Page 1 of 1

Wanted Hardware Encryption Engine

Posted: Thu May 20, 2010 8:34 pm
by onlyalex
Hi would like to start with that im already an prowd owner of 2 qnap boxes, 809 and 119.

I would like to see qnap integrate some kind of Hardware Encryption Engine in there boxes. This could
alow for the lower segments of nas boxes ability to run encrypted disk with reasonable read /write results.
This is something i think is lacking in all qnap boxes, without the 809 and 509 with uppgraded processor

Could this be implemented in uppcoming series maby?

Best regards

Re: Wanted Hardware Encryption Engine

Posted: Fri May 21, 2010 4:15 pm
by QNAPTony
Hi onlyalex,

We've considered the hardware encryption, but the solutions currently have both advantage & disadvantage,
I think it is possible as long as the key parts getting mature.


Regards,
Tony

Re: Wanted Hardware Encryption Engine

Posted: Fri May 21, 2010 5:27 pm
by onlyalex
I recent read of syno**** having this feature, but yet i have not seen any reviews with performance data. I think that it's implemented in there cpu or something.

An nice way for qnap to meet the cravíng off demanding user would be an updated model of the X09 x86 line. My sugestion is the new core i5 platform. The Core i5 661 has true hardware aes encryption instructions. This would be an real boost in processor speed for exampel the ts-809 = 2,8 Ghz to 3,33 Ghz and supporting hw accelerated encryption. When qnap release a product for the smb / enterprise with this spec i will be the first to order ;)

Best regards

Re: Wanted Hardware Encryption Engine

Posted: Fri May 21, 2010 6:14 pm
by ink
A CPU change to the VIA Nano would fix this. It's well supported under Linux and does Hardware RNG, AES crypto, SHA-1 and SHA-256 hashing acceleration.
Benchmarks run by VIA claim that a 1.6 GHz 3000-series Nano can outperform the aging Intel Atom N270 by about 40–54%.

Re: Wanted Hardware Encryption Engine

Posted: Tue May 03, 2011 1:46 am
by kajo
Please see this NAS and their feature with AES Hardware Encryption Engine:

http://www.synology.com/enu/products/DS211+/spec.php

That is why I am thinking of buying Synology device... please consider that because you will lose many clients!! I really love Qnap for their software and features… but this is unthinkable that there is still not AES Hardware Encryption Engine in the Qnap devices !! Safety for many clients about their data is most important thing!! I would love to have QNAP TS-259PRO+ with this hardware feature, because transfer 17 MB/s with encryption is really ridiculous...

Re: Wanted Hardware Encryption Engine

Posted: Tue May 03, 2011 7:52 am
by Moogle Stiltzkin
OnlyAlex what did you mean about upgrade 509 cpu to get hardware encryption ??

Can you please explain how to do this for me :mrgreen:



Anyways i also second that hardware encryption something like what synology did, should be added to QNAP Nases.

For me, the encryption isn't too critical, so i don't mind having it off. But for big business it's very important.

Example Sony was hacked and lost a few million playstation members details like credit cards. All because they did not encrypt their data. Sony's expected losses due to lawsuits is expected to be in the billions range :mrgreen:


"PlayStation Network Security Update - Credit Cards Numbers Not Encrypted"
http://www.legitreviews.com/news/10601/


Sony Says 25 Million More Accounts Hacked
http://news.yahoo.com/s/ap/20110503/ap_ ... ker_attack


PSN Data Leak Costs Could Top $24 Billion
http://psgroove.com/content.php?1018-PS ... 24-Billion


Let the Lawsuits Begin - Class Action Lawsuit Filed Against Sony Over PSN Hack
http://psgroove.com/content.php?1017-Le ... r-PSN-Hack


Congress Wants Answers From Sony Over PSN Hack
http://psgroove.com/content.php?1020-Co ... r-PSN-Hack

So for business it is very crucial encryption be enabled, but not at such a huge performance cost to make it barely usable. Well i guess if you were Sony, you'd probably put up with it, if you knew they were gonna get royally screwed. Then again they might just opt for Synology :(

Just my opinion.


