Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Storage Security Using Cryptographic Splitting
David DodgsonUnisys
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Objectives
Learn about cryptographic splitting: what it is, and how it can be used. Learn how splitting can be combined with other encryption methods to provide strong data protection. Learn how a storage appliance using these methods can be used to provide secure, highly available access to data.Learn how a storage appliance can be used to limit access to data to members of a community of interest at less cost than traditional methods.
2
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Cryptographic Splitting
Cryptographic splitting is an algorithm that splits a stream of bits into N shares
Splitting is done at the bit levelSplitting is controlled by a keySplitting is performed randomly
3
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Video on Cryptographic Splitting
“Stealth for SAN” video at http://www.unisys.com/unisys/ri/videos/index.jsp?id=1200002
4
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Strong Data Protection
A combination of algorithms is used to provide strong data protection.
AES-256A block of data is first encrypted
Cryptographic SplittingThe encrypted bits are then split into N shares
SHA-256Each individual share is hashed
5
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Keys
Workgroup KeyExternalSymmetric, 256 bits
Session KeyInternalContains encryption, splitting, and hash keysEncrypted with the Workgroup keyUsed on no more than 64GB of data
6
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Storage Using Splitting
Data is encrypted and split into N sharesEach share is saved on a separate disk
The loss of any one disk cannot compromise the data
A storage appliance in the SAN performs the encryption
The appliance has a hardware assist to improve performance
7
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
SAN Configuration
8
Application Server
EMC, Hitachietc
SANJBO
D
IP
NAS
File System
I: F1J: F2K: F3L: F4M: DB1
L03
o o o
DB’sFiles
JBOD
...
(I) (J) (L)
JBOD
(K)
Existing Storage Enterprise
LUN01 CIFS01 iSCSI2 LUN02 LUN03
LUN03LUN02...
(M)
LUN01 CIFS01 iSCSI02
L01 C01 i02 L02
Application Server
File System
DB’sFiles Files
L04.a
SANJBO
D IP
SSA
I: F1J: F2K: F3L: F4M: DB1T: sF5U: sDB1
SSA enabled Storage Enterprise- Encrypted data “shred” across multiple physical locations
o Highly secure, highly available- Transparent to Application Servers
L04.b L04.c L04.dNew secure F5
L05.a L05.b L05.c L05.dSecure copy of DB1
DB’s
EMC, HitachietcNASJBOD
LUN01
o o o(I) (J) (L)(K)
LUN01 CIFS01 iSCSI2 LUN02 LUN03
(M)
JBOD
LUN04 LUN05
LUN90i03C01
(T) (U)
L03L01 C01 i02 L02
JBOD
i04i02 L80L02 L81L03
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Storage Pools
A Storage Pool is a collection of storage sharesFor example, four disks could be used where the data is split into four shares where the back-end storage is disksOr, each back-end share could be from a RAID’ed array
Shares should be distributed across the data centerReduces loss through theft or attackReduces loss through failure (different circuits and sprinklerheads)
9
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Storage Volumes
A Storage Volume is storage allocated for a specific use
The volume is presented as a virtual disk to a client.
It is allocated from a storage pool.
10
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Secure Volumes
Volume storage is protected by encryptionEach volume has a single workgroup keyA volume may have multiple session keys, depending on size
Volume access is protected by maskingA volume is only visible to configured external portsI/O request from unconfigured ports are ignored
11
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Communities of Interest
Storage may be configured for a specific community of interest
Each volume has a key specific to its communityAccess can be restricted to only the application server that needs itThe size of the volume is configured to be only what is neededMultiple volumes may be allocated from a single storage pool
12
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
COI Example
13
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Redundancy
The splitting algorithm provides redundancySpecified as “M of N” where N is the number of shares and M is the minimum number required
For example, “2 of 4” means that data is written to 4 shares, but only 2 reads are required to reconstitute the data
Provides multi-location protectionFor example, 2 shares could be local and 2 remote
Provides multi-layer protectionFor example, RAID 5+0 could use 4 of 4 to provide striping at the appliance talking to 4 storage devices providing RAID 5
14
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Error Handling
Various errors can be detected and handledI/O error
Probably due to missing share, rebuild laterBad SHA result
Probably due to transmission error or data corruption, retry or rebuild
Bad merge resultProbably due to out-of-date share, rebuild
Bad decryption resultProbably due to bad data, rebuild
Rebuild is done automatically when a share’s devices return to service
15
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Disaster Recovery
Multi-pathingAn application server may access data through multiple pathsThe appliance may do the same
Geographic dispersalAs long as at least M shares are available at any location, the data is available
ClusteringAppliances can be combined in a cluster to protect against failure and improve performance (hot/hot)
16
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
SAN Network
17
StorageSubsystems
Host 1
StorageSubsystems
Host 2
Location 1
Location 2
ISL (via IP)
Cluster (via IP)
SAN Switch SSASSA
Console
Key Mgr(3P)
SAN Switch
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Rekeying
Workgroup keyRekey the session keys
Session keysRekey the data, one session key at a time
Use the old key to access data while rekeying is performed in the background
18
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Caching
Front-endRecently accessed data can be saved on the appliance
Data doesn’t have to be decryptedPrimarily improves read performance
Back-endData for remote shares can be saved locally
Saved in encrypted formatPrimarily improves write performance
19
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Advantages
Data is protected throughout the SANData is safe from eavesdroppers
Multiple sharesNo single disk has all the data
Virtualization and encryption provide COI’sMultiple COI’s on a disk provide more efficient use of storage
Data encrypted with a single key is limitedNo more than 64 GB encrypted with a key
20
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Advantages
Safer redundancy RAID-5 algorithm provides additional information to attackers
Centralized key management The appliance can access key life-cycle management
Improved access Rekeying and rebuilding are done in the background
Improved performance Using hardware assist
21
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Disadvantages
Greater complexity in the SAN and configurationRedundancy algorithm more storage intensive
22
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Summary
Cryptographic splitting allows blocks of bits to be randomly split into different shares. Combining splitting with standard encryption methods provides a very strong form of data protection. A storage appliance can be used to provide high availability, and secure access to data in a SAN by members of individual communities of interest (COIs).
23
Storage Developer Conference 2009 © 2009 Unisys Corp. All rights reserved.
Links
Unisys Corporationhttp://www.unisys.comSecurity First Corp. http://www.securityfirstcorp.com
24
Top Related