Efficient Asymmetric Secure i SCSI Murthy Andukuri 4292006
![Efficient Asymmetric Secure i. SCSI Murthy Andukuri 4/29/2006 Murthy Si. SCSI 1 Efficient Asymmetric Secure i. SCSI Murthy Andukuri 4/29/2006 Murthy Si. SCSI 1](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-1.jpg)
![Outline of the talk l l l l Goals of the project Motivation for Outline of the talk l l l l Goals of the project Motivation for](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-2.jpg)
![Goals l l A dual-key asymmetric cryptographic enhancement of IPsec to reduce total IPsec Goals l l A dual-key asymmetric cryptographic enhancement of IPsec to reduce total IPsec](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-3.jpg)
![Motivation l Remote storage • NAS – Network Attached Storage • Roots in File Motivation l Remote storage • NAS – Network Attached Storage • Roots in File](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-4.jpg)
![Storage Security Considerations l Importance of storage security • Need for end-to-end security. Possible Storage Security Considerations l Importance of storage security • Need for end-to-end security. Possible](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-5.jpg)
![Related Work l l l RFC 3723 - Securing Block Storage Protocols over IP Related Work l l l RFC 3723 - Securing Block Storage Protocols over IP](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-6.jpg)
![Choices for data security (Example - ssl) W With IPsec : Multiple encryptions/decryptions Without Choices for data security (Example - ssl) W With IPsec : Multiple encryptions/decryptions Without](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-7.jpg)
![The proposed scheme Encrypted 4/29/2006 Murthy Si. SCSI 8 The proposed scheme Encrypted 4/29/2006 Murthy Si. SCSI 8](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-8.jpg)
![How SCSI Works 10 -byte Command Descriptor Block Tells how many blocks to transfer How SCSI Works 10 -byte Command Descriptor Block Tells how many blocks to transfer](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-9.jpg)
![What exactly is i. SCSI l ‘internet’SCSI • SCSI Initiator and Target across IP What exactly is i. SCSI l ‘internet’SCSI • SCSI Initiator and Target across IP](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-10.jpg)
![i. SCSI protocol layers 4/29/2006 Murthy Si. SCSI 11 i. SCSI protocol layers 4/29/2006 Murthy Si. SCSI 11](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-11.jpg)
![Why i. SCSI l Maximum use of proven technology l Any block device can Why i. SCSI l Maximum use of proven technology l Any block device can](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-12.jpg)
![How i. SCSI works l l PDU (Protocol Data Unit) is the basic unit How i. SCSI works l l PDU (Protocol Data Unit) is the basic unit](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-13.jpg)
![Structure of a PDU header Data i. SCSI Basic Header Segment 4/29/2006 Murthy Si. Structure of a PDU header Data i. SCSI Basic Header Segment 4/29/2006 Murthy Si.](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-14.jpg)
![How i. SCSI works l Initiator initiates connection (Surprise !) • • l Discovery How i. SCSI works l Initiator initiates connection (Surprise !) • • l Discovery](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-15.jpg)
![i. SCSI packet Exchange 4/29/2006 Murthy Si. SCSI 16 i. SCSI packet Exchange 4/29/2006 Murthy Si. SCSI 16](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-16.jpg)
![IPsec l l l Security integrated into network stack • • Secures ALL traffic IPsec l l l Security integrated into network stack • • Secures ALL traffic](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-17.jpg)
![Packet encapsulation combinations in IPsec 4/29/2006 Murthy Si. SCSI 18 Packet encapsulation combinations in IPsec 4/29/2006 Murthy Si. SCSI 18](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-18.jpg)
![Encryption algorithm used in current project : AES with a 192 bit key AES Encryption algorithm used in current project : AES with a 192 bit key AES](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-19.jpg)
![How the proposed scheme looks at a packet level 4/29/2006 Murthy Si. SCSI 20 How the proposed scheme looks at a packet level 4/29/2006 Murthy Si. SCSI 20](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-20.jpg)
![How the packet is modified for the proposed scheme Encrypted together using IKE-generated key How the packet is modified for the proposed scheme Encrypted together using IKE-generated key](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-21.jpg)
![Implementation logic during ‘Write’ On Initiator If Dest. Port == 3260 && opcode is Implementation logic during ‘Write’ On Initiator If Dest. Port == 3260 && opcode is](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-22.jpg)
![Implementation logic during ‘Read’ On Target On Initiator If (source. Port == 3260) { Implementation logic during ‘Read’ On Target On Initiator If (source. Port == 3260) {](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-23.jpg)
