Wanted Hardware Encryption Engine

Tell us your most wanted features from QNAP products.
Post Reply
User avatar
onlyalex
Experience counts
Posts: 1459
Joined: Fri Nov 27, 2009 3:16 pm
Location: Gothenburg Sweden

Wanted Hardware Encryption Engine

Post by onlyalex »

Hi would like to start with that im already an prowd owner of 2 qnap boxes, 809 and 119.

I would like to see qnap integrate some kind of Hardware Encryption Engine in there boxes. This could
alow for the lower segments of nas boxes ability to run encrypted disk with reasonable read /write results.
This is something i think is lacking in all qnap boxes, without the 809 and 509 with uppgraded processor

Could this be implemented in uppcoming series maby?

Best regards
Nas1: Qnap TS-809 Pro "3.7.1 Build 0615"
Nas2: Qnap TS-119 "3.5.0 Build0816"
Nas3: Qnap TS-119P+ "3.5.0 Build0816"
Nas4: Qnap TS-212 "3.6.0 Build0210"
Nas5: Qnap TS-259 Pro+"3.5.0 Build 0815"
Nas6: Qnap TS-459 Pro II "3.5.0 Build 0815"
iPad2: 64Gig 3G "iOS 6"
UPS: APC Back-UPS RS 550VA

QNAP Comparison Cart HERE | 1Bay | 2Bay | 4Bay | 5Bay | 6Bay | 8Bay | 1U | 2U |
QNAP Compatibility List HERE | Online User Manual | Tutorials | Frequently Asked Questions |
QNAPTony
QNAP Staff
Posts: 675
Joined: Tue Apr 20, 2010 6:10 pm

Re: Wanted Hardware Encryption Engine

Post by QNAPTony »

Hi onlyalex,

We've considered the hardware encryption, but the solutions currently have both advantage & disadvantage,
I think it is possible as long as the key parts getting mature.


Regards,
Tony
User avatar
onlyalex
Experience counts
Posts: 1459
Joined: Fri Nov 27, 2009 3:16 pm
Location: Gothenburg Sweden

Re: Wanted Hardware Encryption Engine

Post by onlyalex »

I recent read of syno**** having this feature, but yet i have not seen any reviews with performance data. I think that it's implemented in there cpu or something.

An nice way for qnap to meet the cravíng off demanding user would be an updated model of the X09 x86 line. My sugestion is the new core i5 platform. The Core i5 661 has true hardware aes encryption instructions. This would be an real boost in processor speed for exampel the ts-809 = 2,8 Ghz to 3,33 Ghz and supporting hw accelerated encryption. When qnap release a product for the smb / enterprise with this spec i will be the first to order ;)

Best regards
Nas1: Qnap TS-809 Pro "3.7.1 Build 0615"
Nas2: Qnap TS-119 "3.5.0 Build0816"
Nas3: Qnap TS-119P+ "3.5.0 Build0816"
Nas4: Qnap TS-212 "3.6.0 Build0210"
Nas5: Qnap TS-259 Pro+"3.5.0 Build 0815"
Nas6: Qnap TS-459 Pro II "3.5.0 Build 0815"
iPad2: 64Gig 3G "iOS 6"
UPS: APC Back-UPS RS 550VA

QNAP Comparison Cart HERE | 1Bay | 2Bay | 4Bay | 5Bay | 6Bay | 8Bay | 1U | 2U |
QNAP Compatibility List HERE | Online User Manual | Tutorials | Frequently Asked Questions |
ink
Know my way around
Posts: 136
Joined: Mon Aug 03, 2009 7:08 pm
Location: London

Re: Wanted Hardware Encryption Engine

Post by ink »

