Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/13/2007 Master's Project Proposal 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers Project Proposal Master of Science in Computer Science.

Published byMarjory Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "4/13/2007 Master's Project Proposal 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers Project Proposal Master of Science in Computer Science."— Presentation transcript:

1 4/13/2007 Master's Project Proposal 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers Project Proposal Master of Science in Computer Science University of Colorado, Colorado Springs

2 4/13/2007 2Master's Project Proposal Introduction Explosion in data growth has given rise to need for increased storage capabilities. Explosion in data growth has given rise to need for increased storage capabilities. Increased use of online storage solutions such as iSCSI. Increased use of online storage solutions such as iSCSI. Storage solutions must provide security, privacy and accountability in line with Government regulations (SOX and HIPAA). Storage solutions must provide security, privacy and accountability in line with Government regulations (SOX and HIPAA). Standard iSCSI in combination with IPSec provides security only during transport. Standard iSCSI in combination with IPSec provides security only during transport.

3 4/13/2007 3Master's Project Proposal Goals Enhance the existing Efficient Asymmetric Secure iSCSI implementation. Enhance the existing Efficient Asymmetric Secure iSCSI implementation. Produce an implementation that is more complete and user friendly. Produce an implementation that is more complete and user friendly. Investigate the possibilities of using the implementation for disaster recovery. Investigate the possibilities of using the implementation for disaster recovery.

4 4/13/2007 4Master's Project Proposal Efficient Asymmetric Secure iSCSI Andukuri proposed an Efficient Asymmetric Secure iSCSI scheme to address security of data during transport and when in place on target. Dual-key asymmetric cryptographic enhancement of Dual-key asymmetric cryptographic enhancement of IPSec. IPSec. Payload encrypted with custom key (not shared with Payload encrypted with custom key (not shared with target). target). Packet encrypted with IPSec ESP for transportation. Packet encrypted with IPSec ESP for transportation. Packet decrypted at target. Packet decrypted at target. Payload stored in encrypted from on target. Payload stored in encrypted from on target.

5 4/13/2007 5Master's Project Proposal Efficient Asymmetric Secure iSCSI Implementation

6 4/13/2007 6Master's Project Proposal Project Proposal and Scope The current implementation is a prototype, as such improvements are possible. By examining the implementation and associated thesis, the following areas have been identified for enhancement/addition. Add Graphical User Interface for easier configuration. Add Graphical User Interface for easier configuration. Enable the transfer of files of arbitrary size. Enable the transfer of files of arbitrary size. Enable transfer of files to more than one target. Enable transfer of files to more than one target. Investigate the potential for using the implementation for Investigate the potential for using the implementation for disaster recovery. disaster recovery.

7 4/13/2007 7Master's Project ProposalTest-Bed The test-bed shown below was created for the previous research, it will be utilized and added to for the current project. ISCSI Initiator ISCSI Target IP = 128.198.61.92 IP = 128.198.61.93 Linux: 2.6.12.1 Linux: 2.6.12.1 open-iscsi 0.4-434 iscsitarget-0.4.11

8 4/13/2007 8Master's Project Proposal Graphical User Interface Configuration of the current implementation is quite complex. Configuration of the current implementation is quite complex. Use of a GUI would simplify the process. Use of a GUI would simplify the process. Simplify key generation and storage. Simplify key generation and storage. User interface could be used for actual file transfers in addition to system configuration. User interface could be used for actual file transfers in addition to system configuration. Python will be used to generate the GUIs. Python will be used to generate the GUIs.

9 4/13/2007 9Master's Project Proposal Example of Key Generation GUI

10 4/13/2007 10Master's Project Proposal Transfer of Files of Arbitrary Size Current implementation is limited to the transfer of files in multiples of 1024 bytes. Current implementation is limited to the transfer of files in multiples of 1024 bytes. Transfer of files of arbitrary size is essential to make the implementation truly viable. Transfer of files of arbitrary size is essential to make the implementation truly viable. The issue to be solved is padding the files such that problems do not arise at the iSCSI layer on the target. The issue to be solved is padding the files such that problems do not arise at the iSCSI layer on the target.

11 4/13/2007 11Master's Project Proposal Transfer of Files to Multiple Targets Current implementation allows transfer to one target. Current implementation allows transfer to one target. Ability to transfer to multiple targets is beneficial. Ability to transfer to multiple targets is beneficial. Issues to be addressed Issues to be addressed Can the same keys be used for multiple transfers. Can the same keys be used for multiple transfers. For security would different keys be better. For security would different keys be better.

12 4/13/2007 12Master's Project Proposal Potential Usage for Disaster Recovery In view of Government regulations regarding security, privacy and accountability of stored data, disaster recovery is of increased importance. For security, the current implementation does not share For security, the current implementation does not share the key for encrypting the payload. the key for encrypting the payload. For disaster recovery this is a problem if the initiator is destroyed. For disaster recovery this is a problem if the initiator is destroyed. No way to decrypt the payload. No way to decrypt the payload. Is there a way around this? Is there a way around this?

