Configuring storage-area networks using mandatory security
Journal of Computer Security
A new key management scheme for distributed encrypted storage systems
ICCSA'06 Proceedings of the 6th international conference on Computational Science and Its Applications - Volume Part I
| Hi-index | 0.00 |
Storage Area Networks, with their ability to offerhigh data availability, reliability and scalability, area promising solution for the large scale storage needsof many enterprises. As with any distributed storage system, a major design challenge for a StorageArea Network (SAN) is to provide data integrity andconfidentiality. In this paper, we propose a solutionwhich addresses these core security requirements. Inparticular, we focus on mechanisms that enable efficientkey distribution to allow scalable data sharing. Ourscheme uses strong cryptographic techniques to achievedata security and integrity. Further, we delegate thebulk of the cryptographic processing to the SAN entities(e.g., switches, routers or other network elements),thereby removing bottlenecks at the disks and causingminimal inconvenience to the hosts. By recognizing thepeer nature of the group of SAN entities, we proposeefficient group key mechanisms that do not involve anycentralized key distribution servers. This allows ourscheme to be scalable and be free from any single pointof failure or attack.