storage security using cryptographic splitting · 2020-03-07 · storage developer conference 2009...

Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.

Storage Security Using Cryptographic Splitting

David DodgsonUnisys


Objectives

Learn about cryptographic splitting: what it is, and how it can be used. Learn how splitting can be combined with other encryption methods to provide strong data protection. Learn how a storage appliance using these methods can be used to provide secure, highly available access to data.Learn how a storage appliance can be used to limit access to data to members of a community of interest at less cost than traditional methods.

2


Cryptographic Splitting

Cryptographic splitting is an algorithm that splits a stream of bits into N shares

Splitting is done at the bit levelSplitting is controlled by a keySplitting is performed randomly

3


Video on Cryptographic Splitting

“Stealth for SAN” video at http://www.unisys.com/unisys/ri/videos/index.jsp?id=1200002

4


Strong Data Protection

A combination of algorithms is used to provide strong data protection.

AES-256A block of data is first encrypted

Cryptographic SplittingThe encrypted bits are then split into N shares

SHA-256Each individual share is hashed

5


Keys

Workgroup KeyExternalSymmetric, 256 bits

Session KeyInternalContains encryption, splitting, and hash keysEncrypted with the Workgroup keyUsed on no more than 64GB of data

6


Storage Using Splitting

Data is encrypted and split into N sharesEach share is saved on a separate disk

The loss of any one disk cannot compromise the data

A storage appliance in the SAN performs the encryption

The appliance has a hardware assist to improve performance

7


SAN Configuration

8

Application Server

EMC, Hitachietc

SANJBO

D

IP

NAS

File System

I: F1J: F2K: F3L: F4M: DB1

L03

o o o

DB’sFiles

JBOD

...

(I) (J) (L)

JBOD

(K)

Existing Storage Enterprise

LUN01 CIFS01 iSCSI2 LUN02 LUN03

LUN03LUN02...

(M)

LUN01 CIFS01 iSCSI02

L01 C01 i02 L02

Application Server

File System

DB’sFiles Files

L04.a

SANJBO

D IP

SSA

I: F1J: F2K: F3L: F4M: DB1T: sF5U: sDB1

SSA enabled Storage Enterprise- Encrypted data “shred” across multiple physical locations

o Highly secure, highly available- Transparent to Application Servers

L04.b L04.c L04.dNew secure F5

L05.a L05.b L05.c L05.dSecure copy of DB1

DB’s

EMC, HitachietcNASJBOD

LUN01

o o o(I) (J) (L)(K)

LUN01 CIFS01 iSCSI2 LUN02 LUN03

(M)

JBOD

LUN04 LUN05

LUN90i03C01

(T) (U)

L03L01 C01 i02 L02

JBOD

i04i02 L80L02 L81L03


Storage Pools

A Storage Pool is a collection of storage sharesFor example, four disks could be used where the data is split into four shares where the back-end storage is disksOr, each back-end share could be from a RAID’ed array

Shares should be distributed across the data centerReduces loss through theft or attackReduces loss through failure (different circuits and sprinklerheads)

9


Storage Volumes

A Storage Volume is storage allocated for a specific use

The volume is presented as a virtual disk to a client.

It is allocated from a storage pool.

10


Secure Volumes

Volume storage is protected by encryptionEach volume has a single workgroup keyA volume may have multiple session keys, depending on size

Volume access is protected by maskingA volume is only visible to configured external portsI/O request from unconfigured ports are ignored

11


Communities of Interest

Storage may be configured for a specific community of interest

Each volume has a key specific to its communityAccess can be restricted to only the application server that needs itThe size of the volume is configured to be only what is neededMultiple volumes may be allocated from a single storage pool

12


COI Example

13


Redundancy

The splitting algorithm provides redundancySpecified as “M of N” where N is the number of shares and M is the minimum number required

For example, “2 of 4” means that data is written to 4 shares, but only 2 reads are required to reconstitute the data

Provides multi-location protectionFor example, 2 shares could be local and 2 remote

Provides multi-layer protectionFor example, RAID 5+0 could use 4 of 4 to provide striping at the appliance talking to 4 storage devices providing RAID 5

14


Error Handling

Various errors can be detected and handledI/O error

Probably due to missing share, rebuild laterBad SHA result

Probably due to transmission error or data corruption, retry or rebuild

Bad merge resultProbably due to out-of-date share, rebuild

Bad decryption resultProbably due to bad data, rebuild

Rebuild is done automatically when a share’s devices return to service

15


Disaster Recovery

Multi-pathingAn application server may access data through multiple pathsThe appliance may do the same

Geographic dispersalAs long as at least M shares are available at any location, the data is available

ClusteringAppliances can be combined in a cluster to protect against failure and improve performance (hot/hot)

16


SAN Network

17

StorageSubsystems

Host 1

StorageSubsystems

Host 2

Location 1

Location 2

ISL (via IP)

Cluster (via IP)

SAN Switch SSASSA

Console

Key Mgr(3P)

SAN Switch


Rekeying

Workgroup keyRekey the session keys

Session keysRekey the data, one session key at a time

Use the old key to access data while rekeying is performed in the background

18


Caching

Front-endRecently accessed data can be saved on the appliance

Data doesn’t have to be decryptedPrimarily improves read performance

Back-endData for remote shares can be saved locally

Saved in encrypted formatPrimarily improves write performance

19


Advantages

Data is protected throughout the SANData is safe from eavesdroppers

Multiple sharesNo single disk has all the data

Virtualization and encryption provide COI’sMultiple COI’s on a disk provide more efficient use of storage

Data encrypted with a single key is limitedNo more than 64 GB encrypted with a key

20


Advantages

Safer redundancy RAID-5 algorithm provides additional information to attackers

Centralized key management The appliance can access key life-cycle management

Improved access Rekeying and rebuilding are done in the background

Improved performance Using hardware assist

21


Disadvantages

Greater complexity in the SAN and configurationRedundancy algorithm more storage intensive

22


Summary

Cryptographic splitting allows blocks of bits to be randomly split into different shares. Combining splitting with standard encryption methods provides a very strong form of data protection. A storage appliance can be used to provide high availability, and secure access to data in a SAN by members of individual communities of interest (COIs).

23


Links

Unisys Corporationhttp://www.unisys.comSecurity First Corp. http://www.securityfirstcorp.com

24

http://www.unisys.com/

http://www.securityfirstcorp.com/

storage security using cryptographic splitting · 2020-03-07 · storage developer conference 2009...

Documents