4/13/2007 Master's Project Proposal 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers Project Proposal Master of Science in Computer Science.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Beyond NAS and SAN: The Evolution of Storage Marc Farley Author Building Storage Networks.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
IP –Based SAN extensions and Performance Thao Pham CS 622 Fall 07.
Modifying the SCSI / Fibre Channel Block Size Presented by Keith Bonneau, John Chrzanowski and Craig O’Brien Advised by Robert Kinicki and Mark Claypool.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Securing iSCSI for Data Backup and Disaster Recovery JAMES HUGHES CS526 5/03/05 James W. Hughes 1.
5/8/2006 Nicole SAN Protocols 1 Storage Networking Protocols Nicole Opferman CS 526.
Storage Area Network (SAN)
Storage area network and System area network (SAN)
Storage Networking Technologies and Virtualization Section 2 DAS and Introduction to SCSI1.
Module – 7 network-attached storage (NAS)
Implementing Failover Clustering with Hyper-V
Storage Networking. Storage Trends Storage growth Need for storage flexibility Simplify and automate management Continuous availability is required.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Investigating Serial Attached SCSI (SAS) over TCP (eSAS) and benchmarking eSAS prototype against legacy SAS UCCS Master’s Project Proposal Deepti Reddy.
© 2010 VMware Inc. All rights reserved Data Protection Module 10.
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
Module 10 Configuring and Managing Storage Technologies.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
UNIX SVR4 COSC513 Zhaohui Chen Jiefei Huang. UNIX SVR4 UNIX system V release 4 is a major new release of the UNIX operating system, developed by AT&T.
12/12/2008 Summers - SAiSCSI 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers.
Best Practices for Backup in SAN/NAS Environments Jeff Wells.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Introduction to SAN – 1: iSCSI & FCIPBITS Pilani Alumni Association ( 19, 2006 Introduction to Storage Area Networks – I iSCSI.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Module 9: Configuring Storage
Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.
Enterprise Storage A New Approach to Information Access Darren Thomas Vice President Compaq Computer Corporation.
Design and Implementation of a Linux SCSI Target for Storage Area Networks Ashish A. PalekarAnshul Chaddha, Trebia Networks Narendran Ganapathy, 33 Nagog.
Slide 1 DESIGN, IMPLEMENTATION, AND PERFORMANCE ANALYSIS OF THE ISCSI PROTOCOL FOR SCSI OVER TCP/IP By Anshul Chadda (Trebia Networks)-Speaker Ashish Palekar.
LOGO Service and network administration Storage Virtualization.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
Storage Networking Evolution Jim Morin VP Strategic Planning June 2001.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.
Knowing when to deploy DAS NAS and SAN can optimize t Availability t Scalability t Performance t Manageability t Cost effectiveness.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
VMware vSphere Configuration and Management v6
Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.
Unit 9: Distributing Computing & Networking Kaplan University 1.
The Basics of Reliable Distributed Storage Networks 姓 名 : 冼炳基 學 號 :
Internet Protocol Storage Area Networks (IP SAN)
STORAGE ARCHITECTURE/ MASTER): Where IP and FC Storage Fit in Your Enterprise Randy Kerns Senior Partner The Evaluator Group.
Storage Networking. Storage Trends Storage grows %/year, gets more complicated It’s necessary to pool storage for flexibility Intelligent storage.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
© 2007 EMC Corporation. All rights reserved. Internet Protocol Storage Area Networks (IP SAN) Module 3.4.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
July 30, 2009opsarea meeting, IETF Stockholm1 Operational Deployment and Management of Storage over the Internet David L. Black, EMC IETF opsarea meeting.
Presentation on Storage over Internet Protocol By Kulpreet Singh Gill B
Storage Networking.
What is Fibre Channel? What is Fibre Channel? Introduction
SAN (Extension Protocol & Protocol Stack)
Introduction to Networks
Direct Attached Storage and Introduction to SCSI
CIS 332 Education for Service-- tutorialrank.com
Storage Networking.
Storage Networking Protocols
Secure Asymmetric iSCSI For Online Storage
Rajeev Bhardwaj Director, Product Management
Secure Asymmetric iSCSI For Online Storage
Presentation transcript:

4/13/2007 Master's Project Proposal 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers Project Proposal Master of Science in Computer Science University of Colorado, Colorado Springs

4/13/2007 2Master's Project Proposal Introduction Explosion in data growth has given rise to need for increased storage capabilities. Explosion in data growth has given rise to need for increased storage capabilities. Increased use of online storage solutions such as iSCSI. Increased use of online storage solutions such as iSCSI. Storage solutions must provide security, privacy and accountability in line with Government regulations (SOX and HIPAA). Storage solutions must provide security, privacy and accountability in line with Government regulations (SOX and HIPAA). Standard iSCSI in combination with IPSec provides security only during transport. Standard iSCSI in combination with IPSec provides security only during transport.

