Strong Security for Network-Attached Storage

Appeared in Proceedings of the 2002 Conference on File and Storage Technologies (FAST).

Abstract

We have developed a scheme to secure network-attached storage systems against many types of attacks. Our system uses strong cryptography to hide data from unauthorized users; someone gaining complete access to a disk cannot obtain any useful data from the system, and backups can be done without allowing the super-user access to unencrypted data. While denial-of-service attacks cannot be prevented (attackers with sledgehammers can deny service to any system), our system detects forged data. The system was developed using a raw disk, and can be integrated into common file systems.

All of this security can be achieved with little penalty to performance. Our experiments show that, using a relatively inexpensive commodity CPU attached to a disk, our system can store and retrieve data with only a 15-20% performance loss over raw transfer rates for sequential disk requests, and virtually no penalty for random disk requests. With such a minor performance penalty, there is no longer any reason not to include strong encryption and authentication in network file systems.

Publication date:
January 2002

Authors:
Ethan L. Miller
Darrell D. E. Long
William E. Freeman
Benjamin C. Reed

Projects:
Secure File and Storage Systems
Ultra-Large Scale Storage

Available media

Full paper text: PDF

Bibtex entry

@inproceedings{miller-fast02,
  author       = {Ethan L. Miller and Darrell D. E. Long and William E. Freeman and Benjamin C. Reed},
  title        = {Strong Security for Network-Attached Storage},
  booktitle    = {Proceedings of the 2002 Conference on File and Storage Technologies (FAST)},
  pages        = {1-13},
  month        = jan,
  year         = {2002},
}