IEEE Security in Storage Working Group

The Institute of Electrical and Electronics Engineers (IEEE) Security in Storage Working Group (SISWG), oversees a family of standards for protection of stored data and for the corresponding cryptographic key management. SISWG is part of the IEEE Cybersecurity and Privacy Standards Committee (CPSC).

Block Encryption Standards

SISWG oversees work on the following block encryption standards:

IEEE Std 1619-2025 (Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices) uses the XTS-Advanced Encryption Standard (XEX-based Tweakable Cipher Mode with ciphertext stealing) ^[1]. Examples of its use include self-encrypting storage devices, such as hard disk drives (HDDs) and solid-state drives (SSDs). The XTS-AES algorithm can also be implemented by software-based encryption, with the resulting encrypted user data stored on a drive that does not perform encryption internally.

(The original version of 1619 (2007) standardized key backup in the XML format, but that was removed in the 2013 version.)

IEEE Std 1619.1-2018 (Standard for Authenticated Encryption with Length Expansion for Storage Devices) defines the following algorithms:

• Counter mode with CBC-MAC (CCM)
• Galois/Counter Mode (GCM)
• Cipher Block Chaining (CBC) with HMAC
• XTS-HMAC

IEEE Std 1619.2-2025 (Standard for Wide-Block Encryption for Shared Storage Media) defines one algorithm:

• Encrypt Mix Encrypt V2 (EME2-AES)

(The XCB-AES mode had been defined in earlier versions of 1619.2, but XCB (Extended Code Book) was reported broken and was removed from the 2025 version of 1619.2.)

Narrow-block vs. wide-block encryption

An encryption algorithm used for data storage has to support independent encryption and decryption of portions of data. So-called narrow-block algorithms operate on relatively small portions of data, while the wide-block algorithms encrypt or decrypt a whole sector. Narrow-block algorithms have the advantage of more efficient hardware implementation. On the other hand, smaller block size provides finer granularity for data modification attacks. There is no standardized "acceptable granularity"; however, for example, the possibility of data modification with the granularity of one bit (bit-flipping attack) is generally considered unacceptable.

For these reasons, the working group selected the narrow-block (128 bits) encryption with no authentication in the standard P1619, assuming that the added efficiency warrants the additional risk. But recognizing that wide-block encryption might be useful in some cases, another standard, 1619.2, was developed to define an algorithm for the usage of wide-block encryption.

Storage Sanitization Standards

SISWG oversees development of a family of standards on sanitization of storage:

IEEE Std 2883-2022 (Standard for Sanitizing Storage} defines methods of sanitizing data storage devices and systems. It gives requirements and guidance for the elimination of recorded data. Requirements for implementing techniques defined in 2883 will be defined in P3406 (see below).

Work began on the first version of IEEE 2883 in 2020 and it was published in 2022. Many of the concepts came from early versions of NIST SP800-88 (Guidelines for Media Sanitization) and ISO/IEC 27040 (Storage Security). These include defining methods of sanitization (Clear, Purge, and Destruct/Destruction) and how to sanitize specific types of storage media (e.g., disk drives, SSDs, paper records). Those standards had provided few if any actual mandatory compliance requirements (e.g., things that "shall" be done). In the absence of "shall" requirements, claims of compliance are meaningless. ISO/IEC 27040 was updated in early 2024 to refer to IEEE 2883 as the source of actual requirements. Similarly, SP 800-88 was updated to Revision 2 in 2025 to refer to requirements in the next version of 2883, which is under development as of 2025.

IEEE Std 2883.1-2025 (Recommended Practice for Use of Storage Sanitization Methods) provides recommendations on how to apply the sanitization methods defined in 2883. It explains that users should consider risk, feasibility, effectiveness, economics, and environmental consequences.

IEEE 2883.1 is a "recommended practice" document and is not formally considered a "standard".

Project P2883.2 (Recommended Practice for Virtualized and Cloud Storage Sanitization) is under development to provide recommendations on how to apply the sanitization methods defined in 2883 to virtualized and cloud storage systems. Such systems present interfaces to users that are at a much higher level of abstraction than the command interfaces of individual data storage drives.

Project P3406 (Standard for Purge and Destruct Sanitization Framework) is under development to provide requirements on how to define and implement techniques that perform the Purge and Destruct methods defined in IEEE 2883. Some details in the 2022 version of IEEE 2883 will be moved into 3406.

Other Standards

IEEE Std 1617-2018 (Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices) defines discovery, authentication, and authorization protocols between hosts and storage devices over multiple transports.

As of 2025, project P1617 is under development to update 1617.

See also

• Comparison of disk encryption software
• Disk encryption
• Encryption
• Full disk encryption
• Key management
• Key Management Interoperability Protocol
• On-the-fly encryption