Skip to Main Content
Storage area networks offer high availability, reliability, and scalability, and are a promising solution for large-scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for SANs is to provide secure storage, which implies data integrity and data confidentiality. In this article we propose a solution that addresses these core security requirements. In particular, we focus on mechanisms that enable efficient key management for SAN entities and allow scalable data sharing. We use strong cryptographic techniques to achieve data security and integrity. Further, we delegate the bulk of the cryptographic processing to the SAN entities, thereby removing bottlenecks at disks and causing minimal inconvenience to hosts. By recognizing the peer nature of the group of SAN entities, we propose a novel security architecture for SAN that uses a secure group communication protocol to provide efficient group keying without involving any centralized servers. This fosters both scalability and fault tolerance.