Securing disk-resident data through application level encryption

Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.

Original languageEnglish (US)
Title of host publicationProceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007
Pages46-57
Number of pages12
DOIs
StatePublished - Dec 1 2007
Event4th International IEEE Security in Storage Workshop, SISW 2007 - San Diego, CA, United States
Duration: Sep 27 2007Sep 27 2007

Publication series

NameProceedings - SISW 2007: 4th International IEEE Security in Storage Workshop

Other

Other4th International IEEE Security in Storage Workshop, SISW 2007
CountryUnited States
CitySan Diego, CA
Period9/27/079/27/07

Fingerprint

Cryptography
resident
performance
subsystem
Degradation
experiment
Experiments

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Communication
  • Control and Systems Engineering

Cite this

Prabhakar, R., Son, S. W., Patrick, C., Narayanan, S. H. K., & Kandemir, M. (2007). Securing disk-resident data through application level encryption. In Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007 (pp. 46-57). [4389744] (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop). https://doi.org/10.1109/SISW.2007.4389744
Prabhakar, Ramya ; Son, Seung Woo ; Patrick, Christina ; Narayanan, Sri Hari Krishna ; Kandemir, Mahmut. / Securing disk-resident data through application level encryption. Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007. 2007. pp. 46-57 (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop).
@inproceedings{eab4af4ed4334490a3c5bf24ba050595,
title = "Securing disk-resident data through application level encryption",
abstract = "Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5{\%}, when DES is used as the encryption mechanism, and the same by 30.63{\%}, when AES is used as the encryption mechanism.",
author = "Ramya Prabhakar and Son, {Seung Woo} and Christina Patrick and Narayanan, {Sri Hari Krishna} and Mahmut Kandemir",
year = "2007",
month = "12",
day = "1",
doi = "10.1109/SISW.2007.4389744",
language = "English (US)",
isbn = "0769530524",
series = "Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop",
pages = "46--57",
booktitle = "Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007",

}

Prabhakar, R, Son, SW, Patrick, C, Narayanan, SHK & Kandemir, M 2007, Securing disk-resident data through application level encryption. in Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007., 4389744, Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop, pp. 46-57, 4th International IEEE Security in Storage Workshop, SISW 2007, San Diego, CA, United States, 9/27/07. https://doi.org/10.1109/SISW.2007.4389744

Securing disk-resident data through application level encryption. / Prabhakar, Ramya; Son, Seung Woo; Patrick, Christina; Narayanan, Sri Hari Krishna; Kandemir, Mahmut.

Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007. 2007. p. 46-57 4389744 (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Securing disk-resident data through application level encryption

AU - Prabhakar, Ramya

AU - Son, Seung Woo

AU - Patrick, Christina

AU - Narayanan, Sri Hari Krishna

AU - Kandemir, Mahmut

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.

AB - Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.

UR - http://www.scopus.com/inward/record.url?scp=49449091409&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=49449091409&partnerID=8YFLogxK

U2 - 10.1109/SISW.2007.4389744

DO - 10.1109/SISW.2007.4389744

M3 - Conference contribution

AN - SCOPUS:49449091409

SN - 0769530524

SN - 9780769530529

T3 - Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop

SP - 46

EP - 57

BT - Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007

ER -

Prabhakar R, Son SW, Patrick C, Narayanan SHK, Kandemir M. Securing disk-resident data through application level encryption. In Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007. 2007. p. 46-57. 4389744. (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop). https://doi.org/10.1109/SISW.2007.4389744