A CPU change to the VIA Nano would fix this. It's well supported under Linux and does Hardware RNG, AES crypto, SHA-1 and SHA-256 hashing acceleration.
Benchmarks run by VIA claim that a 1.6 GHz 3000-series Nano can outperform the aging Intel Atom N270 by about 40–54%.
TS-453S-Pro - 4* 2TB - RAID10(ish) [Devuan ZFS] 16GB RAM
kajo
New here
Posts: 8
Joined: Sun Jul 25, 2010 9:46 pm

Re: Wanted Hardware Encryption Engine

Post by kajo »

Please see this NAS and their feature with AES Hardware Encryption Engine:

http://www.synology.com/enu/products/DS211+/spec.php

That is why I am thinking of buying Synology device... please consider that because you will lose many clients!! I really love Qnap for their software and features… but this is unthinkable that there is still not AES Hardware Encryption Engine in the Qnap devices !! Safety for many clients about their data is most important thing!! I would love to have QNAP TS-259PRO+ with this hardware feature, because transfer 17 MB/s with encryption is really ridiculous...
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Wanted Hardware Encryption Engine

Post by Moogle Stiltzkin »

OnlyAlex what did you mean about upgrade 509 cpu to get hardware encryption ??

Can you please explain how to do this for me :mrgreen:



Anyways i also second that hardware encryption something like what synology did, should be added to QNAP Nases.

For me, the encryption isn't too critical, so i don't mind having it off. But for big business it's very important.

Example Sony was hacked and lost a few million playstation members details like credit cards. All because they did not encrypt their data. Sony's expected losses due to lawsuits is expected to be in the billions range :mrgreen:


"PlayStation Network Security Update - Credit Cards Numbers Not Encrypted"
http://www.legitreviews.com/news/10601/


Sony Says 25 Million More Accounts Hacked
http://news.yahoo.com/s/ap/20110503/ap_ ... ker_attack


PSN Data Leak Costs Could Top $24 Billion
http://psgroove.com/content.php?1018-PS ... 24-Billion


Let the Lawsuits Begin - Class Action Lawsuit Filed Against Sony Over PSN Hack
http://psgroove.com/content.php?1017-Le ... r-PSN-Hack


Congress Wants Answers From Sony Over PSN Hack
http://psgroove.com/content.php?1020-Co ... r-PSN-Hack

So for business it is very crucial encryption be enabled, but not at such a huge performance cost to make it barely usable. Well i guess if you were Sony, you'd probably put up with it, if you knew they were gonna get royally screwed. Then again they might just opt for Synology :(

Just my opinion.


Synology encrypted file upload/download chart
http://www.synology.com/enu/products/5-10bay_perf.php


Andy posted a performance chart for the QNAP 639 with encryption enabled here.

http://forum.qnap.com/download/file.php?id=1077

Source:
http://forum.qnap.com/viewtopic.php?f=12&t=12337



To be fair thats an outdated chart for the QNAP. I couldn't find any tests for a newer model yet :(
Last edited by Moogle Stiltzkin on Tue May 03, 2011 5:43 pm, edited 2 times in total.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
onlyalex
Experience counts
Posts: 1459
Joined: Fri Nov 27, 2009 3:16 pm
Location: Gothenburg Sweden

Re: Wanted Hardware Encryption Engine

Post by onlyalex »

OnlyAlex what did you mean about upgrade 509 cpu to get hardware encryption ??

Can you please explain how to do this for me
Some users have modded there 509 unit and successful installed an faster processor. By doing this there is a big mhz bump and your unit will run mutch faster. Going from celeron to an core2duo with 2.8 ghz will give those encryption calculation wings comparing.

