Article

Design, implementation and evaluation of security in iSCSI-based network storage systems

Authors:

Shiva Chaitanya,

Anand Sivasubramaniam,

Patrick McDaniel,

Murali VilayannurAuthors Info & Claims

StorageSS '06: Proceedings of the second ACM workshop on Storage security and survivability

Pages 17 - 28

https://doi.org/10.1145/1179559.1179564

Published: 30 October 2006 Publication History

Abstract

This paper studies the performance and security aspects of the iSCSI protocol in a network storage based system. Ethernet speeds have been improving rapidly and network throughput is no longer considered a bottleneck when compared to Fibre-channel based storage area networks. However, when security of the data traffic is taken into consideration, existing protocols like IPSec prove to be a major hindrance to the overall throughput. In this paper, we evaluate the performance of iSCSI when deployed over standard security protocols and suggest lazy crypto approaches to alleviate the processing needs at the server. The testbed consists of a cluster of Linux machines directly connected to the server through a Gigabit Ethernet network. Micro and application benchmarks like BTIO and dbench were used to analyze the performance and scalability of the different approaches. Our proposed lazy approaches improved through-put by as much as 46% for microbenchmarks and 30% for application benchmarks in comparison to the IPSec based approaches.

References

[1]

Linux iSCSI Target Implementation, ARDIS Technologies. http://www.ardistech.com/iscsi.

[2]

Open-iSCSI Project, A Multi-Platform Implementation of iSCSI RFC. http://www.open-iscsi.org.

[3]

A. Chadda and A. Palekar and R. Russel and N. Ganapathy. Design, implementation and performance analysis of the iSCSI protocol for SCSI over TCP/IP. In Proceedings of the Internetworking 2003 conference 2003.

Digital Library

[4]

M. Aguilera, M. Ji, M. Lillibridge, J. Maccormick, E. Oertli, D. Andersen, M. Burrows, T. Mann, and C. Thekkath. Block-level Security for Network-Attached Disks. In Proceedings of the Conference on File and Storage Technologies 2003.

Digital Library

[5]

D.H. Bailey, E. Barszcz, J.T. Barton, D.S. Browning, R.L. Carter, D. Dagum, R.A. Fatoohi, P.O. Frederickson, T.A. Lasinski, R.S. Schreiber, H.D. Simon, V. Venkatakrishnan, and S.K. Weeratunga. The NAS Parallel Benchmarks. The International Journal of Supercomputer Applications pages 63--73, Fall 1991.

[6]

M. Blaze. A Cryptographic File System for UNIX. In Proceedings of the ACM Conference on Computer and Communications Security pages 9--16, 1993.

Digital Library

[7]

E.D. Burgh. SAN Security Beyond Segmentation, 2004. http://www.sans.org/rr/whitepapers/honors/1489.php.

[8]

D. Xinidis and M.D. Flouris and A. Bilas. Performance Evaluation of Commodity iSCSI-based Storage Systems. In Proceedings of the Twenty Second IEEE, Thirteenth NASA Goddard Conference on Mass Storage Systems and Technologies 2005.

Digital Library

[9]

T.W. Draft. Information Technology -SCSI Object Based Storage Device Commands (OSD). http://www.t10.org/ftp/t10/drafts/osd/osd-r10.pdf.

[10]

E. Miller and W. Freeman and D. Long and B. Reed. Strong Security for Network-Attached Storage. In Proceedings of the Conference on File and Storage Technologies 2002.

Digital Library

[11]

F. Tomonori and O. Masanori. Performance of Optimized Software Implementation of iSCSI. In Proceedings of the Workshop on Storage Network Architecture and Parallel I/Os (SNAPI) 2003.

Digital Library

[12]

K. Fu, M.F. Kaashoek, and D. Mazieres. Fast and Secure Distributed Read-only File System. In Proceedings of the Usenix Symposium on Operating Systems Design and Implementation pages 181--196, October 2000.

