NeoScale Systems, Inc.Integrating Storage Security

into an Overall Security Architecture

Robert A. (Bob) Lockhart - Chief Systems Architectrlockhart@neoscale.com

12/15/2005 Slide 2

ConsolidationOffsite ReplicationOutsourcing

InsidersLost TapesData Breaches

IndustryNationalLocal

Why Storage Security Now?

Information Attacks

Regulatory Compliance

Storage Drivers

Vulnerable Data Real Threats Liability* *

= HIGH RISK

12/15/2005 Slide 3

Data / Storage Vulnerability Points

Gartner: By year-end 2006, 85% of Fortune 1000 ente rprises willencrypt most critical "data at rest" (0.9).

Eavesdropping

Uncontrolled Host Access

Media Theft

Host Spoofing

Unauthorized Data Access

MAN WAN

MAN WAN

12/15/2005 Slide 4

Unauthorized Data Access

Problem:¯ Controlling unauthorized access to data by users and applications

Solutions:¯ Centralized Directory Services¯ Two Factor Authentication¯ Application Level Access Control

� What’s missing?¯ Application to OS access controls so that only applications have

access to specific files or volumes versus usersUser access directly to files versus User access via applications

¯ Best solved by adding additional appliances to the mix? NO!Worst case add agents to control access to dataThis really needs to be in the OS and Application itself

New version of Database Applications are adding field level access control

12/15/2005 Slide 5

Uncontrolled Host Access to Storage

Problem:¯ Maintaining control over data in a Storage Network

Solutions:¯ Zoning (Fancy word for VLAN on steroids), LUN Masking and LUN

Mapping¯ Stateful SAN firewalls

Goes beyond traditional Zoning and LUN Masking by mapping flows similar to traditional Firewalls found in IP based environments

¯ DH-CHAP Host to Switch Authentication� New Standards for SAN Security

¯ T11.3 FC-SP DH-CHAP to support authenticated connectivity between a host and the network

Authentication happens between the Host HBA and SAN Switch today¯ Long term end to end authentication will resolve access control and

host spoofing issues

12/15/2005 Slide 6

Host Spoofing

Problem:¯ Host re-addressing was built into the Fibre Channel standard on

purposeOriginally created for clustered high performance computing environments

¯ This threat usually means malicious intent that takes planning and forethought

Solutions:¯ A combination of Hard and Soft Zoning used with LUN Mapping

features found in modern arrays¯ DH-CHAP authentication resolves by verifying system identity

� New Standards for Security¯ T11.3 FC-SP DH-CHAP to support authenticated connectivity

between a host and the networkAuthentication happens between the Host HBA and SAN Switch today

12/15/2005 Slide 7

Media Replacement, Loss or Theft

Problem:¯ Loss or theft of removable media¯ Failed disks still contain data

Solutions:¯ Media Wiping¯ Media Destruction¯ Encryption

Standards in Development include T11.3 FC-SP, IEEE P1619 Work Group and T10 has created a study group for Key Exchange over SCSI

� There has been a lot of press attention here¯ Depreciated/old array sold on eBay with data intact¯ Tapes lost in transport

Data that leaves a site should be considered data-i n-flight¯ How do you protect your remote data connections today?

12/15/2005 Slide 8

Eavesdropping

Problem:¯ Data capture and analysis is a well known technology¯ Optical networks can be tapped with relatively little expense

Devices that macrobend fiber are used to tap into signals

Solutions:¯ Optical Loss Detectors built into devices¯ Sealed Conduits that are pressurized end to end¯ Link Encryption

Networks have used IPSec to protect traffic for a long time

� New Standards are in Development¯ Optical Loss Measurement devices at all points in a link where a tap

is possible¯ T11.3 FC-SP is also tasked with development of the FCSec standard

FCSec is based on IPSec including re-keying and encryption algorithms

12/15/2005 Slide 9

Distinct Requirements for Storage

SAN Response TimeHigh Availability

Primary StorageDAS, SAN & NAS

Meeting Backup WindowsMedia ManagementSecondary Storage

MAN & WAN Response TimeHigh Availability

SAN Extension

Enterprise SecurityPolicy & key managementSecurity certifications�

Storage SecurityEncryption Options

12/15/2005 Slide 11

Data Encryption Alternatives

VariesReplace Device

Vendor differences

Network Device Impact

Fibre Channel or iSCSI

Switch/Router

Immediate, Transparent

Per Environment

Per App

Deployment

Strong Per App

Schema Per Application

Server Impact? App Response

Application / File System

Bump in Wire

Server Impact? App Response

Performance

StrongCentralizedStorageSecurity

Appliance

Varies

Keys on clients or Storage

Management server

Storage Management

S/W

SecurityManageabilityAlternatives

12/15/2005 Slide 12

Disk Encryption Appliance Solutions

SAN

Advantages:•Storage agnostic

Considerations:•Host agent integration•Patch management•Server overhead•Single point of failure•Latency delays

