Information dispersal algorithms: Data-parsing for network security

Information dispersal algorithms are used to separate data packets into slices so that they are unrecognizable as they sit in storage arrays or traverse the network. Data can be reassembled at the receiving device.

What are information dispersal algorithms (IDAs)?

Information dispersal algorithms (IDAs) – first proposed by algorithm researcher Michael O. Rabin in 1989 – are used to slice data into pieces at the bit level so that when data traverses the network or sits in storage arrays, it is unrecognizable unless accessed by a user/device with the right key. When accessed with the right key, the information is reassembled.

"[IDAs have] the ability to disperse data in a very secure way across a number of nodes so that if you compromise one node, you won't compromise any data," said Michael Versace, a Wikibon Project partner and analyst. "We're hearing there are a lot of people looking at IDAs as a replacement or an alternative to traditional data encryption."

How do IDAs work?

IDAs parse a file into predefined subsets using matrix multiplication, which basically splits data into new matrices. The original matrices can be reassembled.

IDAs can be used in storage arrays and for data in motion. In storage arrays, data is parsed and stored as separate pieces on differing arrays so that it may never be compromised.

For data in motion, data passes through appliances along the route from storage to data center server, and from server to the router and out onto a VPN. Once data passes through these appliances, it is given a specialized header and parsed. It is then reassembled by software at the receiving device.

Two cases of IDAs in action

The Unisys Stealth Solution uses a combination of VPN, encryption and data-parsing technology to make data unrecognizable both in storage arrays and as it travels the network. Stealth appliances place proprietary headers on TCP/IP packets, encrypt them and then slice the data. The data can be reassembled only when accessed by a user with the correct key. Unisys' data parsing and authentication technique is implemented between the data link and network layer of OSI stack. Stealth can also be used to store sliced data among differing storage arrays.

Another company, CleverSafe, focuses on storage, using information dispersal to slice TCP/IP packets and store them on a network of local or remote servers in a system called Dispersed Storage. The company's Accesser product slices the data using IDAs, and then these pieces are spread out to CleverSafe Slicestor appliances, which are geographically dispersed. Another product, dsNet Manager monitors the Slicestor appliances and automatically rebuilds missing or corrupt slices.

More on Information Dispersal Algorithms (IDAs)

Better than encryption? Unisys offers data-parsing technology


Dig Deeper on Network Security Best Practices and Products