13 4/13/2007 13Master's Project Proposal Tools UltimateP2V UltimateP2V To produce virtual machine images of the siscsi and starget test-bed machines for use on VMWare. To produce virtual machine images of the siscsi and starget test-bed machines for use on VMWare. VMWare Server VMWare Server Virtual machines on which to develop and test the implementation. Virtual machines on which to develop and test the implementation. Python Python For generation of the graphical user interfaces. For generation of the graphical user interfaces.

14 4/13/2007 14Master's Project Proposal Project Deliverables Project Proposal (this document). Project Proposal (this document). GUI’s for configuration of initiator and target machines. GUI’s for configuration of initiator and target machines. User manuals for GUIs. User manuals for GUIs. Completed implementation Completed implementation Code for transfer of files of arbitrary size Code for transfer of files of arbitrary size Code for transfer of files to multiple targets Code for transfer of files to multiple targets Potential solutions for implementation of disaster recovery. Potential solutions for implementation of disaster recovery. Final project report and presentation Final project report and presentation

15 4/13/2007 15Master's Project Proposal Project Proposed Schedule Project Proposal24 April 2007 Project Proposal24 April 2007 Configuration GUIs8 May 2007 Configuration GUIs8 May 2007 Arbitrary Size File Transfer Code29 May 2007 Arbitrary Size File Transfer Code29 May 2007 Transfer to Multiple Target Code11 June 2007 Transfer to Multiple Target Code11 June 2007 Investigation into feasibility of disaster recovery18 June 2007 Investigation into feasibility of disaster recovery18 June 2007 Final Project Report18 June 2007 Final Project Report18 June 2007 Presentation Materials25 June 2007 Presentation Materials25 June 2007

16 4/13/2007 16Master's Project Proposal Research Interaction of SCSI and iSCSI for transfer of files over TCP/IP. Interaction of SCSI and iSCSI for transfer of files over TCP/IP. Understand how IPSec ESP is implemented and changes added in previous research. Understand how IPSec ESP is implemented and changes added in previous research. Understanding of UltimateP2V to create virtual machine images. Understanding of UltimateP2V to create virtual machine images. Understanding VMWare for installation and use of virtual machines. Understanding VMWare for installation and use of virtual machines.

17 4/13/2007 17Master's Project Proposal Questions? Recommendations?

18 4/13/2007 18Master's Project Proposal References 1.Ensuring Data Integrity: Logical Data Protection for Tape Systems, http://www.crossroads.com/Library/WhitePapers/FeaturedWhitePapers.asp 2.HIPAA. Health Insurance Portability and Accountability Act 1996, http://www.legalarchiver.org/hipaa.htm 3.The Sarbanes-Oxley Act 2002, http://www.legalarchiver.ord/soa.htm http://www.legalarchiver.ord/soa.htm 4.Andrew Hiles, Surviving a Computer Disaster, Engineering Management Journal, December 1992 5. iSCSI for Storage Networking, http://www.snia.org/tech_activities/ip_storage/iSCSI_for_Storage_Networking.pdf 6.Fibre Channel – Overview of the Technology, http://www.fibrechannel.org/technology/overview.html http://www.fibrechannel.org/technology/overview.html 7.Ulf Troppens, Rainer Erkens and Wolfgang Müller, Storage Networks Explained: Basics and Application of Fibre Channel SAN, NAS, iSCSI and InfiniBand, 2004, Wiley & Sons Ltd, ISBN: 978-0-470-86182-0 8.Jane Shurtleff, IP Storage: A Review of iSCSI, FCIP, iFCP, http://www.iscsistorage.com/ipstorage.htm http://www.iscsistorage.com/ipstorage.htm 9.Murthy S. Andukuri, Efficient Asymmetric Secure iSCSI, http://cs.uccs.edu/~gsc/pub/master/msanduku/doc/report_final.doc http://cs.uccs.edu/~gsc/pub/master/msanduku/doc/report_final.doc 10.Marc Farley, Storage Networking Fundamentals: An Introduction to Storage Devices, Subsystems, Applications, Management, and File Systems, Cisco Press, 2005, ISBN 1-58705-162-1 11.Thomas C. Jepsen, Distributed Storage Networks: Architecture, Protocols and Management, 2003, Wiley & Sons Ltd, ISBN:0-470-85020-5

