Design for a Decentralized Security System For Network Attached Storage

This paper describes an architecture for a secure file system based on networkattached storage that guarantees end-to-end encryption for all user data. We describe the design of this system, focusing on the features that allow it to ensure that data is written and read only by authorized users, even in the face of attacks such as network snooping and physically capturing the storage media. Our work shows that such a system is feasible given the speeds of today’s microprocessors, and we discuss benchmark results using several popular encryption and authentication algorithms that could be used on storage devices in such a system. Based on these calculations, we present the overall performance of the system, showing that it is nearly as fast as the non-encrypted file systems in wide use today.

[1]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[2]  Shivakumar Venkataraman,et al.  The TickerTAIP parallel RAID architecture , 1993, ISCA '93.

[3]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[4]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[5]  N.E. Hastings,et al.  TCP/IP spoofing fundamentals , 1996, Conference Proceedings of the 1996 IEEE Fifteenth Annual International Phoenix Conference on Computers and Communications.

[6]  Jeanna Neefe Matthews,et al.  Serverless network file systems , 1996, TOCS.

[7]  Jim Reid Plugging the holes in host-based authentication , 1996, Comput. Secur..

[8]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[9]  Chandramohan A. Thekkath,et al.  Frangipani: a scalable distributed file system , 1997, SOSP.

[10]  Garth A. Gibson,et al.  Filesystems for Network-Attached Secure Disks, , 1997 .

[11]  Ethan L. Miller,et al.  An experimental analysis of cryptographic overhead in performance-critical systems , 1999, MASCOTS '99. Proceedings of the Seventh International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.