4/13/2007 3Master's Project Proposal Goals Enhance the existing Efficient Asymmetric Secure iSCSI implementation. Enhance the existing Efficient Asymmetric Secure iSCSI implementation. Produce an implementation that is more complete and user friendly. Produce an implementation that is more complete and user friendly. Investigate the possibilities of using the implementation for disaster recovery. Investigate the possibilities of using the implementation for disaster recovery.

4/13/2007 4Master's Project Proposal Efficient Asymmetric Secure iSCSI Andukuri proposed an Efficient Asymmetric Secure iSCSI scheme to address security of data during transport and when in place on target. Dual-key asymmetric cryptographic enhancement of Dual-key asymmetric cryptographic enhancement of IPSec. IPSec. Payload encrypted with custom key (not shared with Payload encrypted with custom key (not shared with target). target). Packet encrypted with IPSec ESP for transportation. Packet encrypted with IPSec ESP for transportation. Packet decrypted at target. Packet decrypted at target. Payload stored in encrypted from on target. Payload stored in encrypted from on target.

4/13/2007 5Master's Project Proposal Efficient Asymmetric Secure iSCSI Implementation

4/13/2007 6Master's Project Proposal Project Proposal and Scope The current implementation is a prototype, as such improvements are possible. By examining the implementation and associated thesis, the following areas have been identified for enhancement/addition. Add Graphical User Interface for easier configuration. Add Graphical User Interface for easier configuration. Enable the transfer of files of arbitrary size. Enable the transfer of files of arbitrary size. Enable transfer of files to more than one target. Enable transfer of files to more than one target. Investigate the potential for using the implementation for Investigate the potential for using the implementation for disaster recovery. disaster recovery.

4/13/2007 7Master's Project ProposalTest-Bed The test-bed shown below was created for the previous research, it will be utilized and added to for the current project. ISCSI Initiator ISCSI Target IP = IP = Linux: Linux: open-iscsi iscsitarget

4/13/2007 8Master's Project Proposal Graphical User Interface Configuration of the current implementation is quite complex. Configuration of the current implementation is quite complex. Use of a GUI would simplify the process. Use of a GUI would simplify the process. Simplify key generation and storage. Simplify key generation and storage. User interface could be used for actual file transfers in addition to system configuration. User interface could be used for actual file transfers in addition to system configuration. Python will be used to generate the GUIs. Python will be used to generate the GUIs.

4/13/2007 9Master's Project Proposal Example of Key Generation GUI

4/13/ Master's Project Proposal Transfer of Files of Arbitrary Size Current implementation is limited to the transfer of files in multiples of 1024 bytes. Current implementation is limited to the transfer of files in multiples of 1024 bytes. Transfer of files of arbitrary size is essential to make the implementation truly viable. Transfer of files of arbitrary size is essential to make the implementation truly viable. The issue to be solved is padding the files such that problems do not arise at the iSCSI layer on the target. The issue to be solved is padding the files such that problems do not arise at the iSCSI layer on the target.

4/13/ Master's Project Proposal Transfer of Files to Multiple Targets Current implementation allows transfer to one target. Current implementation allows transfer to one target. Ability to transfer to multiple targets is beneficial. Ability to transfer to multiple targets is beneficial. Issues to be addressed Issues to be addressed Can the same keys be used for multiple transfers. Can the same keys be used for multiple transfers. For security would different keys be better. For security would different keys be better.

4/13/ Master's Project Proposal Potential Usage for Disaster Recovery In view of Government regulations regarding security, privacy and accountability of stored data, disaster recovery is of increased importance. For security, the current implementation does not share For security, the current implementation does not share the key for encrypting the payload. the key for encrypting the payload. For disaster recovery this is a problem if the initiator is destroyed. For disaster recovery this is a problem if the initiator is destroyed. No way to decrypt the payload. No way to decrypt the payload. Is there a way around this? Is there a way around this?

4/13/ Master's Project Proposal Tools UltimateP2V UltimateP2V To produce virtual machine images of the siscsi and starget test-bed machines for use on VMWare. To produce virtual machine images of the siscsi and starget test-bed machines for use on VMWare. VMWare Server VMWare Server Virtual machines on which to develop and test the implementation. Virtual machines on which to develop and test the implementation. Python Python For generation of the graphical user interfaces. For generation of the graphical user interfaces.

4/13/ Master's Project Proposal Project Deliverables Project Proposal (this document). Project Proposal (this document). GUI’s for configuration of initiator and target machines. GUI’s for configuration of initiator and target machines. User manuals for GUIs. User manuals for GUIs. Completed implementation Completed implementation Code for transfer of files of arbitrary size Code for transfer of files of arbitrary size Code for transfer of files to multiple targets Code for transfer of files to multiple targets Potential solutions for implementation of disaster recovery. Potential solutions for implementation of disaster recovery. Final project report and presentation Final project report and presentation

