Abstract
Computer security is of growing importance in the increasingly networked computing environment. This work examines the issue of high-performance network security, specifically integrity, by focusing on integrating security into network storage system. Emphasizing the cost-constrained environment of storage, we examine how current software-based cryptography cannot support storage's Gigabit/sec transfer rates. To solve this problem, we introduce a novel message authentication code, based on stored message digests. This allows storage to deliver high-performance, a factor of five improvement in our prototype's integrity protected bandwidth, without hardware acceleration for common read operations. For receivers, where precomputation cannot be done, we outline an inline message authentication code that minimizes buffering requirements.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Advance Encryption Standard, http//www.nist.gov/aes
Anderson, R. and Biham, E. “Tiger: A Fast New Hash Function” Proceedings of the Third Workshop on Fast Software Encryption, 1996. Published as Lecture Notes in Computer Science-1039, Springer-Verlag.
Bellare, M., Canetti, R., and Krawczyk, H., “Keying Hash Functions for Message Authentication”, Advances in Cryptology: Crypto '96 Proceedings, Springer-Verlag, 1996.
Bellare, M., Guerin, R., and Rogaway, P., “XOR MACs: New methods for message authentication using finite pseudorandom functions”. Advances in Cryptology: Crypto '95 Proceedings, Springer-Verlag, 1995
Federal Information Processing Standard Publication 180-1, “Secure Hash Standard”, April 1995.
Federal Information Processing Standards Publication 46-3 (draft), “Data Encryption Standard”, January 15th, 1999.
Fibre Channel Association, http://www.fibrechannel.com
HiFn 7711 Data Sheet, http://www.hifn.com
Gibson, G., Nagle, D., Amiri, K., Chang, F., Feinberg, E., Gobioff, H., Lee, C., Ozceri, B., Riedel, E., Rochberg, D., Zelenka, J. “File Server Scaling with Network-Attached Secure Disks”. Proceedings of the SIGMETRICS 1997. June, 1997.
Gibson, G., Nagle, D., Amiri, K., Butler, J., Chang, F., Gobioff, H., Hardin, C., Riedel, E., Rochberg, D., Zelenka, J. “A Cost-Effective, High-Bandwidth Storage Architecture”, Proceedings of SPLOS VIII, 1998.
Gobioff, H., Gibson, G., Tygar, J.D., “Security for Network Attached Storage Devices”, Technical Report CMU-CS-97-185, 1997.
Kaashoek, M. F., Engler, D. R., Ganger, G. R., Wallach, D. A., “Server Operating Systems”, 1996 SIGOPS European Workshop. Connemara, Ireland, 1996.
McKusick, M.K. et al., A Fast File System for UNIX, ACM TOCS 2, August 1984.
Prencel, B., Rijmen, V., Bosselaers, A., “Principles and Performance of Cryptographic Algorithms”, Dr. Dobb's Journal, December, 1998.
Rivest, R., “The MD5 Message-Digest Algorithm,” RFC 1321, Apr. 1992.
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, Inc. 1998
Smith, S., Weingart, S., “Building a High-Performance, Progammable Secure Coprocesor”. IBM Research Report RC 21102, February 1998.
Yee, B. Tygar, J.D., “Secure coprocessors in electronic commerce applications”. Proceedings of the 1st USENIX Workshop on Electronic Commerce. July 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gobioff, H., Nagle, D., Gibson, G. (1999). Integrity and performance in network attached storage. In: Polychronopoulos, C., Fukuda, K.J.A., Tomita, S. (eds) High Performance Computing. ISHPC 1999. Lecture Notes in Computer Science, vol 1615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0094926
Download citation
DOI: https://doi.org/10.1007/BFb0094926
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65969-3
Online ISBN: 978-3-540-48821-7
eBook Packages: Springer Book Archive