Title :
Encryption and key management in a SAN
Author :
Baldwin, Adrian ; Shiu, Simon
Author_Institution :
Hewlett-Packard Labs., UK
Abstract :
Many important security properties can be gained by encrypting stored data. However, these properties can be significantly undermined if the encryption keys are not well managed. This paper discusses how encryption strategies can be used to provide stronger segregation of data, remove "back door" access to data, and to reduce the reliance and trust placed in administrators of SAN systems. The focus is on the key management that necessarily forms a part of a secure encryption strategy. The work described is based on the use of a hardware security appliance (HSA) which augments traditional HSMs with additional functionality to control the way keys are used rather than just providing a secure environment for crypto functions. This allows security critical components or services to be pushed into trusted hardware thereby providing wider application or system level security. The paper shows how the HSA can. be applied to securely managing the keys for the encryption strategies needed for SAN security.
Keywords :
cryptography; distributed databases; network operating systems; SAN systems; crypto functions; encryption keys; hardware security appliance; key management; secure encryption strategy; security critical components; security critical services; security properties; storage area networks; Cryptography; Data security; Fabrics; Hardware; Home appliances; Power system management; Power system security; Protection; Secure storage; Storage area networks;
Conference_Titel :
Security in Storage Workshop, 2002. Proceedings. First International IEEE
Print_ISBN :
0-7695-1888-5
DOI :
10.1109/SISW.2002.1183508
