PDL Abstract

High-Performance Security for Network Attached Storage

Carnegie Mellon University Technical Report CMU-CS-98-182, December 1998.

Howard Gobioff, David F. Nagle*, Garth A. Gibson

School of Computer Science
Department of Electrical and Computer Engineering*
Carnegie Mellon University
Pittsburgh, PA 15213

Computer security is of growing importance in the increasingly networked computing environment.This work examines the issue of high-performance network security, specifically integrity, by focusing on integrating security into network storage system. Emphasizing the cost-constrained environment of storage, we examine how current software-based cryptography cannot support storage's Gigabit/sec transfer rates. To solve this problem, we introduce a novel message authentication code, based on stored message digests. This allows storage to deliver high-performance, a factor of five improvement in our prototype's integrity protected bandwidth, without hardware acceleration for common read operations. For receivers, where precomputation cannot be done, we outline an inline message authentication code that minimizes buffering requirements.

FULL PAPER: pdf / postscript