Disk-enabled authenticated encryption

Author

Butler, Kevin ; McLaughlin, Stephen ; McDaniel, Patrick

Author_Institution

Penn State Univ., University Park, PA, USA

fYear

2010

fDate

3-7 May 2010

Firstpage

1

Lastpage

6

Abstract

Storage is increasingly becoming a vector for data compromise. Solutions for protecting on-disk data confidentiality and integrity to date have been limited in their effectiveness. Providing authenticated encryption, or simultaneous encryption with integrity information, is important to protect data at rest. In this paper, we propose that disks augmented with non-volatile storage (e.g., hybrid hard disks) and cryptographic processors (e.g., FDE drives) may provide a solution for authenticated encryption, storing security metadata within the drive itself to eliminate dependences on other parts of the system. We augment the DiskSim simulator with a flash simulator to evaluate the costs associated with managing operational overheads. These experiments show that proper tuning of system parameters can eliminate many of the costs associated with managing security metadata, with less than a 2% decrease in IOPS versus regular disks.

Keywords

authorisation; cryptography; data integrity; disc storage; meta data; random-access storage; DiskSim simulator; cryptographic processor; disk-enabled authenticated encryption; flash simulator; integrity information; nonvolatile storage; on-disk data confidentiality; security metadata; simultaneous encryption; Authentication; Costs; Counting circuits; Cryptography; Data security; Drives; Nonvolatile memory; Portable computers; Protection; Secure storage;

fLanguage

English

Publisher

ieee

Conference_Titel

Mass Storage Systems and Technologies (MSST), 2010 IEEE 26th Symposium on

Conference_Location

Incline Village, NV

Print_ISBN

978-1-4244-7152-2

Electronic_ISBN

978-1-4244-7153-9

Type

conf

DOI

10.1109/MSST.2010.5496979

Filename

5496979