Host Agent Encryption

Disk

SecurityAppliance

Server

Agent

Advantages:•Encryption offload•Application invisible•Native redundancy•Wire-speed performance•End-end integrity•Minimal latency

Inline Appliance

Security Appliance

SAN

DiskServer

Advantages•Encryption offload

Considerations:•Storage re-mapping•Limited redundancy•Performance impact•Integrity w/caching•Latency delays

Proxy Appliance

SAN

DiskServer

SecurityAppliance

12/15/2005 Slide 13

Primary StorageEncryption/Decryption of Payload Only

FCHeader

SCSICommand

FCEoF

FCSoF

No Encryption

CRC

4 Bytes 24 Bytes Up to 2112 Byte Payload 4 Bytes 4 Bytes

28+ Byte FCP Command

FCP Command Frame

DataBlock

FCHeader

DataBlock

DataBlock

FCEoF

DataBlock

FCSoF

Encryption of Payload Only

CRC

4 Bytes 24 Bytes Up to 2112 Byte Payload 4 Bytes 4 Bytes

512 Byte Block 512 Byte Block 512 Byte Block 512 Byte Block

Modified CRCFibre Channel Data FrameNo Encryption

12/15/2005 Slide 14

Tape Security AlternativesServer-Based

EncryptionEncrypt in backup

application

Pros : •Software add-on to backup application

Cons :• No compression • Server CPU overhead• Reduced throughput• Insecure key mgmt

Pros: •Invisible to backup apps

Cons:•No compression•More complex recovery•Requires encrypting all sensitive data on primary storage

Disk-Based Encryption

Encrypt data-at-rest and backup to tape

Backup Server

Tape

Pros: • Invisible to backup apps• Native backup performance• Secure key management• Appliance simplifies security

Cons:•Additional hardware device

Storage Security Appliance

Encrypt in network-based security appliance

Backup Server

Backup Server

Security Appliance

TapeTape

Disk

12/15/2005S

lide 15

NeoS

cale Tape Form

atS

imilar to P

roposed GC

M tape form

at

�N

eoScale Labels

¯N

eoScale 1K

Byte T

ape Label

¯32 B

yte per block prepend and append

¯Label is encrypted using P

ool Ke

y

�Legacy T

ape Support

¯E

xisting unencrypted tapes will pass data through C

ryptoS

tor w

ithout requiring additional configuration

NeoS

cale Data

Norm

al Tape D

ata

NeoScale Tape Label1024 Bytes

Tape Header orData Block

NeoScale Block Header32 Bytes

Data BlockSize Varies by Application

and Compression

NeoScale Block Trailer32 Bytes

NeoScale Block Header32 Bytes

Data BlockSize Varies by Application

and Compression

NeoScale Block Trailer32 Bytes

NeoScale Block Header32 Bytes

Data BlockSize Varies by Application

and Compression

NeoScale Block Trailer32 Bytes

NeoScale Block Header32 Bytes

NeoScale Block Trailer32 Bytes

File M

ark

12/15/2005 Slide 16

Fibre Channel Link Security - FCSec

Deployment: Looks like traditional link encryptionActs like traditional link encryptionExcept it uses Fibre Channel instead of IP

Primary Remote

Replication Protocol

12/15/2005 Slide 17

Native SAN Encryption

� Optional compression, Encapsulation, and encryption of entire Fibre Channel frame

¯ Equivalent of IPSec Tunnel Mode¯ Referred to as FCSec Tunnel Mode

� No conversion to IP required to provide encryption¯ Lower latency for real time applications such as synchronous

mirroring and remote storage¯ Recommended encryption modes are CBC or potentially GCM

� Support for Fibre Channel Layer 4 Protocols¯ Proprietary and Interoperability Modes

Tunnel Mode (FC Frame Encapsulation)

FCHeader

Upper Level ProtocolsSCSI, FiCON, IP, VI, HiPPI

FCSecFC Header

FCSoF

FCEOF

FCCRC

FCSecCRC

ESP

Encryption ModesBeing Proposed for

Data at Rest

12/15/2005 Slide 19

Modes of Operation – LRWProposed for Primary Storage

� Tweaked Narrow Block Mode

TK = Tweak Key – Based on 2 nd Disk Key and Physical Block Number

EncryptionOperation

�

TK

EncryptionOperation

�

TK

EncryptionOperation

�

TK

1 2 32

12/15/2005 Slide 20

Modes of Operation – GCMProposed for Tape Based Storage

� Galois/Counter Mode

ICV is the Cryptographic Authentication Information about the block

Header Sequence Clear Text Block of Data

Header Sequence Encrypted Block of Data ICV

GCM Encryption�

Key ManagementThe Real Problem to Resolve

12/15/2005 Slide 22

Key Management Objectives

� Key Repository¯ Must be capable of storing Keys for an indefinite period of time¯ A lot of problems were discovered with the advent of PKI

� Security¯ Access to Keying material is paramount in any Key Management

scheme¯ Transport and use of the keys must be properly maintained

� Types of Keys¯ Public or Private?¯ Which is best for Application? File? Disk? Tape? Link?

