By Topic

Security in Storage Workshop, 2003. SISW '03. Proceedings of the Second IEEE International

Date 31-31 Oct. 2003

Filter Results

Displaying Results 1 - 9 of 9
  • Decentralized Authentication Mechanisms for Object-based Storage Devices

    Page(s): 1
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (256 KB) |  | HTML iconHTML  

    Network-attached object-based storage separates data-path from control-path and enables direct interaction between clients and the storage devices. Clients interact with the file manager only to acquire the meta-data information and some cryptographic primitives, for example, access keys. Most of the current schemes rely on a centralized file manager to support these activities. This paper presents security mechanisms for decentralized authentication for object-based storage. The schemes are novel in several ways. First of all, they reduce the load on the file manager and free the system from central point of failure and denial of service attacks. We exploit Role-based Access Control (RBAC) to provide scalability and design authentication schemes that efficiently utilize RBAC. In most of the cases, the client needs to acquire only one access key from the file manager, which can be used by the client to further derive role-keys for the roles that he/she is permitted to play within an organization. Further, the number of cryptographic keys required for the purpose of authentication in these schemes is less as compared to the existing schemes. Finally, we also present two simple schemes that enable the clients to access objects stored on any device on the network using a single identity key. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fast and Secure Magnetic WORM Storage Systems

    Page(s): 11
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (160 KB) |  | HTML iconHTML  

    Computer forensic analysis, intrusion detection and disaster recovery are all dependent on the existence of trustworthy log files. Current storage systems for such log files are generally prone to modification attacks, especially by an intruder who wishes to wipe out the trail he leaves during a successful break-in. In light of recent advances in storage capacity and sharp drop in prices of storage devices, as well as the demand for trustworthy storage systems, it is timely to design and develop fast storage systems that practically have no limit in capacity and admit "secure append-only" operations (namely data can only be appended to a storage device; once appended it can no longer be modified, and can be read out by authorized users only.) This paper reports some preliminary findings in our research into building a secure append-only storage system. It discusses a possible secure append-only storage architecture that could be used to detect and prevent deletion or modification by inside/outside attackers. A specific implementation of the architecture based on block device drivers and magnetic storage firmwares is alsopresented. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Key Management for Encrypted Data Storage in Distributed Systems

    Page(s): 20
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (192 KB) |  | HTML iconHTML  

    Confidential data stored on mass storage devices is at risk to be disclosed to persons getting physical or administrator access to the device. Encrypting the data reduces this risk, at the cost of more cumbersome administration. In this publication, we examine the problem of encrypted data storage in a grid computing environment, where storage capacity and data is shared across organizational boundaries. We propose an architecture that allows users to store and share encrypted data in this environment. Access to decryption keys is granted based on the grids data access permissions. The system is therefore usable as an additional security feature together with a classical access control mechanism. Data owners can choose different tradeoffs of security versus efficiency. Storage servers need not to be trusted and common access control models are supported. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information Security on the Logistical Network: An End-to-End Approach

    Page(s): 31
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (136 KB) |  | HTML iconHTML  

    We describe the information security aspects of logistical networking. The security model adopted by logistical networking is an end-to-end model that provides tunable security levels while maintaining the scalability of the network as a whole. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementation of a Storage Mechanism for Untrusted DBMSs

    Page(s): 38
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (224 KB) |  | HTML iconHTML  

    Several architectures have been recently proposed that store relational data in encrypted form on untrusted relational databases. Such architectures permit the creation of novel Internet services and also offer an opportunity for a better construction of ASP solutions. Environments where there are limited resources that do not permit an efficient management of databases or where it is critical to offer a robust Internet access to private data may all benefit from the above architectures. In this paper we analyze the impact that this architecture has on the typical services of a database. The analysis is based on the experience gained in the construction of a prototype of a complete architecture for the management of encrypted databases. Specifically, we illustrate the impact on query translation and optimization, and the main components of the software architecture of the prototype. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptographic File Systems Performance: What You Don' t Know Can Hurt You

    Page(s): 47
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (277 KB) |  | HTML iconHTML  

    Securing data is more important than ever, yet cryptographic file systems still have not received wide use. One barrier to the adoption of cryptographic file systems is that the performance impact is assumed to be too high, but in fact is largely unknown. In this paper we first survey available cryptographic file systems. Second, we perform a performance comparison of a representative set of the systems, emphasizing multiprogrammed workloads. Third, we discuss interesting and counterintuitive results. We show the overhead of cryptographic file systems can be minimal for many real-world workloads, and suggest potential improvements to existing systems. We have observed not only general trends with each of the cryptographic file systems we compared but also anomalies based on complex interactions with the operating system, disks, CPUs, and ciphers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Memories: A Survey of Their Secure Uses in Smart Cards

    Page(s): 62
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1312 KB) |  | HTML iconHTML  

    Smart cards are widely known for their tamper resistance, but only contain a small amount of memory. Though very small, this memory often contains highly valuable information (identification data, cryptographic key, etc). This is why it is subject to many attacks, as the other parts of the smart card, and thus requires appropriately chosen protections. The use of memories in smart cards induces security problems, but also other more particular ones. The main constraint is naturally the limited physical expansion and integration, but fault level, aging and power consumption are not to be discarded. Indeed, deducing the context of a ROM using a microscope has been proven to work. Interactions with light or eddy current on silicon can produce faults that might reveal important information, as well. This article details the role of memory in smart card industries, in current context and future perspectives of smart cards and their applications. It then gives a survey of published physical attacks targeting memory and all the existing techniques to counter them. Great efforts are undertaken by industries and academics to tackle specific memory problems introducing hardware and software countermeasures in the designs. This struggle between security and hackers permits in the one hand tremendous breakthroughs in research but in the other hand makes rather difficult for manufacturers to maintain cost effectiveness, that is one important factor for smart card. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Research and Implement of an Encrypted File System Used to NAS

    Page(s): 73
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (112 KB) |  | HTML iconHTML  

    Data security has become an increasingly important factor in routine work with the development of applications, and users trend to obtain high security with maximum comfort. In this article a cryptographic file system called NAS_CFS used for NAS is designed. NAS_CFS has some characteristics as below: adding encryption function to file-system layer allows users to encrypt data transparently, obtaining high security by key management based on session ID and user ID, attachment and timeouts mechanisms, and NAS_CFS is an in-kernel file system of high performance using stackable mechanism. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Page(s): 78
    Save to Project icon | Request Permissions | PDF file iconPDF (18 KB)  
    Freely Available from IEEE