Securing Data in the Age of Networked Storage
The wealth of information that is being accumulated these days requires an enormous amount of storage capacity and can no longer be stored locally on your local (directly attached) disk. To address this need, the idea of networked storage has emerged. Networked storage refers to the wide variety of dedicated storage systems that are networked-connected. These solutions allow the user to transmit his/her data over some network and store it at a remote location.
The network that is used to transmit data from the user to the device is called a SAN - Storage Area Network. Traditionally it has been implemented over a high-speed Fiber-Channel network infrastructure that is dedicated to storage only, but recent developments have made it possible to use existing IP (Internet) infrastructure at lower costs.
With the ability to transmit data over the network and store it anywhere security has become an intrinsic problem. What are the new threats?
Access Control. Since storage is now a resource shared over networks in a distributed manner, there is a need to enforce 'privileged separation' of the data (i.e. determining which 'user' can access which 'data') in a different fashion. Why is this a new security problem? Access control to storage was traditionally achieved by passing the data through a single trusted entity like a file server. It was the file server that made the access policy decisions and enforcements, while the storage device (for example, the disk) was responsible for data access only (in the form of Read/Write data blocks). With networked storage systems, this is no longer the case, since the data can now be accessed directly by any computer on the network, not only by the trusted file server.
Providing access control can be described abstractly as 'setting a gatekeeper' to monitor access to the data. If, in the past, the 'gatekeeper's the file server, in a networked-storage architecture the 'gatekeeper' must reside closer to data, e.g. on the actual storage device. Such a solution requires substantial changes to the storage device--in addition to reading/writing blocks of data it also needs to enforce 'privileged separation' of the data.
Network Attacks. The network itself has now become a threat when the data is 'in-flight'. Networks are known to be vulnerable to various attacks. The data may be altered during transmission to and from the remote storage system--whether intentionally or not. Data can be eavesdropped if not encrypted properly. Messages may be spoofed using well-known mechanisms, so that one user or computer can masquerade successfully as another.
The general problem of network security (for example, for the Internet) is well-known and has been successfully addressed by a number of mechanisms and protocols. Networked Storage is now required to adopt these mechanisms and deploy them in the Storage Area Network (SAN) environment in order to protect the data while in-flight.
Data-at-rest. Another aspect of networked storage security is the ability to encrypt the data when it finally reaches the storage device. This increases the confidence of the user who stores data at a remote data center, which sometimes is operated by a third party. With recent incidents of data loss or theft (so far mainly tapes and laptops) this is becoming essential. Governments have also realized the importance of protecting the privacy of long-term data, and have issued regulations in many sectors (e.g. the health-care and financial industries) that require businesses to comply with certain privacy regulations and encrypt the data.
The IEEE Computer Society's Security in Storage Working Group is developing Project 1619 "Standard Architecture for Encrypted Shared Storage Media". Its goal is to devise methods for interoperable encryption of storage devices, which may be either disks or tapes.
Securing for Storage is about devising methodologies, standards and solutions to address all the above objectives. The links below provide further information regarding the solutions that exist today and those that will be available in the near future.
- The paper "Network Attached Storage Architecture", by Garth A. Gibson and Rodney Van Meter (Communications of the ACM, Vol.43, No.11, November 2000), is a good survey on the subject of network attached storage. It also overviews the 'Networked Attached Secure Disks' architecture (NASD) which was initiated as a research project in the 90's at Carnegie Mellon University.
- Object Storage Device (OSD) is an emerging storage technology that enables the creation of secure storage containers on a storage device via a standard interface. OSDs can enforce access control at the storage device. See http://www.snia.o rg/tech_activities/workgroups/osd/ for the OSD SNIA working group and http://www.haifa.il.ibm.com/projects/storage/objectstore/index.html to learn more about the technology.
- Security protocols to protect the while data-in-flight:
* For IP-based networks, see the iSCSI protocol * For Fibre Channel networks, the FC-SP protocol is a security framework which includes protocols to enhance Fibre Channel.
- Methods that provide security for data-at-rest are developed by IEEE Project 1619.
ABOUT THE AUTHOR: Dr. Dalit Naor is a researcher in the Networked Storage Technologies group at IBM Haifa Research Lab in Israel. Since joining IBM Research in 1996, She has been working on security technologies for the Internet, content protection, and storage systems. Her current interest is in the area of security for storage.