4/13/ Master's Project Proposal Project Proposed Schedule Project Proposal24 April 2007 Project Proposal24 April 2007 Configuration GUIs8 May 2007 Configuration GUIs8 May 2007 Arbitrary Size File Transfer Code29 May 2007 Arbitrary Size File Transfer Code29 May 2007 Transfer to Multiple Target Code11 June 2007 Transfer to Multiple Target Code11 June 2007 Investigation into feasibility of disaster recovery18 June 2007 Investigation into feasibility of disaster recovery18 June 2007 Final Project Report18 June 2007 Final Project Report18 June 2007 Presentation Materials25 June 2007 Presentation Materials25 June 2007

4/13/ Master's Project Proposal Research Interaction of SCSI and iSCSI for transfer of files over TCP/IP. Interaction of SCSI and iSCSI for transfer of files over TCP/IP. Understand how IPSec ESP is implemented and changes added in previous research. Understand how IPSec ESP is implemented and changes added in previous research. Understanding of UltimateP2V to create virtual machine images. Understanding of UltimateP2V to create virtual machine images. Understanding VMWare for installation and use of virtual machines. Understanding VMWare for installation and use of virtual machines.

4/13/ Master's Project Proposal Questions? Recommendations?

4/13/ Master's Project Proposal References 1.Ensuring Data Integrity: Logical Data Protection for Tape Systems, 2.HIPAA. Health Insurance Portability and Accountability Act 1996, 3.The Sarbanes-Oxley Act 2002, Andrew Hiles, Surviving a Computer Disaster, Engineering Management Journal, December iSCSI for Storage Networking, 6.Fibre Channel – Overview of the Technology, Ulf Troppens, Rainer Erkens and Wolfgang Müller, Storage Networks Explained: Basics and Application of Fibre Channel SAN, NAS, iSCSI and InfiniBand, 2004, Wiley & Sons Ltd, ISBN: Jane Shurtleff, IP Storage: A Review of iSCSI, FCIP, iFCP, Murthy S. Andukuri, Efficient Asymmetric Secure iSCSI, Marc Farley, Storage Networking Fundamentals: An Introduction to Storage Devices, Subsystems, Applications, Management, and File Systems, Cisco Press, 2005, ISBN Thomas C. Jepsen, Distributed Storage Networks: Architecture, Protocols and Management, 2003, Wiley & Sons Ltd, ISBN:

4/13/ Master's Project Proposal References (continued) 12.Ulf Troppens, Rainer Erkens and Wolfgang Müller, Storage Networks Explained: Basics and Application of Fibre Channel SAN, NAS, iSCSI and InfiniBand, 2004, Wiley & Sons Ltd, ISBN: Yingping Lu and David H. C. Du, Performance Study of iSCSI-Based Storage Subsystems, IEEE Communications Magazine, August 2003, pp John L. Hufferd, iSCSI The Universal Storage Connection, Addison Wesley, 2003, ISBN: X 15.iSCSI Technical White Paper, SNIA IP Storage Forum, Integration Scenarios for iSCSI and Fibre Channel. SNIA IP Storage Forum, 17.Shuang-Yi Tang, Ying-Pang Lu and David H. C. Du, Performance Study of Software-Based iSCSI Security, Proceedings of the First International IEEE Security in Storage Workshop (SISW ’02) 18.Friedhelm Schmidt, SCSI Bus and IDE Interface – Protocols, Applications and Programming, Addison-Wesley, 1995, ISBN: Irina Gerasimov, Alexey Zhuravlev, Mikhail Pershin and Dennis V. Gerasimov, Design and Implementation of a Block Storage Multi-Protocol Converter, Proceedings of the 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies (MSS’03) 20.A Conceptual Overview of iSCSI,

4/13/ Master's Project Proposal References (continued) 21.iSCSI Protocol Concepts and Implementation, 0a90e4.shtml 0a90e4.shtml 22.iSCSI Building Blocks for IP Storage Networking,

4/13/2007 Master's Project Proposal 21 Additional Slides

4/13/ Master's Project Proposal SCSI (Small Computer Systems Interface) Standard device interface bus for I/O providing both storing and connecting functions. Standard device interface bus for I/O providing both storing and connecting functions. Dominant storage protocol for many years. Dominant storage protocol for many years. Limitations: Limitations: Distance over which it can be used (several meters). Distance over which it can be used (several meters). Scalability (limited number of devices on a bus). Scalability (limited number of devices on a bus).

4/13/ Master's Project Proposal Basic SCSI Architecture

4/13/ Master's Project Proposal iSCSI End-to-end protocol to enable transportation of storage I/O block data over IP networks. End-to-end protocol to enable transportation of storage I/O block data over IP networks. Utilizing TCP an IP, iSCSI facilitates remote backup, storage and data mirroring Utilizing TCP an IP, iSCSI facilitates remote backup, storage and data mirroring Utilizes SCSI commands in its implementation. Utilizes SCSI commands in its implementation. Can be implemented using a number of HBA’s: Can be implemented using a number of HBA’s: Software Software Software with TCP Off-load Software with TCP Off-load Silicon with TCP Off-load Silicon with TCP Off-load

4/13/ Master's Project Proposal iSCSI Protocol Layering Model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.