Data storage security

The most valuable asset in today's information society is data, which must be stored, backed-up, and archived. Many modern storage systems secure the data using cryptography.

Protecting data at rest in storage systems poses new challenges compared to protecting data in flight, which has been the focus of communication security for some time and is well understood today. One notable difference between these two problems is that communication channels typically use a streaming interface with first-in/first-out (FIFO) characteristic, whereas storage systems must provide random access to small portions of the stored data. New techniques are needed to provide security in this context, particularly in order to protect the integrity of stored data efficiently.

Key management is the Achilles' heel of cryptography. Keys that guard encrypted data in a storage system must be available in order to access the data, yet they be guarded closely. In collaboration with IBM System Storage and IBM Tivoli Security software, we are developing novel solutions for key management.

The research project on key lifecycle management for secure storage is in collaboration with our Storage Technologies department.

The intercloud storage toolkit maintains data in a cloud of clouds. The intercloud results from connecting the services of multiple separate cloud providers together to deliver one highly resilient and secure service. Data stored on the intercloud is not affected by an outage of one cloud provider and remains protected against security incidents on any individual cloud.

Protecting data integrity is important for all kinds of information stored remotely. Today, many users maintain data in the cloud at remote providers and collaborate with each other using shared data repositories. If the stored data is altered by accidental or malicious changes, it becomes meaningless. Integrity protection prevents such violations through strong cryptography.