Here is the post. Note doing any changes to your unit is on your own risk.
http://forum.qnap.com/viewtopic.php?f=59&t=10638

Cheers.
Nas1: Qnap TS-809 Pro "3.7.1 Build 0615"
Nas2: Qnap TS-119 "3.5.0 Build0816"
Nas3: Qnap TS-119P+ "3.5.0 Build0816"
Nas4: Qnap TS-212 "3.6.0 Build0210"
Nas5: Qnap TS-259 Pro+"3.5.0 Build 0815"
Nas6: Qnap TS-459 Pro II "3.5.0 Build 0815"
iPad2: 64Gig 3G "iOS 6"
UPS: APC Back-UPS RS 550VA

QNAP Comparison Cart HERE | 1Bay | 2Bay | 4Bay | 5Bay | 6Bay | 8Bay | 1U | 2U |
QNAP Compatibility List HERE | Online User Manual | Tutorials | Frequently Asked Questions |
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Wanted Hardware Encryption Engine

Post by Moogle Stiltzkin »

I believe that my warranty for the 509 already expired. So worth a shot. Thx :mrgreen:
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Wanted Hardware Encryption Engine

Post by schumaku »

Moogle Stiltzkin wrote:Example Sony was hacked and lost a few million playstation members details like credit cards. All because they did not encrypt their data. Sony's expected losses due to lawsuits is expected to be in the billions range :mrgreen:
Once the file system or folder/file is unlocked say for the httpd user, the data is accessible anyways :roll: Almost zero advantage in security! The issue is the very poor and stupid design in place by most (if no almost all) of similar applications. It's a much more complex infrastructure design required to gain essential advantages. File system based encryption is not the answer,
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Wanted Hardware Encryption Engine

Post by Moogle Stiltzkin »

Oh. So then what is the solution :mrgreen:
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: Wanted Hardware Encryption Engine

Post by P3R »

[rant]RIP all you fine CPU-cycles that are wasted when the encryption feature is used by those that don't understand it.

The cave-man logic that seems to be applied by many: encryption has something to do with security >> security is good (I heard) >> I must enable encryption. [/rant]

Dare to say no to disk encryption! :wink:
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Di4
Getting the hang of things
Posts: 65
Joined: Sat Apr 17, 2010 3:23 am

Re: Wanted Hardware Encryption Engine

Post by Di4 »

Sure, encryption is no silver bullet. There remain other security issues.

But three friends of mine just decided for Synology instead of QNAP because they got folder based encryption with a dedicated hardware encryption engine.
So, reasonable performance for a reasonable price - the DS211j is about 200 $.

They are aware that encryption might hurt performance, but activating it for single shares only reduces impact.
They want integrated encryption because of the risk that a burglar might take the whole NAS with personal data. And even if you say that's improbable, they wanted it. Missing QNAP a few bucks.
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Wanted Hardware Encryption Engine

Post by schumaku »

From the hardware view, QNAP could have added the "Hardware Encryption Acceleration" label a long time ago - all Marvell Kirkwood 88F628x in all TS-x10/TS-x19 have a built-in on-chip security engine :idea: However, it is not readily used actually - up to v3.4.3 firmware.
Cryptographic Engine
The device integrates a Cryptographic Engine and Security Accelerator to support data encryption and authentication. It also contains a dedicated Direct Memory Access (DMA) controller to perform the following:
· Hardware implementation on encryption and authentication engines, to boost packet processing speed
· Dedicated DMA to feed the hardware engines with data from the internal SRAM memory or from the DDR memory
· Implements AES, DES, and 3DES encryption algorithms
· Implements SHA1 and MD5 authentication algorithms
With the upcoming v3.5, the hardware encryption engine is activated - first to encrypt external volumes, so your valueable data can be replicated to external devices - and the external devices can be moved to somewhere else - without worrying much about loosing a disk somewhere... So lets stay tuned hat Santa will bring for Christmas in the next firmware loop.

Yes: QNAP ARM NAS already have a Hardware Encryption Engine.

Thank you Mr. Big R for listening!
Di4
Getting the hang of things
Posts: 65
Joined: Sat Apr 17, 2010 3:23 am

Re: Wanted Hardware Encryption Engine

Post by Di4 »

Ah, thank you. That sounds promising! I hope they extend it from external drives to internal shares.
Post Reply

Return to “Features Wanted”