Secure Remote Storage through Authenticated Encryption

Author

Hou, Fangyong ; Gu, Dawu ; Xiao, Nong ; Tang, Yuhua

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol., Changsha

fYear

2008

fDate

12-14 June 2008

Firstpage

3

Lastpage

9

Abstract

Storage systems are more distributed and more subject to attacks. Cryptographic file system gives a promising way to mitigate the danger of exposing data by using encryption and integrity protection methods and guarantee end-to-end security to clients. This paper describes SRSAE, a generic approach to cryptographic file system, as well as its realization in a distributed data storage environment. SRSAE applies authenticated encryption to each data block transferred between clients and the remote block devices. It provides strong data confidentiality and integrity protections through trusted IV (initialization vector) and MAC (message authentication code) comparison. Performance is optimized by buffering IV and MAC locally. Integration into original file system is presented with specific implementation. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to build secure network storage system.

Keywords

cryptography; digital storage; storage management; SRSAE; authenticated encryption; cryptographic file system; distributed data storage environment; end-to-end security; message authentication code; remote block devices; secure remote storage; Computer architecture; Computer networks; Cryptography; Data security; File systems; Memory; Message authentication; Network servers; Protection; Secure storage;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking, Architecture, and Storage, 2008. NAS '08. International Conference on

Conference_Location

Chongqing

Print_ISBN

978-0-7695-3187-8

Type

conf

DOI

10.1109/NAS.2008.48

Filename

4579555