19 4/13/2007 19Master's Project Proposal References (continued) 12.Ulf Troppens, Rainer Erkens and Wolfgang Müller, Storage Networks Explained: Basics and Application of Fibre Channel SAN, NAS, iSCSI and InfiniBand, 2004, Wiley & Sons Ltd, ISBN: 978-0-470-86182-0 13.Yingping Lu and David H. C. Du, Performance Study of iSCSI-Based Storage Subsystems, IEEE Communications Magazine, August 2003, pp 76-82 14.John L. Hufferd, iSCSI The Universal Storage Connection, Addison Wesley, 2003, ISBN: 0-201-78419-X 15.iSCSI Technical White Paper, SNIA IP Storage Forum, http://www.snia.org/tech_activities/ip_storage/iSCSI_Technical_whitepaper.PDF http://www.snia.org/tech_activities/ip_storage/iSCSI_Technical_whitepaper.PDF 16.Integration Scenarios for iSCSI and Fibre Channel. SNIA IP Storage Forum, http://www.snia.org/tech_activities/ip_storage/iSCSI_FC_Integration_IPS.pdf 17.Shuang-Yi Tang, Ying-Pang Lu and David H. C. Du, Performance Study of Software-Based iSCSI Security, Proceedings of the First International IEEE Security in Storage Workshop (SISW ’02) 18.Friedhelm Schmidt, SCSI Bus and IDE Interface – Protocols, Applications and Programming, Addison-Wesley, 1995, ISBN: 0201422840 19.Irina Gerasimov, Alexey Zhuravlev, Mikhail Pershin and Dennis V. Gerasimov, Design and Implementation of a Block Storage Multi-Protocol Converter, Proceedings of the 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies (MSS’03) 20.A Conceptual Overview of iSCSI, http://docs.hp.com/en/6278/iSCSI_OV_whitepaper.pdf http://docs.hp.com/en/6278/iSCSI_OV_whitepaper.pdf

20 4/13/2007 20Master's Project Proposal References (continued) 21.iSCSI Protocol Concepts and Implementation, http://www.cisco.com/en/US/netsol/ns340/ns394/ns224/ns378/networking_solutions_white_paper09186a0080 0a90e4.shtml http://www.cisco.com/en/US/netsol/ns340/ns394/ns224/ns378/networking_solutions_white_paper09186a0080 0a90e4.shtml 22.iSCSI Building Blocks for IP Storage Networking, http://www.snia.org/tech_activities/ip_storage/iscsi/iSCSI_Building_Blocks_01.pdf http://www.snia.org/tech_activities/ip_storage/iscsi/iSCSI_Building_Blocks_01.pdf

21 4/13/2007 Master's Project Proposal 21 Additional Slides

22 4/13/2007 22Master's Project Proposal SCSI (Small Computer Systems Interface) Standard device interface bus for I/O providing both storing and connecting functions. Standard device interface bus for I/O providing both storing and connecting functions. Dominant storage protocol for many years. Dominant storage protocol for many years. Limitations: Limitations: Distance over which it can be used (several meters). Distance over which it can be used (several meters). Scalability (limited number of devices on a bus). Scalability (limited number of devices on a bus).

23 4/13/2007 23Master's Project Proposal Basic SCSI Architecture

24 4/13/2007 24Master's Project Proposal iSCSI End-to-end protocol to enable transportation of storage I/O block data over IP networks. End-to-end protocol to enable transportation of storage I/O block data over IP networks. Utilizing TCP an IP, iSCSI facilitates remote backup, storage and data mirroring Utilizing TCP an IP, iSCSI facilitates remote backup, storage and data mirroring Utilizes SCSI commands in its implementation. Utilizes SCSI commands in its implementation. Can be implemented using a number of HBA’s: Can be implemented using a number of HBA’s: Software Software Software with TCP Off-load Software with TCP Off-load Silicon with TCP Off-load Silicon with TCP Off-load

25 4/13/2007 25Master's Project Proposal iSCSI Protocol Layering Model

Download ppt "4/13/2007 Master's Project Proposal 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers Project Proposal Master of Science in Computer Science."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Beyond NAS and SAN: The Evolution of Storage Marc Farley Author Building Storage Networks.

Beyond NAS and SAN: The Evolution of Storage Marc Farley Author Building Storage Networks.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
IP –Based SAN extensions and Performance Thao Pham CS 622 Fall 07.

IP –Based SAN extensions and Performance Thao Pham CS 622 Fall 07.
Modifying the SCSI / Fibre Channel Block Size Presented by Keith Bonneau, John Chrzanowski and Craig O’Brien Advised by Robert Kinicki and Mark Claypool.

Modifying the SCSI / Fibre Channel Block Size Presented by Keith Bonneau, John Chrzanowski and Craig O’Brien Advised by Robert Kinicki and Mark Claypool.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Securing iSCSI for Data Backup and Disaster Recovery JAMES HUGHES CS526 5/03/05 James W. Hughes 1.

Securing iSCSI for Data Backup and Disaster Recovery JAMES HUGHES CS526 5/03/05 James W. Hughes 1.
5/8/2006 Nicole SAN Protocols 1 Storage Networking Protocols Nicole Opferman CS 526.

5/8/2006 Nicole SAN Protocols 1 Storage Networking Protocols Nicole Opferman CS 526.
Storage Area Network (SAN)

Storage Area Network (SAN)
Storage area network and System area network (SAN)

Storage area network and System area network (SAN)
Storage Networking Technologies and Virtualization Section 2 DAS and Introduction to SCSI1.

Storage Networking Technologies and Virtualization Section 2 DAS and Introduction to SCSI1.
Module – 7 network-attached storage (NAS)

Module – 7 network-attached storage (NAS)
Implementing Failover Clustering with Hyper-V

Implementing Failover Clustering with Hyper-V
Storage Networking. Storage Trends Storage growth Need for storage flexibility Simplify and automate management Continuous availability is required.

Storage Networking. Storage Trends Storage growth Need for storage flexibility Simplify and automate management Continuous availability is required.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Similar presentations

Ads by Google