|
Storage systems have undergone a tremendous evolution in the past
few years. Today, storage space is typically provided by complex
networked systems, in which clients communicate with storage servers
over a network. In the near future, networked storage systems will
extend beyond the server room, and their security will become a
prime concern. Many data storage systems will soon rely on cryptographic
protection methods as a key technology.
Protecting "data at rest" in storage systems poses new challenges
compared to protecting "data in flight", which has been the focus
of communication security for some time and is well understood today.
One notable difference between these two problems is that a communication
channel typically uses a streaming interface with FIFO characteristic,
whereas a storage system must provide random access to small portions
of the stored data. New techniques are needed for providing security
in this context, in particular for protecting the integrity of stored
data efficiently and for key management.
Methods for cryptographic storage protection are well known, but
few have been widely used in practice. Concerns about the overhead
involved have so far prevented their pervasive use. But new privacy
regulations have recently been introduced that mandate encryption
for certain environments; this explains why the industry is actively
working on strong cryptographic protection methods for data storage
systems.
An important aspect is key management. Keys have a lifecycle, just
like the data they protect. We are working on novel and flexible
methods to support this requirement.
|
