Title :
Strong security for distributed file systems
Author :
Miller, Ethan ; Long, Darrell ; Freeman, William ; Reed, Benjamin
Author_Institution :
California Univ., Santa Cruz, CA, USA
Abstract :
We have developed a scheme to secure network-attached storage systems against many types of attacks. Our system uses strong cryptography to hide data from unauthorized users; someone gaining complete access to a disk cannot obtain any useful data from the system, and backups can be done without allowing the super-user access to unencrypted data. While denial-of-service attacks cannot be prevented, our system detects forged data. The system was developed using a raw disk, and can be integrated into common file systems. We discuss the design and security tradeoffs such a distributed file system makes. Our design guards against both remote intruders and those who gain physical access to the disk, using just enough security to thwart both types of attacks. This security can be achieved with little penalty to performance. We discuss the security operations that are necessary for each type of operation, and show that there is no longer any reason not to include strong encryption and authentication in network file systems
Keywords :
Internet; authorisation; cryptography; data analysis; distributed databases; message authentication; authentication; common file systems; denial-of-service attacks; distributed file systems; forged data detection; network file systems; network-attached storage systems; raw disk; remote intruders; security operations; security tradeoffs; strong cryptography; strong encryption; strong security; super-user; unauthorized users; unencrypted data; Authentication; Cryptography; Data security; File servers; File systems; Internet; Modems; Network servers; Protection; Secure storage;
Conference_Titel :
Performance, Computing, and Communications, 2001. IEEE International Conference on.
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7803-7001-5
DOI :
10.1109/IPCCC.2001.918633
