Design and Implementation of Self-securing Disk

Self-securing storage devices prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, we design an efficient self-securing disk architecture, which is based on traditional self-securing storage prototype S4: 1) On the confidentiality protection side, authenticated encryption mode GCM is adapted to process disk block in parallel ,and authentication latency is overlapped with disk access latency so that our scheme is more efficient and secure than Windows BitLocker. 2) On the integrity protection side, GHASH proposed in GCM is used to generate MAC which is more efficient than SHA-1, MD5. Moreover, ldquoMinimum Integrity Verification Treerdquo is put forward to decrease performance loss at a maximum. 3) On the access control protection side, we propose a cryptographically featured capability based access control model, which is based on existing OSD access control model. We use hybrid hard drive as an instance to build a self-securing disk prototype which is implemented by simulation. The encryption/authentication overheads are significantly reduced due to buffer techniques and combined GCM/Flash scheme. According to the simulation results, the performance overhead is less than 18%, which is efficient and practical.