Embedded Security for Network-Attached Storage

As storage interconnects evolve from single-host small-scale systems, such as traditional SCSI, to the multi-host Internet-based systems of Network-attached Secure Disks (NASD), protecting the integrity of data transfers between client and storage becomes essential. However, it is also computationally expensive and can impose significant performance penalties on storage systems. This paper explores several techniques that can protect the communications integrity of storage requests and data transfers, imposing very little performance penalty and significantly reducing the amount of required cryptography. Central to this work is an alternative cryptographic approach, called “Hash and MAC”, that reduces the cost of protecting the integrity of read traffic in storage devices that are unable to generate a message authentication code at full data transfers rates. Hash and MAC does this by precomputing security information, using and reusing the precomputed information on subsequent read requests. We also present a refined “Hash and MAC” approach that uses incremental hash functions to improve the performance of small read and write operations as well as non-block-aligned operations. Embedded Security for Network-Attached Storage Howard Gobioff1, David Nagle2, Garth Gibson1 June 1999 CMU-CS-99-154 School of Computer Science Carnegie Mellon University Pittsburgh, Pennsylvania 15213-3890 Contact: David Nagle ([email protected]) Office: 412-268-3898 Fax: 412-268-6353 1. School of Computer Science, can be reached via email at {hgobioff,garth}@cs.cmu.edu 2. Department of Electrical and Computer Engineering, can be reached via email at [email protected] This research is sponsored by DARPA/ITO through DARPA Order D306, and issued by Indian Head Division, NSWC under contract N00174-96-0002. Additional support was provided by the member companies of the Parallel Data Consortium, including: Hewlett-Packard Laboratories, Hitachi, IBM, Intel, Quantum, Seagate Technology, Siemens, Storage Technology, Wind River Systems, 3Com Corporation, Compaq, Data General/Clariion, and LSI Logic. ACM Computing Reviews