![Development test bed setup A file on the Target Virtual machine is Presented as Development test bed setup A file on the Target Virtual machine is Presented as](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-24.jpg)
![Virtual machines of User Mode Linux l l l Multiple Virtual machines running on Virtual machines of User Mode Linux l l l Multiple Virtual machines running on](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-25.jpg)
![Kernel Debugging in User Mode Linux l l Debug ‘static’ kernel code by attaching Kernel Debugging in User Mode Linux l l Debug ‘static’ kernel code by attaching](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-26.jpg)
![Expected Savings in IPsec Computational effort Under Available options (3*64 + 2 *(2+3)) Under Expected Savings in IPsec Computational effort Under Available options (3*64 + 2 *(2+3)) Under](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-27.jpg)
![Performance data with available alternative (on UML test bed) 4/29/2006 Murthy Si. SCSI 28 Performance data with available alternative (on UML test bed) 4/29/2006 Murthy Si. SCSI 28](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-28.jpg)
![Performance data under proposed scheme (on UML test bed) 4/29/2006 Murthy Si. SCSI 29 Performance data under proposed scheme (on UML test bed) 4/29/2006 Murthy Si. SCSI 29](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-29.jpg)
![Impact of File size on performance 4/29/2006 Murthy Si. SCSI 30 Impact of File size on performance 4/29/2006 Murthy Si. SCSI 30](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-30.jpg)
![Lessons Learnt l l l i. SCSI Initiator and Target (Apps and modules) need Lessons Learnt l l l i. SCSI Initiator and Target (Apps and modules) need](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-31.jpg)
![Future Efforts • l l l Expand to include arbitrary file sizes Include in Future Efforts • l l l Expand to include arbitrary file sizes Include in](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-32.jpg)
![Conclusions l l An asymmetric IPsec protocol enhancement was developed for improving the security Conclusions l l An asymmetric IPsec protocol enhancement was developed for improving the security](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-33.jpg)
![Benefits of the scheme l Addresses gaps in storage security, expected to improve performance Benefits of the scheme l Addresses gaps in storage security, expected to improve performance](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-34.jpg)
- Slides: 34
![Efficient Asymmetric Secure i SCSI Murthy Andukuri 4292006 Murthy Si SCSI 1 Efficient Asymmetric Secure i. SCSI Murthy Andukuri 4/29/2006 Murthy Si. SCSI 1](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-1.jpg)
Efficient Asymmetric Secure i. SCSI Murthy Andukuri 4/29/2006 Murthy Si. SCSI 1
![Outline of the talk l l l l Goals of the project Motivation for Outline of the talk l l l l Goals of the project Motivation for](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-2.jpg)
Outline of the talk l l l l Goals of the project Motivation for the project Current options for security Proposed scheme Three components : i. SCSI. IPsec, UML Design and Implementation Results Lessons learnt, Future work, Conclusions 4/29/2006 Murthy Si. SCSI 2
![Goals l l A dualkey asymmetric cryptographic enhancement of IPsec to reduce total IPsec Goals l l A dual-key asymmetric cryptographic enhancement of IPsec to reduce total IPsec](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-3.jpg)
Goals l l A dual-key asymmetric cryptographic enhancement of IPsec to reduce total IPsec processing time and enhance data security for remote storage using i. SCSI. Demonstrate use of virtual test beds running UML to develop networking software. 4/29/2006 Murthy Si. SCSI 3
![Motivation l Remote storage NAS Network Attached Storage Roots in File Motivation l Remote storage • NAS – Network Attached Storage • Roots in File](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-4.jpg)
Motivation l Remote storage • NAS – Network Attached Storage • Roots in File server • NFS, CIFS • SAN – Storage Area Network • FCIP, i. FCP, i. SCSI (All SCSI Based) l i. SCSI is the Focus of the project - • Smart, inexpensive, No special hardware 4/29/2006 Murthy Si. SCSI 4
![Storage Security Considerations l Importance of storage security Need for endtoend security Possible Storage Security Considerations l Importance of storage security • Need for end-to-end security. Possible](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-5.jpg)
Storage Security Considerations l Importance of storage security • Need for end-to-end security. Possible • currently. Using Applications to secure data can leave gaps. l IPsec provides standardized security l Available options to achieve storage security as well • It addresses security in transmission 4/29/2006 Murthy Si. SCSI 5
