E l ti fEvolution of
Secure Storage
James Hughes
Huawei Technologies Co., Ltd.
Session ID: HOST-403
Session Classification: Advanced
Agenda
Storage Security?
Storage Security vs Network SecurityStorage Security vs Network Security
E i ti S t d S l Att kExisting Systems and Sample Attacks
Long Term Prediction of Adoption
24
StorageStorage
Security?
Agenda
Why are we here?
What is “Storage Security”What is Storage Security
A sampling of issues
No clear answer
What to do?What to do?
Encrypt your data
Your OS vendor must help
44
Why Are We Here?
CNN Moments
Laptops in amusement parksLaptops in amusement parks
Laptops at airports and borders
Disks bought as scrap
RAID disks stolenRAID disks stolen
LANL Thumb drive
Tapes lost in an armored vehicle
Changing the auditable for the unauditable
5-9s of offsite archive reliability
Tapes lost inside the datacenter p
55
Why now?
California law on data disclosure
CEO to jail (never enforced?)CEO to jail (never enforced?)
Companies fined for data disclosure
Blue Cross violated state insurance regulations
Th t i f i dThe tension of privacy and commerce
When in doubt, don’t keep it
Data loss will always be herey
Accidents
Crimes
66
Conflict Between
Data Protection
from loss (backup)from loss (backup)
Data Protection
from disclosure
Whi h ld h ?Which would you choose?
Either or Both?
Backup/Archivep
using independent keys
77
Segregate Private Information?
Doesn’t scale
Not possible?Not possible?
88
Storage Encryption
Changes a large secret
All of your data on your siteAll of your data on your site
Into a small secret
Key
If d t f ll i t th h dIf data falls into the wrong hands
“The First Secret” separates authorized from attacker
99
What is the status?
Tactical improvements
It is not possible to process encrypted dataIt is not possible to process encrypted data
BAND-AID® strategy
First secret problem
Need for enterprise key managementNeed for enterprise key management
100k keys in the clear
Rogue employee
St t i i tStrategic improvements
Will take time
1010
What we know about the past
Raid is not an information security measure
8+1 1/9 of the data is in the clear on each drive8+1, 1/9 of the data is in the clear on each drive
Not spread by byte, 4k at a time
Hacking, Viruses are known problems
Disk wiping is a human intensive process
Potential for mistakes; Broken drives?
Encryption Appliances?Encryption Appliances?
DRM is an impossible dream?
Insiders are and continue to be a threat
1111
“Prediction is very difficult,Prediction is very difficult,
especially about the future.”
Niels Bohr
1212
What we know about the Future
Cryptography built into the hardware
Sun Niagara, Intel Westmere*
Algorithms being improved
IEEE P1619 family
Storage encryption built into the OSStorage encryption built into the OS
BitLocker, Encrypted ZFS
Identity Management Maturing
K t i till d hKey management is still ad hoc
Forensics will get harder
Humans will still be in the processHumans will still be in the process
Key Management
Data Destruction
13
*According to Wikipedia
13
Storage Configurations
Local disk
SCSI
eSATA
USB
Protection from media loss
Physical tampering
1414
Storage Configurations
Network Files
Data Stored at File Server
File Server protects the disks
1515
Storage Configurations
Network Files
Tunnel protects the network
File Server protects the disks
Three times the work
1616
Storage Configurations
Network Files
Data encrypted by
network filer client
1717
Storage Configurations
Remote Disks
Encrypted in driver or HBA
1818
StorageStorage
Security
vs
NetworkNetwork
Securityy
Storage Security vs Network Security
Storage is a network with a potential infinite latency
D-H key agreement not possibleD H key agreement not possible
Storage Reader may not exist when written
Requires OOB key communication
2020
Security Attributes of Secure Storage
Privacy
Algorithm and Birthday boundsAlgorithm and Birthday bounds
Ciphertext feedthrough
Integrity
M ll bilit f i h t tMalleability of ciphertext
Cut and paste
Authentication
Key management
Non repudiation
2121
Key Management
Requirements are simple
“Don't lose the keys”Don t lose the keys
“Don't give the keys to the wrong people”
C bi thi ith th OOB k i tCombine this with the OOB key requirement
Many organizations working on this
Companies, Standards, etc.p , ,
2222
ExistingExisting
Systems
d S land Sample
AttacksAttacks
Existing Systems and Sample Attacks
Existing systems
Mac OSX FilevaultMac OSX Filevault
Vista Bitlocker
Tape encryption (various vendors)
F t re S stemsFuture Systems
Encrypted ZFS (OpenSolaris project)
http://opensolaris.org/os/project/zfs-crypto/
2424
Mac OSX Filevault and others
Algorithm and Birthday bounds
Leaks information after the birthday bounds.Leaks information after the birthday bounds.
