Secure Group Services for Storage Area Networks

Storage Area Networks, with their ability to offer high data availability, reliability and scalability, are a promising solution for the large scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for a Storage Area Network (SAN) is to provide data integrity and confidentiality. In this paper, we propose a solution which addresses these core security requirements. In particular, we focus on mechanisms that enable efficient key distribution to allow scalable data sharing. Our scheme uses strong cryptographic techniques to achieve data security and integrity. Further, we delegate the bulk of the cryptographic processing to the SAN entities (e.g., switches, routers or other network elements), thereby removing bottlenecks at the disks and causing minimal inconvenience to the hosts. By recognizing the peer nature of the group of SAN entities, we propose efficient group key mechanisms that do not involve any centralized key distribution servers. This allows our scheme to be scalable and be free from any single point of failure or attack.