![Related Work l l l RFC 3723 Securing Block Storage Protocols over IP Related Work l l l RFC 3723 - Securing Block Storage Protocols over IP](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-6.jpg)
Related Work l l l RFC 3723 - Securing Block Storage Protocols over IP Microsoft, Cisco, Intel – all have implementations of i. SCSI Initiator and Target. Available hardware implementations of i. SCSI + IPsec combined hardware – Astute Networks – SA 1000 Super. HBA for example. 4/29/2006 Murthy Si. SCSI 6
![Choices for data security Example ssl W With IPsec Multiple encryptionsdecryptions Without Choices for data security (Example - ssl) W With IPsec : Multiple encryptions/decryptions Without](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-7.jpg)
Choices for data security (Example - ssl) W With IPsec : Multiple encryptions/decryptions Without IPsec : No authentication. Headers insecure. 4/29/2006 Murthy Si. SCSI 7
![The proposed scheme Encrypted 4292006 Murthy Si SCSI 8 The proposed scheme Encrypted 4/29/2006 Murthy Si. SCSI 8](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-8.jpg)
The proposed scheme Encrypted 4/29/2006 Murthy Si. SCSI 8
![How SCSI Works 10 byte Command Descriptor Block Tells how many blocks to transfer How SCSI Works 10 -byte Command Descriptor Block Tells how many blocks to transfer](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-9.jpg)
How SCSI Works 10 -byte Command Descriptor Block Tells how many blocks to transfer Tells Where to start transfer Tells How many bytes to transfer 4/29/2006 Murthy Si. SCSI 9
![What exactly is i SCSI l internetSCSI SCSI Initiator and Target across IP What exactly is i. SCSI l ‘internet’SCSI • SCSI Initiator and Target across IP](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-10.jpg)
What exactly is i. SCSI l ‘internet’SCSI • SCSI Initiator and Target across IP Network • SCSI CDB delivered in an IP packet 4/29/2006 Murthy Si. SCSI 10
![i SCSI protocol layers 4292006 Murthy Si SCSI 11 i. SCSI protocol layers 4/29/2006 Murthy Si. SCSI 11](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-11.jpg)
i. SCSI protocol layers 4/29/2006 Murthy Si. SCSI 11
![Why i SCSI l Maximum use of proven technology l Any block device can Why i. SCSI l Maximum use of proven technology l Any block device can](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-12.jpg)
Why i. SCSI l Maximum use of proven technology l Any block device can be presented as SCSI device Speeds ‘getting’ to be comparable to FC l • TCP ensures delivery , order (mostly) • IP ensures finding/reaching remote hosts • IPsec ensures security in transmission • Works on Ethernet cards and cat-5 cables 4/29/2006 Murthy Si. SCSI 12
![How i SCSI works l l PDU Protocol Data Unit is the basic unit How i. SCSI works l l PDU (Protocol Data Unit) is the basic unit](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-13.jpg)
How i. SCSI works l l PDU (Protocol Data Unit) is the basic unit of communication i. SCSI payload is made of PDU header followed by Data. Several PDU types (called opcodes) based on the source. Fixed length PDU header 4/29/2006 Murthy Si. SCSI 13
![Structure of a PDU header Data i SCSI Basic Header Segment 4292006 Murthy Si Structure of a PDU header Data i. SCSI Basic Header Segment 4/29/2006 Murthy Si.](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-14.jpg)
Structure of a PDU header Data i. SCSI Basic Header Segment 4/29/2006 Murthy Si. SCSI 14
![How i SCSI works l Initiator initiates connection Surprise l Discovery How i. SCSI works l Initiator initiates connection (Surprise !) • • l Discovery](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-15.jpg)
How i. SCSI works l Initiator initiates connection (Surprise !) • • l Discovery Login Full Feature phase • Sends commands to Target • Target responds Logout Supports multiple connections per session • i. SCSI needs to ensure order across connections 4/29/2006 Murthy Si. SCSI 15
![i SCSI packet Exchange 4292006 Murthy Si SCSI 16 i. SCSI packet Exchange 4/29/2006 Murthy Si. SCSI 16](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-16.jpg)
i. SCSI packet Exchange 4/29/2006 Murthy Si. SCSI 16
![IPsec l l l Security integrated into network stack Secures ALL traffic IPsec l l l Security integrated into network stack • • Secures ALL traffic](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-17.jpg)
IPsec l l l Security integrated into network stack • • Secures ALL traffic between hosts Inherent in IPV 6, Supported for IPV 4 Consists of 3 protocols • • • IKE – For Dynamic Key management ESP – For Encryption and authentication AH – Authentication only Tunnel Mode or Transport mode • Transport mode chosen in the project 4/29/2006 Murthy Si. SCSI 17
![Packet encapsulation combinations in IPsec 4292006 Murthy Si SCSI 18 Packet encapsulation combinations in IPsec 4/29/2006 Murthy Si. SCSI 18](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-18.jpg)
Packet encapsulation combinations in IPsec 4/29/2006 Murthy Si. SCSI 18
