NeoScale Systems, Inc. Integrating Storage Security into an Overall Security Architecture Robert A. (Bob) Lockhart - Chief Systems Architect rlockhart@neoscale.com
Why Storage Security Now? Storage Drivers Consolidation Offsite Replication Outsourcing Insiders Information Attacks Lost Tapes Data Breaches Industry National Local Regulatory Compliance Vulnerable Data * Real Threats * Liability = HIGH RISK 12/15/2005 Slide 2
Data / Storage Vulnerability Points Unauthorized Data Access Uncontrolled Host Access Media Theft Host Spoofing MAN MAN WAN WAN Eavesdropping Gartner: By year-end 2006, 85% of Fortune 1000 enterprises will encrypt most critical "data at rest" (0.9). 12/15/2005 Slide 3
Unauthorized Data Access Problem: Controlling unauthorized access to data by users and applications Solutions: Centralized Directory Services Two Factor Authentication Application Level Access Control What s missing? Application to OS access controls so that only applications have access to specific files or volumes versus users User access directly to files versus User access via applications Best solved by adding additional appliances to the mix? NO! Worst case add agents to control access to data This really needs to be in the OS and Application itself New version of Database Applications are adding field level access control 12/15/2005 Slide 4
Uncontrolled Host Access to Storage Problem: Maintaining control over data in a Storage Network Solutions: Zoning (Fancy word for VLAN on steroids), LUN Masking and LUN Mapping Stateful SAN firewalls Goes beyond traditional Zoning and LUN Masking by mapping flows similar to traditional Firewalls found in IP based environments DH-CHAP Host to Switch Authentication New Standards for SAN Security T11.3 FC-SP DH-CHAP to support authenticated connectivity between a host and the network Authentication happens between the Host HBA and SAN Switch today Long term end to end authentication will resolve access control and host spoofing issues 12/15/2005 Slide 5
Host Spoofing Problem: Host re-addressing was built into the Fibre Channel standard on purpose Originally created for clustered high performance computing environments This threat usually means malicious intent that takes planning and forethought Solutions: A combination of Hard and Soft Zoning used with LUN Mapping features found in modern arrays DH-CHAP authentication resolves by verifying system identity New Standards for Security T11.3 FC-SP DH-CHAP to support authenticated connectivity between a host and the network Authentication happens between the Host HBA and SAN Switch today 12/15/2005 Slide 6
Media Replacement, Loss or Theft Problem: Loss or theft of removable media Failed disks still contain data Solutions: Media Wiping Media Destruction Encryption Standards in Development include T11.3 FC-SP, IEEE P1619 Work Group and T10 has created a study group for Key Exchange over SCSI There has been a lot of press attention here Depreciated/old array sold on ebay with data intact Tapes lost in transport Data that leaves a site should be considered data-in-flight How do you protect your remote data connections today? 12/15/2005 Slide 7
Eavesdropping Problem: Data capture and analysis is a well known technology Optical networks can be tapped with relatively little expense Devices that macrobend fiber are used to tap into signals Solutions: Optical Loss Detectors built into devices Sealed Conduits that are pressurized end to end Link Encryption Networks have used IPSec to protect traffic for a long time New Standards are in Development Optical Loss Measurement devices at all points in a link where a tap is possible T11.3 FC-SP is also tasked with development of the FCSec standard FCSec is based on IPSec including re-keying and encryption algorithms 12/15/2005 Slide 8
Distinct Requirements for Storage Primary Storage DAS, SAN & NAS SAN Response Time High Availability Secondary Storage Meeting Backup Windows Media Management SAN Extension Enterprise Security MAN & WAN Response Time High Availability Policy & key management Security certifications 12/15/2005 Slide 9
Storage Security Encryption Options
