Encryption and key management in a SAN

Author

Baldwin, Adrian ; Shiu, Simon

Author_Institution

Hewlett-Packard Labs., UK

fYear

2002

fDate

11 Dec. 2002

Firstpage

35

Lastpage

44

Abstract

Many important security properties can be gained by encrypting stored data. However, these properties can be significantly undermined if the encryption keys are not well managed. This paper discusses how encryption strategies can be used to provide stronger segregation of data, remove "back door" access to data, and to reduce the reliance and trust placed in administrators of SAN systems. The focus is on the key management that necessarily forms a part of a secure encryption strategy. The work described is based on the use of a hardware security appliance (HSA) which augments traditional HSMs with additional functionality to control the way keys are used rather than just providing a secure environment for crypto functions. This allows security critical components or services to be pushed into trusted hardware thereby providing wider application or system level security. The paper shows how the HSA can. be applied to securely managing the keys for the encryption strategies needed for SAN security.

Keywords

cryptography; distributed databases; network operating systems; SAN systems; crypto functions; encryption keys; hardware security appliance; key management; secure encryption strategy; security critical components; security critical services; security properties; storage area networks; Cryptography; Data security; Fabrics; Hardware; Home appliances; Power system management; Power system security; Protection; Secure storage; Storage area networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Security in Storage Workshop, 2002. Proceedings. First International IEEE

Print_ISBN

0-7695-1888-5

Type

conf

DOI

10.1109/SISW.2002.1183508

Filename

1183508