论文信息 - An efficient and scalable Security ProtocoL for protecting fixed-Content Objects in ContEnt aDdressable StoraGe architEctures

An efficient and scalable Security ProtocoL for protecting fixed-Content Objects in ContEnt aDdressable StoraGe architEctures

In this paper we present PLEDGE, an efficient and scalable Security ProtocoL for protecting fixed-content objects in contEnt aDdressable storaGe (CAS) architEctures. PLEDGE follows an end-to-end policy-driven security approach to secure the confidentiality, integrity, and authenticity of fixed-content entities over the enterprise network links and in the nodes of the CAS device. It utilizes a customizable and configurable XML security policy to provide flexible, multi-level, and fine-grained encryption and hashing methodologies to fixed content CAS entities. PLEDGE secures data objects based on their content and sensitivity and highly overcomes the performance of bulk and raw encryption protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS) protocols. Moreover, PLEDGE transparently stores sensitive objects encrypted (partially or totally) in the CAS storage nodes without affecting the CAS storage system operation or performance and takes into consideration the processing load, computing power, and memory capabilities of the client devices which may be constrained by limited processing power, memory resources, or network connectivity. PLEDGE complies with the strictest compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) requirements and the SEC Rule 17a-4 financial standards. The protocol is implemented in a real CAS network using an EMC Centera backend storage device. The application secured by PLEDGE in the sample implementation is an X-Ray radiography scanning system in a healthcare network environment.

Ayman I. Kayssi | Ali Chehab | Wassim Itani

[1] Alan O. Freier,et al. SSL Protocol Version 3.0 Internet Draft , 1996 .

[2] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[3] Marc Van Droogenbroeck. Partial encryption of images for real-time applications , 2004 .

[4] Jennifer Seberry,et al. HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[5] Andreas Uhl,et al. Selective encryption of wavelet-packet encoded image data: efficiency and security , 2003, Multimedia Systems.

[6] Shiguo Lian,et al. A Selective Image Encryption Scheme Based on JPEG2000 Codec , 2004, PCM.

[7] Ahmet M. Eskicioglu,et al. Selective Encryption of Multimedia Content in Distribution Networks: Challenges and New Directions , 2003 .

[8] Marc Van Droogenbroeck,et al. Techniques for a selective encryption of uncompressed and compressed images , 2002 .

[9] Andreas Uhl,et al. Selective Image Encryption Using JBIG , 2005, Communications and Multimedia Security.

[10] Vincent Rijmen,et al. Rijndael, the advanced encryption standard , 2001 .

[11] Alan O. Freier,et al. The SSL Protocol Version 3.0 , 1996 .

[12] Xiaobo Li,et al. Partial encryption of compressed images and videos , 2000, IEEE Trans. Signal Process..

[13] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.