Data Encryption Alternatives Alternatives Performance Manageability Deployment Security Application / File System Server Impact? App Response Schema Per Application Per App Strong Per App Storage Management S/W Server Impact? App Response Keys on clients or Storage Management server Per Environment Varies Fibre Channel or iscsi Switch/Router Network Device Impact Vendor differences Replace Device Varies Storage Security Appliance Bump in Wire Centralized Immediate, Transparent Strong 12/15/2005 Slide 11
Disk Encryption Appliance Solutions Host Agent Encryption Security Appliance Proxy Appliance Security Appliance Inline Appliance Agent Server SAN Disk Server SAN Disk Server SAN Security Appliance Disk Advantages: Storage agnostic Considerations: Host agent integration Patch management Server overhead Single point of failure Latency delays Advantages Encryption offload Considerations: Storage re-mapping Limited redundancy Performance impact Integrity w/caching Latency delays Advantages: Encryption offload Application invisible Native redundancy Wire-speed performance End-end integrity Minimal latency 12/15/2005 Slide 12
Primary Storage Encryption/Decryption of Payload Only FCP Command Frame No Encryption FC SoF FC Header SCSI Command CRC FC EoF 28+ Byte FCP Command 4 Bytes 24 Bytes Up to 2112 Byte Payload 4 Bytes 4 Bytes Fibre Channel Data Frame No Encryption Encryption of Payload Only Modified CRC FC SoF FC Header Data Block Data Block Data Block Data Block CRC FC EoF 512 Byte Block 512 Byte Block 512 Byte Block 512 Byte Block 4 Bytes 24 Bytes Up to 2112 Byte Payload 4 Bytes 4 Bytes 12/15/2005 Slide 13
Tape Security Alternatives Server-Based Encryption Encrypt in backup application Disk-Based Encryption Encrypt data-at-rest and backup to tape Storage Security Appliance Encrypt in network-based security appliance Disk Backup Server Tape Pros: Software add-on to backup application Cons: No compression Server CPU overhead Reduced throughput Insecure key mgmt Backup Server Tape Pros: Invisible to backup apps Cons: No compression More complex recovery Requires encrypting all sensitive data on primary storage Backup Server Security Appliance Tape Pros: Invisible to backup apps Native backup performance Secure key management Appliance simplifies security Cons: Additional hardware device 12/15/2005 Slide 14
NeoScale Tape Format Similar to Proposed GCM tape format NeoScale Tape Label 1024 Bytes NeoScale Block Header 32 Bytes Tape Header or Data Block NeoScale Block Trailer 32 Bytes NeoScale Block Header 32 Bytes Data Block Size Varies by Application and Compression NeoScale Block Trailer 32 Bytes NeoScale Block Header 32 Bytes Data Block Size Varies by Application and Compression NeoScale Block Trailer 32 Bytes NeoScale Block Header 32 Bytes Data Block Size Varies by Application and Compression NeoScale Block Trailer 32 Bytes NeoScale Labels NeoScale 1K Byte Tape Label 32 Byte per block prepend and append Label is encrypted using Pool Key Legacy Tape Support NeoScale Data Normal Tape Data File Mark Existing unencrypted tapes will pass data through CryptoStor without requiring additional configuration 12/15/2005 Slide 15
Fibre Channel Link Security - FCSec Deployment: Looks like traditional link encryption Acts like traditional link encryption Except it uses Fibre Channel instead of IP Replication Protocol Primary Remote 12/15/2005 Slide 16
Native SAN Encryption Optional compression, Encapsulation, and encryption of entire Fibre Channel frame Equivalent of IPSec Tunnel Mode Referred to as FCSec Tunnel Mode No conversion to IP required to provide encryption Lower latency for real time applications such as synchronous mirroring and remote storage Recommended encryption modes are CBC or potentially GCM Support for Fibre Channel Layer 4 Protocols Proprietary and Interoperability Modes FC SoF FCSec FC Header E S P FC Header Upper Level Protocols SCSI, FiCON, IP, VI, HiPPI FC CRC FCSec CRC FC EOF Tunnel Mode (FC Frame Encapsulation) 12/15/2005 Slide 17
Encryption Modes Being Proposed for Data at Rest
Modes of Operation LRW Proposed for Primary Storage Tweaked Narrow Block Mode 1 2 32 TK TK TK Encryption Operation Encryption Operation Encryption Operation TK = Tweak Key Based on 2 nd Disk Key and Physical Block Number 12/15/2005 Slide 19