Synology encrypted file upload/download chart
http://www.synology.com/enu/products/5-10bay_perf.php


Andy posted a performance chart for the QNAP 639 with encryption enabled here.

download/file.php?id=1077

Source:
viewtopic.php?f=12&t=12337



To be fair thats an outdated chart for the QNAP. I couldn't find any tests for a newer model yet :(

Re: Wanted Hardware Encryption Engine

Posted: Tue May 03, 2011 2:59 pm
by onlyalex
OnlyAlex what did you mean about upgrade 509 cpu to get hardware encryption ??

Can you please explain how to do this for me


Some users have modded there 509 unit and successful installed an faster processor. By doing this there is a big mhz bump and your unit will run mutch faster. Going from celeron to an core2duo with 2.8 ghz will give those encryption calculation wings comparing.

Here is the post. Note doing any changes to your unit is on your own risk.
viewtopic.php?f=59&t=10638

Cheers.

Re: Wanted Hardware Encryption Engine

Posted: Tue May 03, 2011 5:25 pm
by Moogle Stiltzkin
I believe that my warranty for the 509 already expired. So worth a shot. Thx :mrgreen:

Re: Wanted Hardware Encryption Engine

Posted: Wed May 04, 2011 2:48 am
by schumaku
Moogle Stiltzkin wrote:Example Sony was hacked and lost a few million playstation members details like credit cards. All because they did not encrypt their data. Sony's expected losses due to lawsuits is expected to be in the billions range :mrgreen:
Once the file system or folder/file is unlocked say for the httpd user, the data is accessible anyways :roll: Almost zero advantage in security! The issue is the very poor and stupid design in place by most (if no almost all) of similar applications. It's a much more complex infrastructure design required to gain essential advantages. File system based encryption is not the answer,

Re: Wanted Hardware Encryption Engine

Posted: Wed May 04, 2011 4:59 am
by Moogle Stiltzkin
Oh. So then what is the solution :mrgreen:

Re: Wanted Hardware Encryption Engine

Posted: Wed May 04, 2011 6:04 am
by P3R
[rant]RIP all you fine CPU-cycles that are wasted when the encryption feature is used by those that don't understand it.

The cave-man logic that seems to be applied by many: encryption has something to do with security >> security is good (I heard) >> I must enable encryption. [/rant]

Dare to say no to disk encryption! :wink:

Re: Wanted Hardware Encryption Engine

Posted: Thu Jun 23, 2011 4:49 pm
by Di4
Sure, encryption is no silver bullet. There remain other security issues.

But three friends of mine just decided for Synology instead of QNAP because they got folder based encryption with a dedicated hardware encryption engine.
So, reasonable performance for a reasonable price - the DS211j is about 200 $.

They are aware that encryption might hurt performance, but activating it for single shares only reduces impact.
They want integrated encryption because of the risk that a burglar might take the whole NAS with personal data. And even if you say that's improbable, they wanted it. Missing QNAP a few bucks.

Re: Wanted Hardware Encryption Engine

Posted: Thu Jun 23, 2011 7:30 pm
by schumaku
From the hardware view, QNAP could have added the "Hardware Encryption Acceleration" label a long time ago - all Marvell Kirkwood 88F628x in all TS-x10/TS-x19 have a built-in on-chip security engine :idea: However, it is not readily used actually - up to v3.4.3 firmware.

Cryptographic Engine
The device integrates a Cryptographic Engine and Security Accelerator to support data encryption and authentication. It also contains a dedicated Direct Memory Access (DMA) controller to perform the following:
· Hardware implementation on encryption and authentication engines, to boost packet processing speed
· Dedicated DMA to feed the hardware engines with data from the internal SRAM memory or from the DDR memory
· Implements AES, DES, and 3DES encryption algorithms
· Implements SHA1 and MD5 authentication algorithms


With the upcoming v3.5, the hardware encryption engine is activated - first to encrypt external volumes, so your valueable data can be replicated to external devices - and the external devices can be moved to somewhere else - without worrying much about loosing a disk somewhere... So lets stay tuned hat Santa will bring for Christmas in the next firmware loop.

Yes: QNAP ARM NAS already have a Hardware Encryption Engine.

Thank you Mr. Big R for listening!

Re: Wanted Hardware Encryption Engine

Posted: Sun Jun 26, 2011 4:32 am
by Di4
Ah, thank you. That sounds promising! I hope they extend it from external drives to internal shares.