Which established standards do you
follow for your cryptography?
In the complex world of cryptography, following
well-established standards is the only sure path to
safety. An excellent example is the proprietary GSM
A5/1 cell phone encryption algorithm, which was
subsequently broken. Another risk is that even if
the encryption algorithm itself is standardized (such
as AES), if the use of that algorithm (called cipher
mode) does not follow standards, it is subject to
serious flaws. For example, one provider used AES
in CTR mode, but chose to deviate from the NIST
800-38A standard and re-used the IV, causing their
solution to become vulnerable to known-plaintext
attacks. Ask about standards with respect to the
following: encryption, hashing, and MAC algorithms,
cipher modes, and pass phrase key generation.

Q2) Is your cryptography implementation
well-known and open-source?
Cryptography is hard to implement correctly and
securely, especially if it needs to be fast. Improper
implementations are vulnerable to timing attacks.
Bugs can also cause data corruption. Another
danger is the presence of “back-doors” in an
implementation that would allow access to the data
without the encryption key – if a provider is using
an established open-source cryptography library,
the community has scrutinized the source code to
make sure that it is correct, secure, and fast.

Q3) Which cryptographic primitives are used
to protect the integrity of the data?
Many providers
focus so much on using
cryptography to protect the confidentiality of your
data that they do not consider another important
aspect – data integrity. Encryption only provides
secrecy but not data integrity. This is why
cryptographic message
authentication
codes
(MACs) must be used in addition to encryption. A
MAC provides a cryptographic fingerprint that
detects malicious tampering and accidental or silent
corruption. Ask which MAC algorithm is used,
whether MAC fingerprints are stored on disk, and
whether the fingerprints are verified upon restore.

Q4) Which mechanisms and processes are
used to protect against silent-data corruption?
Silent data corruption is caused by physical failures,
corrupted or buggy firmware, misdirected writes,
driver bugs, filesystem bugs, and human error. A
recent study by CERN found that in a sample size of
8.7TB with 33700 files, 1 in 1500 files had some
corruption, with an overall bit error ratio (BER) of
1^10-7. Any hardware-only solution,
including
RAID, will not provide end-to-end coverage of all
issues. Ask what technology is used to detect and
repair silent data corruption, length of block
checksums, where those checksums are verified
and repaired, how much data redundancy is
employed for repair, and whether the cipher mode
is sensitive to single-bit errors. Be wary of
providers that say integrity is provided through
mirrored data
centers without mechanisms
specifically for silent data corruption – without
detection mechanisms any data corruption will be
silently mirrored to the other data center as well.

Q5) How often is the integrity of actively
changing and archived data actively verified?
Frequently verifying data integrity mitigates risk
through early detection and repair. Also, while
systems should have a defense-in-depth solution so
that silent data corruption never occurs, responsible
solutions will have an open reporting policy, which
is especially important for regulatory compliance.
Ask how often the integrity of actively changing is
verified, how often the integrity of archived data
(historical and non-changing data) is verified, and
who is notified if corruption ever occurs.

Conclusion
No matter who you choose for online backup, make
sure it’s one that provides the highest level of data
integrity protection. Finding a solid technical
solution now will give you the confidence to sell to
your customers without reservations or doubts.

For questions or feedback, contact our team at
support@efolder.net or by phone at 800-352-0248.


Copyright © 2005-2008 eFolder Inc. All rights reserved. eFolder and the eFolder logo are trademarks of eFolder Inc. eFOLDER MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS DOCUMENT.August 2008


The Truth about Data Integrity
Online Backup Provider Questionnaire Worksheet



eFolder
Provider 2
Provider 3
Q1) Which established standards do you follow for your cryptography?
Standards for encryption algorithms?
AES-256 bit
FIPS-197


Standards for cipher modes?
CTR
NIST 800-38A
RFC 3686


Standards for MAC algorithms?
HMAC-SHA-256
RFC 2404


Standards for hashing algorithms?
SHA-256
RFC 2104


Standards for pass phrase key generation?
PBKDF2
RFC 2898


Standards for asymmetric cryptography?
RSA-3072 bit


Q2) Is your cryptography implementation well-known and open source?
Name of cryptography library?
OpenSSL


Is cryptography library open source?
Yes


Q3) Which cryptographic primitives are used to protect the integrity of the data?
MAC sent/verified during transmission?
Yes


Network MAC algorithm?
HMAC-SHA-1


MAC stored on-disk with data?
Yes


On-disk MAC verified during restore?
Yes


MAC mismatches reported during restore?
Yes


On-disk MAC algorithm?
HMAC-SHA-256


On-disk MAC based on strong cryptography?
Yes


Q4) Which mechanisms and processes are used to protect against silent-data corruption?
Technology to detect silent-data corruption?
256-bit error-correcting
software checksums,
End2End hardware ECC


Use of software-based checksums?
Yes


Length of checksum?
256-bit


Level of data redundancy for repair?
Close to Triple Mirror


Estimated BER of detect/repair technology?
10
-45



Cipher mode sensitive to single-bit errors?
No


Q5) How often is the integrity of actively changing and archived data actively verified?
How often is actively changing data verified?
Every Backup


How often is archived data verified?
1-2 Times Monthly


Is all redundant data verified as well?
Yes


Corruption notification policy?
Reseller immediately
contacted with file
name and block #



Refusal of a provider to disclose high-level information because of “security concerns” is in opposition to a well-
known principle in cryptography called Kerckhoff’s Law, and may be a sign of insecure design choices or lack of
confidence in the security of the cryptographic primitives employed by their solution.