启用磁盘的身份验证加密

2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST) Pub Date : 2010-05-03 DOI:10.1109/MSST.2010.5496979

Kevin R. B. Butler, Stephen E. McLaughlin, P. Mcdaniel

{"title":"启用磁盘的身份验证加密","authors":"Kevin R. B. Butler, Stephen E. McLaughlin, P. Mcdaniel","doi":"10.1109/MSST.2010.5496979","DOIUrl":null,"url":null,"abstract":"Storage is increasingly becoming a vector for data compromise. Solutions for protecting on-disk data confidentiality and integrity to date have been limited in their effectiveness. Providing authenticated encryption, or simultaneous encryption with integrity information, is important to protect data at rest. In this paper, we propose that disks augmented with non-volatile storage (e.g., hybrid hard disks) and cryptographic processors (e.g., FDE drives) may provide a solution for authenticated encryption, storing security metadata within the drive itself to eliminate dependences on other parts of the system. We augment the DiskSim simulator with a flash simulator to evaluate the costs associated with managing operational overheads. These experiments show that proper tuning of system parameters can eliminate many of the costs associated with managing security metadata, with less than a 2% decrease in IOPS versus regular disks.","PeriodicalId":350968,"journal":{"name":"2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Disk-enabled authenticated encryption\",\"authors\":\"Kevin R. B. Butler, Stephen E. McLaughlin, P. Mcdaniel\",\"doi\":\"10.1109/MSST.2010.5496979\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Storage is increasingly becoming a vector for data compromise. Solutions for protecting on-disk data confidentiality and integrity to date have been limited in their effectiveness. Providing authenticated encryption, or simultaneous encryption with integrity information, is important to protect data at rest. In this paper, we propose that disks augmented with non-volatile storage (e.g., hybrid hard disks) and cryptographic processors (e.g., FDE drives) may provide a solution for authenticated encryption, storing security metadata within the drive itself to eliminate dependences on other parts of the system. We augment the DiskSim simulator with a flash simulator to evaluate the costs associated with managing operational overheads. These experiments show that proper tuning of system parameters can eliminate many of the costs associated with managing security metadata, with less than a 2% decrease in IOPS versus regular disks.\",\"PeriodicalId\":350968,\"journal\":{\"name\":\"2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MSST.2010.5496979\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MSST.2010.5496979","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

存储正日益成为数据泄露的载体。迄今为止，用于保护磁盘上数据机密性和完整性的解决方案的有效性有限。提供经过身份验证的加密，或使用完整性信息进行同步加密，对于保护静态数据非常重要。在这篇论文中，我们建议增加非易失性存储(例如，混合硬盘)和加密处理器(例如，FDE驱动器)的磁盘可以为身份验证加密提供解决方案，将安全元数据存储在驱动器本身中，以消除对系统其他部分的依赖。我们在DiskSim模拟器的基础上增加了一个flash模拟器，以评估与管理运营开销相关的成本。这些实验表明，适当调优系统参数可以消除与管理安全元数据相关的许多成本，与常规磁盘相比，IOPS下降不到2%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Disk-enabled authenticated encryption

Storage is increasingly becoming a vector for data compromise. Solutions for protecting on-disk data confidentiality and integrity to date have been limited in their effectiveness. Providing authenticated encryption, or simultaneous encryption with integrity information, is important to protect data at rest. In this paper, we propose that disks augmented with non-volatile storage (e.g., hybrid hard disks) and cryptographic processors (e.g., FDE drives) may provide a solution for authenticated encryption, storing security metadata within the drive itself to eliminate dependences on other parts of the system. We augment the DiskSim simulator with a flash simulator to evaluate the costs associated with managing operational overheads. These experiments show that proper tuning of system parameters can eliminate many of the costs associated with managing security metadata, with less than a 2% decrease in IOPS versus regular disks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)

自引率

0.00%

发文量

期刊最新文献

Automated lookahead data migration in SSD-enabled multi-tiered storage systems Write amplification reduction in NAND Flash through multi-write coding Leveraging disk drive acoustic modes for power management Achieving page-mapping FTL performance at block-mapping FTL cost by hiding address translation Energy and thermal aware buffer cache replacement algorithm