Digital Library

[13]

G. Caronni and H. Lubich and A. Aziz and T. Markson and R. Skrenta. SKIP-securing the Internet. In Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96) page 62, Washington, DC, USA, 1996. IEEE Computer Society.

Digital Library

[14]

G.R. Goodson and J.J. Wylie and G.R. Ganger and M.K. Reiter. Efficient Byzantine-Tolerant Erasure-Coded Storage. In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04) page 135, Washington, DC, USA, 2004. IEEE Computer Society.

Digital Library

[15]

E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing Remote Untrusted Storage. In Proceedings of the Internet Society Network and Distributed Systems Security Symposium 2003.

[16]

H. Gobioff and D. Nagle and G. Gibson. Integrity and Performance in Network Attached Storage. Technical Report CMU-CS-98--182, Carnegie Mellon University -School of Computer Science, 1998.

[17]

H. Gobioff and G. Gibson and D. Tygar. Security for Network Attached Storage Devices. Technical Report CMU-CS-97-185, Carnegie Mellon University -School of Computer Science, 1997.

[18]

H.M. Khosravi and A. Joglekar. Performance Characterization of iSCSI processing in a server platform. In Proceedings of the Twenty Fourth IEEE International Performance Computing and Communications Conference 2005.

[19]

M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus - Scalable Secure File Sharing on Untrusted Storage. In Proceedings of the Conference on File and Storage Technologies pages 29--42, March 2003.

Digital Library

[20]

M. Abd-El-Malek and G.R. Ganger and M.K. Reiter and J.J. Wylie and G.R. Goodson. Lazy Verification in Fault-Tolerant Distributed Storage Systems. In Proceedings of the 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05) pages 179--190, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[21]

E. Riedel, M. Kallahalla, and R. Swaminathan. A Framework for Evaluating Storage System Security. In Proceedings of the Conference on File and Storage Technologies pages 15--30, 2002.

Digital Library

[22]

S-Yi Tang and Y. Lu and D. Du. Performance Study of Software-based iSCSI Security. In Proceedings of the First International IEEE Security in Storage Workshop 2002.

Digital Library

[23]

J.D. Strunk, G.R. Goodson, M.L. Scheinholtz, C.A.N. Soules, and G.R. Ganger. Self-Securing Storage: Protecting Data in Compromised Systems. In Proceedings of the Usenix Symposium on Operating Systems Design and Implementation pages 165--180, October 2000.

Digital Library

[24]

W.T. Ng and H. Sun and B. Hillyer and E. Shiver and E. Gabber and B. Ozden. Obtaining high performance for storage outsourcing. In Proceedings of the 2001 ACM SIGMETRICS Conference on Measurement and Modeling of Computer Systems 2001.

Digital Library

[25]

J.J. Wylie, M.W. Bigrigg, J.D. Strunk, G.R. Ganger, H. Kilite, and P.K. Khosla. Survivable Information Storage Systems. IEEE Computer 33(8):61--68, August 2000.

Digital Library

[26]

X. He and Q. Yang. A Caching Strategy to improve iSCSI performance. In Proceedings of the Twenty Seventh Annual IEEE International Conference on Local Computer Networks 2002.

Digital Library

[27]

Y. Shastry and S. Klotz and R. Russell. Evaluating the effect of iSCSI protocol parameters on performance. In Proceedings of the Parallel and Distributed Computing and Networks 2005.

