Title :
Disk-enabled authenticated encryption
Author :
Butler, Kevin ; McLaughlin, Stephen ; McDaniel, Patrick
Author_Institution :
Penn State Univ., University Park, PA, USA
Abstract :
Storage is increasingly becoming a vector for data compromise. Solutions for protecting on-disk data confidentiality and integrity to date have been limited in their effectiveness. Providing authenticated encryption, or simultaneous encryption with integrity information, is important to protect data at rest. In this paper, we propose that disks augmented with non-volatile storage (e.g., hybrid hard disks) and cryptographic processors (e.g., FDE drives) may provide a solution for authenticated encryption, storing security metadata within the drive itself to eliminate dependences on other parts of the system. We augment the DiskSim simulator with a flash simulator to evaluate the costs associated with managing operational overheads. These experiments show that proper tuning of system parameters can eliminate many of the costs associated with managing security metadata, with less than a 2% decrease in IOPS versus regular disks.
Keywords :
authorisation; cryptography; data integrity; disc storage; meta data; random-access storage; DiskSim simulator; cryptographic processor; disk-enabled authenticated encryption; flash simulator; integrity information; nonvolatile storage; on-disk data confidentiality; security metadata; simultaneous encryption; Authentication; Costs; Counting circuits; Cryptography; Data security; Drives; Nonvolatile memory; Portable computers; Protection; Secure storage;
Conference_Titel :
Mass Storage Systems and Technologies (MSST), 2010 IEEE 26th Symposium on
Conference_Location :
Incline Village, NV
Print_ISBN :
978-1-4244-7152-2
Electronic_ISBN :
978-1-4244-7153-9
DOI :
10.1109/MSST.2010.5496979
