Data storage security

Project description

The most valuable asset in today's information society is data, which must be stored, backed-up, and archived. Many modern storage systems secure the data using cryptography.

Protecting data at rest in storage systems poses new challenges compared to protecting data in flight, which has been the focus of communication security for some time and is well understood today. One notable difference between these two problems is that communication channels typically use a streaming interface with first-in/first-out (FIFO) characteristic, whereas storage systems must provide random access to small portions of the stored data. New techniques are needed to provide security in this context, particularly in order to protect the integrity of stored data efficiently.

Key management for secure storage

KeysKey management is the Achilles' heel of cryptography. Keys that guard encrypted data in a storage system must be available in order to access the data, yet they be guarded closely. In collaboration with IBM System Storage and IBM Tivoli Security software, we are developing novel solutions for key management.

The research project on key lifecycle management for secure storage is in collaboration with our Storage Technologies department.

Multi-cloud Storage Toolkit

Software toolkit logoOur Multi-cloud Storage Toolkit maintains data in a cloud of clouds, which results from connecting the services of multiple separate cloud providers to deliver one highly resilient and secure service. Data stored on the cloud of clouds is not affected by an outage of one cloud provider and remains protected against security incidents on any individual cloud.

Storage integrity

Data integrityProtecting data integrity is important for all kinds of information stored remotely. Today, many users maintain data in the cloud at remote providers and collaborate with each other using shared data repositories. If the stored data is altered by accidental or malicious changes, it becomes meaningless. Integrity protection prevents such violations through strong cryptography.