| To guarantee the availability, confidentiality and integrity of storage data in the case that host systems or client systems are compromised, one trend of storage security is to import security functionality into the storage devices. Self-securing disk is a new direction on how to make the storage devices such as disk active and immune.We design an efficient self-securing disk architecture, which is based on traditional self-securing storage prototype S4: 1) On the confidentiality protection side,authenticated encryption mode GCM is adapted to process disk block in parallel ,and authentication latency is overlapped with disk access latency so that our scheme is more efficient and secure than Windows BitLocker. 2) On the integrity protection side, GHASH proposed in GCM is used to generate MAC which is more efficient than SHA-1, MD5. Moreover,"Minimum Integrity Verification Tree"is put forward to decrease performance loss at a maximum. 3) On the access control protection side, we propose a cryptographically featured capability based access control model, which is based on existing OSD access control model.We use hybrid hard drive as an instance to build a self-securing disk prototype which is implemented by simulation. The encryption/authentication overheads are significantly reduced due to buffer techniques and combined GCM/Flash scheme. According to the simulation results, the performance overhead is less than 18%, which is efficient and practical. |
PDF Full Text Request