Continued growth and popularity of the Internet fuels increased reliance on e-business which often involves data-intensive applications. Consequently, the amount of  information that needs to be stored and managed can become quite intimidating. Traditional centralized storage servers, which have been the workhorses of the industry, are often unable to meet the storage needs of large organizations. To this end, they are being replaced by network attached disks and, more recently, by Storage Area Networks (SAN-s). A SAN represents a scalable and reliable storage network that enables efficient any-to-any connectivity between hosts and storage devices and provides improved overall resource utilization. Therefore, SAN-s indeed signify a major step in the evolution of network storage. A critical requirement in such a distributed storage system is the security and integrity of stored data. Although this problem has been studied intensively in the past, certain unique features of the SAN setting result in some new security challenges. In this project, we concentrate on safeguarding data (stored on a SAN) from various threats and attacks with the further emphasis on efficient key management.

The goal of the project is twofold:

•  to provide a security architecture for preserving privacy and integrity of SAN data. 
•  to provide efficient key management solutions

System Model:

A Storage Area Network, as seen from the perspective of a host or a disk, is a network infrastructure that forwards, in an efficient and reliable way, both data blocks and commands. The SAN infrastructure is essentially a collection of network devices such as high-end switches for IP or Fibre Channel networks or storage routers. We use the term SAN entities to refer to these network devices.

In most SAN frameworks the actual data owner can control, fully or in part, the SAN administration. This is the case in a typical enterprise scenario as well as in the Storage Service Provider (SSP) model (where SSP companies sell storage as a service to their customers). The fact that the data owner controls the SAN enables the powerful concept of virtualization for data security. We utilize these entities to actively enforce data security policies.

The notable features of our approach are as follows:

• We delegate the bulk of the cryptographic operations to the SAN entities essentially freeing the hosts from the cryptographic burden. A host only needs to establish a secure link with the SAN perimeter. Thus, the level of user inconvenience introduced by our system is minimal.
• Since SAN entities are entrusted with the cryptographic duties, key management only involves these (relatively) few entities, as opposed to involving all possible hosts in the system.
• We recognize the peer nature of the SAN entities that are authorized to virtualize a secure volume. Exploiting this feature, we propose two different key management approaches: one based on a simple Public Key Infrastructure (PKI). The second approach is based on peer group key agreement techniques.