Research Article
An Efficient and Scalable Security Protocol for Protecting Fixed-Content Objects in Content Addressable Storage Architectures
@INPROCEEDINGS{10.1109/SECCOM.2007.4550309, author={Wassim Itani and Ayman Kayssi and Ali Chehab}, title={An Efficient and Scalable Security Protocol for Protecting Fixed-Content Objects in Content Addressable Storage Architectures}, proceedings={3rd International ICST Workshop on the Value of Security through Collaboration}, publisher={IEEE}, proceedings_a={SECOVAL}, year={2008}, month={6}, keywords={customizable security content-addressable storage security policy-driven security.}, doi={10.1109/SECCOM.2007.4550309} }
- Wassim Itani
Ayman Kayssi
Ali Chehab
Year: 2008
An Efficient and Scalable Security Protocol for Protecting Fixed-Content Objects in Content Addressable Storage Architectures
SECOVAL
IEEE
DOI: 10.1109/SECCOM.2007.4550309
Abstract
In this paper we present PLEDGE, an efficient and scalable Security ProtocoL for protecting fixed-content objects in contEnt aDdressable storaGe (CAS) architEctures. PLEDGE follows an end-to-end policy-driven security approach to secure the confidentiality, integrity, and authenticity of fixed-content entities over the enterprise network links and in the nodes of the CAS device. It utilizes a customizable and configurable XML security policy to provide flexible, multi-level, and fine-grained encryption and hashing methodologies to fixed content CAS entities. PLEDGE secures data objects based on their content and sensitivity and highly overcomes the performance of bulk and raw encryption protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS) protocols. Moreover, PLEDGE transparently stores sensitive objects encrypted (partially or totally) in the CAS storage nodes without affecting the CAS storage system operation or performance and takes into consideration the processing load, computing power, and memory capabilities of the client devices which may be constrained by limited processing power, memory resources, or network connectivity. PLEDGE complies with the strictest compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) requirements and the SEC Rule 17a-4 financial standards. The protocol is implemented in a real CAS network using an EMC Centera backend storage device. The application secured by PLEDGE in the sample implementation is an X-Ray radiography scanning system in a healthcare network environment.