Cited By

Bates ATian DButler KMoyer T(2015)Trustworthy whole-system provenance for the Linux kernelProceedings of the 24th USENIX Conference on Security Symposium10.5555/2831143.2831164(319-334)Online publication date: 12-Aug-2015
https://dl.acm.org/doi/10.5555/2831143.2831164
Civilini MVillari MBrandic ITusa F(2012)The Security of Cloud InfrastructureAchieving Federated and Self-Manageable Cloud Infrastructures10.4018/978-1-4666-1631-8.ch009(158-175)Online publication date: 2012
https://doi.org/10.4018/978-1-4666-1631-8.ch009
Bilski T(2012)IP Storage Security AnalysisComputer Networks10.1007/978-3-642-31217-5_24(216-228)Online publication date: 2012
https://doi.org/10.1007/978-3-642-31217-5_24
Show More Cited By

Index Terms

Design, implementation and evaluation of security in iSCSI-based network storage systems
1. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

iSCSI Simulation Study of Storage System
UKSIM '08: Proceedings of the Tenth International Conference on Computer Modeling and Simulation

Demands for more storage in the industry has increased beyond that the traditional storage mechanisms can supply and thus, the concept of Storage Area Networks (SANs) has evolved. This has resulted in the design of iSCSI (Internet SCSI) protocols that ...
The architecture and performance evaluation of iSCSI-based United Storage Network merging NAS and SAN

With the ever increasing amount of data in network, the traditional storage architecture is challenged greatly, more and more people are beginning to pay attention to network storage. Currently, the main technologies of network storage are Network ...
Research and Implement of Security iSCSI Based on SSL
ICIC '11: Proceedings of the 2011 Fourth International Conference on Information and Computing

iSCSI is a standard network storage protocol. The working theory and security mechanism of iSCSI were studied and the threat of this protocol was pointed out. In order to improve performance, we put forward a secure iSCSI scheme based on SSL. A secure ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

StorageSS '06: Proceedings of the second ACM workshop on Storage security and survivability

October 2006

94 pages

ISBN:1595935525

DOI:10.1145/1179559

Program Chairs:
Ethan L. Miller
University of California, Santa Cruz
,
Erez Zadok
Stony Brook University

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30, 2006

Virginia, Alexandria, USA

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
1,056
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bates ATian DButler KMoyer T(2015)Trustworthy whole-system provenance for the Linux kernelProceedings of the 24th USENIX Conference on Security Symposium10.5555/2831143.2831164(319-334)Online publication date: 12-Aug-2015
https://dl.acm.org/doi/10.5555/2831143.2831164
Civilini MVillari MBrandic ITusa F(2012)The Security of Cloud InfrastructureAchieving Federated and Self-Manageable Cloud Infrastructures10.4018/978-1-4666-1631-8.ch009(158-175)Online publication date: 2012
https://doi.org/10.4018/978-1-4666-1631-8.ch009
Bilski T(2012)IP Storage Security AnalysisComputer Networks10.1007/978-3-642-31217-5_24(216-228)Online publication date: 2012
https://doi.org/10.1007/978-3-642-31217-5_24
Chaitanya SUrgaonkar BSivasubramaniam A(2008)QDSLACM SIGMETRICS Performance Evaluation Review10.1145/1384529.137549036:1(289-300)Online publication date: 2-Jun-2008
https://dl.acm.org/doi/10.1145/1384529.1375490
Chaitanya SUrgaonkar BSivasubramaniam ALiu ZMisra VShenoy P(2008)QDSLProceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems10.1145/1375457.1375490(289-300)Online publication date: 2-Jun-2008
https://dl.acm.org/doi/10.1145/1375457.1375490
Mao BFeng DWu SChen JZeng L(2008)Performance-Directed iSCSI Security with Parallel EncryptionProceedings of the 22nd International Conference on Advanced Information Networking and Applications10.1109/AINA.2008.91(855-860)Online publication date: 25-Mar-2008
https://dl.acm.org/doi/10.1109/AINA.2008.91
Butler KMcLaughlin SMcDaniel PNing PAtluri V(2007)Non-volatile memory and disks:Proceedings of the 2007 ACM workshop on Computer security architecture10.1145/1314466.1314479(77-84)Online publication date: 2-Nov-2007
https://dl.acm.org/doi/10.1145/1314466.1314479

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents