Virtual Zeroization: Effective Encryption for Uncontrolled Environments

3 min read
June 11, 2018

You may have seen IBM’s recent news banning employees from using removable storage devices across its entire global organization. The company wants to prevent sensitive information, like company trade secrets and financial details, from falling into the hands of its competitors or others. IBM cited “possible financial and reputational damage from misplaced, lost or misused removable portable storage devices” as its reason for doing so, which is valid and likely the reason other companies might one day follow suit. We think they should explore virtual zeroization instead.

Zeroization is the secure erasure of sensitive information, whether that’s data or cryptographic keys, from disclosure. Encryption needs to be strong enough to withstand the most advanced attacks, so that any vulnerable information can be removed, or zeroized, from a device. It’s typically achieved by physically destroying media assets, secure media erasure, or logical erasure by destruction of protective cryptographic keys.

At QuintessenceLabs, we’ve taken zeroization one step further with qProtect’s virtual zeroization (VZ), which offers a much-needed practical solution for the protection of critical mobile data in uncontrolled environments. Setting aside physical or manual methods, VZ offers automatic or “virtual” zeroization to ensure the secure erasure of key material using the strongest, mathematically proven One-Time Pad encryption (OTP).

Virtual zeroization has several practical use cases for highly sensitive data, including for the media, military and financial institutions. With the ongoing threat of breaches on a global scale, we think it’s time more enterprises and government institutions explored this technology – from threats virtual or otherwise.

Virtual Zeroization: Origins & Basics

In one of our past blogs, we described a midair collision between a United States Navy EP-3E Aries reconnaissance aircraft and a fighter jet of the People’s Liberation Army Navy, which resulted in the American crew carrying out an emergency plan to destroy electronic intelligence-gathering equipment, documents and data onboard the plane. Sounds like something out of a movie, right? Particularly since they had to use a fire axe and hot coffee to do so. This was in 2001, and thankfully, we’ve come a long way since then.

Today, VZ technology could be used to enable the automatic, permanent protection of that sensitive information, without resorting to physically destroying media and materials. While this may also sound like something out of a movie – Mission: Impossible anyone? – VZ leaves information recoverable only by authorized users with access to the original cryptographic key material, since consumed key material on a VZ storage device is erased as part of the encryption process.

qProtect Basics and Benefits

At QuintessenceLabs, VZ is the key feature of qProtect, our storage solution enabled by quantum-based cryptography. qProtect addresses the real-world problem of securing stored data in hostile environments by ensuring the permanent protection of sensitive information on mobile assets using OTP encryption, enabled by a high-speed quantum random source.

qProtect’s VZ technology also delivers tamper detection, so if an unauthorized user tries to tamper with the information, it will be visible when the valid user accesses it. It’s future proofed thanks to the one-time pad key, which is automatically destroyed from the storage device during encryption.

And as we mentioned earlier, OTP is enabled by using QuintessenceLabs’ high speed true random number generator, providing encryption keys with full entropy derived from a quantum source. What does that mean? Your adversaries can’t possibly access the data, not even in the future with a quantum computer.

Sensitive recorded data is now effectively protected – so put down that axe! Rest assured that your data is safe, but remember, it’s only one-sided destruction. It can still be accessed by authorized users later or at a secure location. Any adversary who gains access to the data or device never has enough information to decrypt it.

qProtect is part of a of a comprehensive portfolio of data protection, the Trusted Security Foundation, which also includes:

  • qCrypt: Vendor-neutral encryption key and policy management solution that is fully interoperable and can easily integrate with legacy devices, reducing the overall cost of a security system, while providing stronger encryption solutions for data in use, in motion or at rest
  • qStream: A high-speed random number generator for creating the highest quality cryptographic keys to strengthen encryption
  • qClient SDK: Ensures easy integration into any system – qClient adheres to the OASIS Key Management Interoperability Protocol (KMIP) and the PKCS#11 API.

Practical Uses for Virtual Zeroization

There are several industries that stand to benefit from this type of technology. While the plane collision and data destruction story above involved the military, financial institutions and the media could also benefit.

  • Military – Protecting sensitive data on mobile devices operating in uncontrolled environments
  • Financial institutions/banking – Use cases include generating and protecting secure archives of highly sensitive information
  • Media/journalists – Protecting intellectual property on devices, including cameras, phones and other mobile items, regardless of where you might be and even if it falls into the hands of a competitor or in hostile environments

Want to learn more about qProtect and virtual zeroization? Check out our product sheet, or get in touch with the QuintessenceLabs team: http://qlabs.dreamhosters.com/about-us/contact/