Strong Security for Network-Attached Storage

Abstract

We have developed a scheme to secure network-attached storage systems against many types of attacks. Our system uses strong cryptography to hide data from unauthorized users; someone gaining complete access to a disk cannot obtain any useful data from the system, and backups can be done without allowing the super-user access to cleartext. While insider denial-of-service attacks cannot be prevented (an insider can physically destroy the storage devices), our system detects attempts to forge data. The system was developed using a raw disk, and can be integrated into common file systems.

All of this security can be achieved with little penalty to performance. Our experiments show that, using a relatively inexpensive commodity CPU attached to a disk, our system can store and retrieve data with virtually no penalty for random disk requests and only a 15–20% performance loss over raw transfer rates for sequential disk requests. With such a minor performance penalty, there is no longer any reason not to include strong encryption and authentication in network file systems.

Full Paper

PDF

BibTeX

@inproceedings{miller-fast02,
  author       = {Ethan L. Miller and Darrell D. E. Long and William E. Freeman and Benjamin C. Reed},
  title        = {Strong Security for Network-Attached Storage},
  booktitle    = {Proceedings of the 2002 Conference on File and Storage Technologies (FAST)},
  pages        = {1-13},
  month        = jan,
  year         = {2002},
}