64 bit block ciphers insufficient
CBC implementation
No room for integrity fieldNo room for integrity field
Cut and paste
Malleability of ciphertext
Ciphertext feedthrough
Selective Replay
2525
Feedthrough
2626
Splice attack
2727
Malleability
2828
Vista BitLocker, P1619.0, P1619.1
Tweaked block cipher
Like adding public info to key, e.g. Sector numberLike adding public info to key, e.g. Sector number
Still no integrity field
Large block PRP
Eliminates pre io s attacksEliminates previous attacks
Allows determining if data is returned
Detect A→B and then later B→A
Replay of individual blocks (P1619.0)
Replay of individual sectors (BitLocker, .1)
2929
Long TermLong Term
Prediction
f Ad tiof Adoption
Tape encryption
Tape offers variable blocksize
Room for integrity fieldRoom for integrity field
LTO, IBM, and Sun
Implement AES in CCM or GCM mode
All f t t d i ill t i thi f tAll future tape drives will contain this feature
Similar to tape compression
3131
ZFS encryption
ZFS is a log structured file system
Utilizing copy on writeUtilizing copy on write
Data is not overwritten
Data not just stored in sectors
http //en ikipedia org/ iki/ZFShttp://en.wikipedia.org/wiki/ZFS
Room for an integrity field
Complete Merkle treep
Validating the entire filesystem
Hashes for level x stored in level x-1
3232
ZFS tree
uberuber
md md
md md
d1 d2 d3 d4
3333
ZFS tree
uberuber
md md
md md
d1 d2 d3 d4d2' d3'
3434
ZFS tree
uberuber
md mdmd
md mdmd md
d1 d2 d3 d4d2' d3'
3535
ZFS tree
uberuber
md mdmd
md mdmd md
d1 d2 d3 d4d2' d3'
3636
ZFS tree
uberuber
mdmd
md md
d1 d4d2' d3'
3737
ZFS tree
uberuber
mdmd
md md
d1 d4d2' d3'
3838
ZFS
Overwriting a file 7 times does not erase the data
Encrypted data keeps hashes in the MetaData TreeEncrypted data keeps hashes in the MetaData Tree
When the user is not logged in, the administrator can
not see the data
Backup should be in the clear or under a separately
managed key so that users are not vulnerable to key
lossloss
3939
Feedthrough Malleability Cut Paste CipherBlock Reply Sector Reply Disk Replay
Filevault ✔ ✖ ✖ ✖ ✖ ✖
P1619.1 ✔ ✔ ✔ ✖ ✖ ✖
P1619.2 ✔ ✔ ✔ ✖ ✖ ✖
BitLocker/TPM ✔ ✔ ✔ ✔ ✖ ✖
eTape ✔ ✔ ✔ ✔ ✔ ✖
eZFS ✔ ✔ ✔ ✔ ✔ ✖
eZFS/TPM ✔ ✔ ✔ ✔ ✔ ✔
4040
Performance vs Trends in Computers
Measured AES, 100MB/s, on Laptop
This is only going to go upThis is only going to go up
Single disk performance 40MB/s
Relatively constant (until Flash)
Fi t h l tFirst access has latency
Subsequent access access in RAM buffer
This level of performance is “free”p
In the OS is “free”
“Security is an expectation, not a market”
4141
Single Socket Crypto Performance
J. Hughes, G. Morton, J. Pechanec, C. Schuba, L. Spracklen, B. Yenduri, Transparent Multi-core Cryptographic Support on
Niagara CMT Processors, Proceedings of the Second International Workshop on Multicore Software Engineering (IWMSE09), co-
located with the 31st International Conference on Software Engineering (ICSE) May 16 24 2009 Vancouver Canada pdf
4242
located with the 31st International Conference on Software Engineering (ICSE), May 16-24, 2009, Vancouver, Canada, pdf
Deployment Strategy
Two pronged attack
Existing machines that contain sensitive informationExisting machines that contain sensitive information
This not adequate as all machines get sensitive stuff
New machines
Make Storage Security a requirement for new systemsMake Storage Security a requirement for new systems
4343
Long Term Prediction of Adoption
Computers are fast enough
OS vendors will add for freeOS vendors will add for free
Storage Encryption Technology is maturing
At least password protected
Th iThere is no reason not to encrypt
In the future, not encrypting your
storage will be like using telnetstorage will be like using telnet
instead of ssh
4444
Areas for Future Research
Non-Repudiation
Secure and Reliable Human authenticationSecure and Reliable Human authentication
Affordable Tamper Responsive Hardware
Key management for machine hibernation
Encrypted boot
4545
Conclusion
Storage contains personal information
Storage Security vs Network SecurityStorage Security vs Network Security
Security Attributes of Secure Storage
Existing Systems and Sample Attacks
Performance vs Trends in Computers
Long Term Prediction of Adoption
Areas for Future ResearchAreas for Future Research
4646
Apply
Categorize your storage
Servers, laptops, thumb drives, tapes, desktopsServers, laptops, thumb drives, tapes, desktops
Categorize the keys that you already have
SSH 509 PGP l t tiSSH, x509, PGP, laptop encryption
Create a long term plang p
Including key management
Create standards for new deploymentsCreate standards for new deployments
Include encrypted storage
4747
Fin
4848
本文档为【HOST-403_final】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。