3rd International ICST Workshop on the Value of Security through Collaboration

Research Article

An Efficient and Scalable Security Protocol for Protecting Fixed-Content Objects in Content Addressable Storage Architectures

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550309,
        author={Wassim Itani and Ayman Kayssi and Ali Chehab},
        title={An Efficient and Scalable Security Protocol for Protecting Fixed-Content Objects in Content Addressable Storage Architectures},
        proceedings={3rd International ICST Workshop on the Value of Security through Collaboration},
        publisher={IEEE},
        proceedings_a={SECOVAL},
        year={2008},
        month={6},
        keywords={customizable security content-addressable storage security policy-driven security.},
        doi={10.1109/SECCOM.2007.4550309}
    }
    
  • Wassim Itani
    Ayman Kayssi
    Ali Chehab
    Year: 2008
    An Efficient and Scalable Security Protocol for Protecting Fixed-Content Objects in Content Addressable Storage Architectures
    SECOVAL
    IEEE
    DOI: 10.1109/SECCOM.2007.4550309
Wassim Itani1,*, Ayman Kayssi1,*, Ali Chehab1,*
  • 1: Department of Electrical and Computer Engineering American University of Beirut Beirut 1107 2020, Lebanon
*Contact email: wgi01@aub.edu.lb, ayman@aub.edu.lb, chehab@aub.edu.lb

Abstract

In this paper we present PLEDGE, an efficient and scalable Security ProtocoL for protecting fixed-content objects in contEnt aDdressable storaGe (CAS) architEctures. PLEDGE follows an end-to-end policy-driven security approach to secure the confidentiality, integrity, and authenticity of fixed-content entities over the enterprise network links and in the nodes of the CAS device. It utilizes a customizable and configurable XML security policy to provide flexible, multi-level, and fine-grained encryption and hashing methodologies to fixed content CAS entities. PLEDGE secures data objects based on their content and sensitivity and highly overcomes the performance of bulk and raw encryption protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS) protocols. Moreover, PLEDGE transparently stores sensitive objects encrypted (partially or totally) in the CAS storage nodes without affecting the CAS storage system operation or performance and takes into consideration the processing load, computing power, and memory capabilities of the client devices which may be constrained by limited processing power, memory resources, or network connectivity. PLEDGE complies with the strictest compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) requirements and the SEC Rule 17a-4 financial standards. The protocol is implemented in a real CAS network using an EMC Centera backend storage device. The application secured by PLEDGE in the sample implementation is an X-Ray radiography scanning system in a healthcare network environment.