Modes of Operation GCM Proposed for Tape Based Storage Galois/Counter Mode Header Sequence Clear Text Block of Data GCM Encryption Header Sequence Encrypted Block of Data ICV ICV is the Cryptographic Authentication Information about the block 12/15/2005 Slide 20
Key Management The Real Problem to Resolve
Key Management Objectives Key Repository Must be capable of storing Keys for an indefinite period of time A lot of problems were discovered with the advent of PKI Security Access to Keying material is paramount in any Key Management scheme Transport and use of the keys must be properly maintained Types of Keys Public or Private? Which is best for Application? File? Disk? Tape? Link? Building a key management architecture that scales from single device to enterprise wide architectures for storage security is critical! 12/15/2005 Slide 22
Distributed Configuration System Backup and Tape Recovery Site A Site B Backup Server Backup Server CS Tape IP IP Network Network Tape Library Cluster CS Tape Tape Library Key management Dynamic Key Catalog updates across all cluster members across locations Backup System Key to Smart Card(s) CryptoStor recovery Execute recovery script Restore System Key from Smart Card(s) Obtain policies and import Key Catalog from cluster Tape recovery Automatic via any clustered appliance at either location 12/15/2005 Slide 23
Disaster Site System Backup and Tape Recovery CS Tape Recovery Site n Key Repository IP IP Network Network 3rd CS Tape party Disaster Site Site 1 Tape Library Key management Automatic periodic backup of Encrypted Key Catalogs to Key Repository Backup System Key to Smartcard(s) at each Site CryptoStor Recovery Site Execute recovery script Restore System Key from Smartcard(s) Import Key Catalog from Key Repository Tape recovery Fully Automated Solutions make this business as usual for DR. CS Tape Tape Library 12/15/2005 Slide 24
Customer Solutions Examples of Storage Security
University of Texas HIPAA Compliance File/Print Server MS Exchange Cluster Brocade Switches CryptoStor FC (clustered) Compaq EVA Disk Array (with multipath) Demonstrates reasonable and accepted due diligence for HIPAA compliance Operational Impact Minimized operational impact on day to day operations Database Cluster Cost Savings CryptoStor Tape (clustered) Greatly reduced backend PHI data classification and management costs StorageTek L700 12/15/2005 Slide 26
Customer Architecture: Corporate Payments Company Event Processor Server HIPAA, GLBA and SOX Compliance Controller Master Admin Server CryptoStor FC (clustered via dedicated out-of-band IP connection) Dell / EMC CX500 500GB Monitor Server ISL to form single fabric SQL Server McData Switches CryptoStor Tape Dell Servers SQL Server 12/15/2005 Slide 27 Dell Fibre-Channel Tape Library
Transend Business Services Storage Security Encrypts each customers data individually Shares array between multiple customers with dedicated encryption One appliance per customer Multiple keys per customer Cost savings for Transend Reduced costs by purchasing single array for short term cost savings and long term operations savings Customer can control keys or have Transend provide key management Removed a final hurdle in the Financial Service Provider model where shared storage is involved Reduced liability from $1,000,000 to $100,000 per incident for one customer Customer 1 Customer 2 Customer n IP IP LAN LAN IP IP LAN LAN IP IP LAN LAN & & VPN VPN & & VPN VPN & & VPN VPN WAN WAN WAN WAN WAN WAN 12/15/2005 Slide 28 Shared Array
Global ISP Backup Security Data Backup Application Server Disk Array Multiple Privacy Laws in Multiple Countries Tapes need to be ship between multiple sites including Russia, Japan, Switzerland and the U.S. Backup Server 1 SAN Switch Backup Server 2 Backup/Recovery via CryptoStor for Tape Redundancy for Backups provided by Primary and Secondary Backup Server Each with it s own CryptoStor Tape CryptoStor Tapes (clustered) 12/15/2005 Slide 29 Tape Library w/4 LTO2 Drives
NeoScale Storage Security Solutions Secure primary storage - Host access control - Secure data partitioning - Storage behind NAS head Vaulting Services Secure tape backup -Lost/stolen media -Data manipulation Data Center Arrays Servers Tape MAN Remote Locations NAS SAN Secure SAN extension -Eavesdropping -Data manipulation 12/15/2005 Slide 30