� Building a key management architecture that scales from single device to enterprise wide architectures for storage security is critical!

12/15/2005 Slide 23

Distributed ConfigurationSystem Backup and Tape Recovery

Tape Library

Site A

BackupServer

Tape LibraryCS Tape

BackupServer

CS Tape

Site B

IPNetwork

IPNetwork

� Key management¯ Dynamic Key Catalog updates

across all cluster members across locations

¯ Backup System Key to Smart Card(s)

� CryptoStor recovery¯ Execute recovery script¯ Restore System Key from Smart

Card(s) ¯ Obtain policies and import Key

Catalog from cluster

� Tape recovery¯ Automatic via any clustered

appliance at either location

Cluster

�

�

12/15/2005 Slide 24

Disaster SiteSystem Backup and Tape Recovery

Tape Library

Tape LibraryCS Tape

CS Tape

Site 1

Site n

Key Repository

�

CS TapeRecovery

IPNetwork

IPNetwork

��

3rd partyDisaster

Site

�

� Key management¯ Automatic periodic backup of

Encrypted Key Catalogs to Key Repository

¯ Backup System Key to Smartcard(s) at each Site

� CryptoStor Recovery Site¯ Execute recovery script¯ Restore System Key from

Smartcard(s) ¯ Import Key Catalog from Key

Repository

� Tape recovery¯ Fully Automated Solutions make

this business as usual for DR.

Customer SolutionsExamples of Storage Security

12/15/2005 Slide 26

University of Texas� HIPAA Compliance

¯ Demonstrates reasonable and accepted due diligence for HIPAA compliance

� Operational Impact¯ Minimized operational

impact on day to day operations

� Cost Savings¯ Greatly reduced backend

PHI data classification and management costs

Compaq EVADisk Array

(with multipath)

BrocadeSwitches

File/Print Server

CryptoStor FC(clustered)

MS Exchange Cluster

DatabaseCluster

StorageTek L700

CryptoStor Tape(clustered)

12/15/2005 Slide 27

Customer Architecture:Corporate Payments Company

Dell / EMC CX500500GB

CryptoStor FC(clustered via dedicated

out-of-band IP connection)

ISL to form single fabric

Event Processor Server

SQL Server

SQL Server

Controller Master

Admin Server

Monitor Server

Dell Fibre-Channel Tape Library

CryptoStor TapeMcData Switches

Dell Servers

HIPAA, GLBA and SOX Compliance

12/15/2005 Slide 28

Transend Business Services� Storage Security

¯ Encrypts each customers data individually

¯ Shares array between multiple customers with dedicated encryption

One appliance per customerMultiple keys per customer

� Cost savings for Transend¯ Reduced costs by purchasing single

array for short term cost savings and long term operations savings

¯ Customer can control keys or have Transend provide key management

¯ Removed a final hurdle in the Financial Service Provider model where shared storage is involved

¯ Reduced liability from $1,000,000 to $100,000 per incident for one customer

Shared Array

Customer 1 Customer 2 Customer n

IP LAN & VPN WAN

IP LAN & VPN WAN

IP LAN & VPN WAN

IP LAN & VPN WAN

IP LAN & VPN WAN

IP LAN & VPN WAN

12/15/2005 Slide 29

Global ISP Backup Security

� Data Backup¯ Multiple Privacy Laws in

Multiple Countries¯ Tapes need to be ship

between multiple sites including Russia, Japan, Switzerland and the U.S.

� Backup/Recovery via CryptoStor™ for Tape

¯ Redundancy for Backups provided by Primary and Secondary Backup Server

¯ Each with it’s own CryptoStor Tape

Disk Array

SANSwitch

Application Server

Backup Server 1

Tape Libraryw/4 LTO2 Drives

Backup Server 2

CryptoStor Tapes(clustered)

12/15/2005 Slide 30

NeoScale Storage Security Solutions

Data CenterArrays

Servers

Remote Locations

Vaulting Services

TapeMAN

Secure primary storage- Host access control - Secure data partitioning- Storage behind NAS head

Secure tape backup-Lost/stolen media-Data manipulation

Secure SAN extension-Eavesdropping-Data manipulation

SAN

NAS