![Encryption algorithm used in current project AES with a 192 bit key AES Encryption algorithm used in current project : AES with a 192 bit key AES](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-19.jpg)
Encryption algorithm used in current project : AES with a 192 bit key AES uses 128 bit block size The Scheme is independent of algorithm. Verified with 3 DES (192 bit key, 64 bit block) Authentication algorithm used : Hmac-md 5 128 bit key 4/29/2006 Murthy Si. SCSI 19
![How the proposed scheme looks at a packet level 4292006 Murthy Si SCSI 20 How the proposed scheme looks at a packet level 4/29/2006 Murthy Si. SCSI 20](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-20.jpg)
How the proposed scheme looks at a packet level 4/29/2006 Murthy Si. SCSI 20
![How the packet is modified for the proposed scheme Encrypted together using IKEgenerated key How the packet is modified for the proposed scheme Encrypted together using IKE-generated key](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-21.jpg)
How the packet is modified for the proposed scheme Encrypted together using IKE-generated key Second, local key and IV to encrypt this portion Length of payload per packet = 1024 4/29/2006 Murthy Si. SCSI 21
![Implementation logic during Write On Initiator If Dest Port 3260 opcode is Implementation logic during ‘Write’ On Initiator If Dest. Port == 3260 && opcode is](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-22.jpg)
Implementation logic during ‘Write’ On Initiator If Dest. Port == 3260 && opcode is Data-Out && Skb->len adds up to sum of headers and body { § Check length of TCP + i. SCSI Headers § Pad TCP header if necessary § Encrypt payload § Re-compute checksum and update TCP header §Encrypt headers §Authenticate (ESP) } 4/29/2006 On Target § Authenticate (ESP) § If (skb->len > 32 bytes) § { Decrypt 32 bytes; § § if (destport == 3260) Decrypt till end of i. SCSI Hdr If Opcode is Data-Out && Skb->len adds up to sum of headers and body { § Do not Decrypt payload § Remove ESP header § Set next=TCP } } Murthy Si. SCSI 22
![Implementation logic during Read On Target On Initiator If source Port 3260 Implementation logic during ‘Read’ On Target On Initiator If (source. Port == 3260) {](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-23.jpg)
Implementation logic during ‘Read’ On Target On Initiator If (source. Port == 3260) { §Authenticate (ESP) § If (skb->len > 32 bytes) If length indicates presence of payload { § if necessary pad TCP header § encrypt TCPhdr + i. SCSI Hdr § Authenticate } Else { §Encrypt using IKE keys } } 4/29/2006 { Decrypt 32 bytes; if( (source port == 3260) && length indicates that there is payload, and no i. SCSI Hdr ) { Decrypt payload using customized key Recompute checksum } else { just decrypt using IKE key} } Murthy Si. SCSI 23
![Development test bed setup A file on the Target Virtual machine is Presented as Development test bed setup A file on the Target Virtual machine is Presented as](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-24.jpg)
Development test bed setup A file on the Target Virtual machine is Presented as a SCSI disk To the initiator. 4/29/2006 Murthy Si. SCSI 24
![Virtual machines of User Mode Linux l l l Multiple Virtual machines running on Virtual machines of User Mode Linux l l l Multiple Virtual machines running on](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-25.jpg)
Virtual machines of User Mode Linux l l l Multiple Virtual machines running on a single host. Can be built with any kernel source tree with ARCH=um make option. Can be started just like an application. Multiple instances can share a root file system using Copy -On-Write (COW) layer. Can optionally access the host file system as hostfs (Helps during development). Can be networked to the host, to each other and outside world. SKA helps make it almost impossible to hack into the host. Excellent as honeypot. Can be attached to gdb and stepped-thru like any application. 4/29/2006 Murthy Si. SCSI 25
![Kernel Debugging in User Mode Linux l l Debug static kernel code by attaching Kernel Debugging in User Mode Linux l l Debug ‘static’ kernel code by attaching](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-26.jpg)
Kernel Debugging in User Mode Linux l l Debug ‘static’ kernel code by attaching to gdb. Debugging modules is a (quite) a bit more tricky. • • Run the Perl Script in a separate terminal to create a pseudo terminal Run the ‘Expect’ script in a separate terminal, to setup gdb AND instantiate a ‘screen’ session kicking off UML attached to gdb. Find above session with ‘screen –ls’. Attach to it with ‘screen –r’. Add module’s details to gdb with add-symbol-file. 4/29/2006 Murthy Si. SCSI 26
![Expected Savings in IPsec Computational effort Under Available options 364 2 23 Under Expected Savings in IPsec Computational effort Under Available options (3*64 + 2 *(2+3)) Under](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-27.jpg)
Expected Savings in IPsec Computational effort Under Available options (3*64 + 2 *(2+3)) Under Proposed scheme (64 + 2*(2+3)) Encrypted 202 16 -byte blocks Encrypted 74 16 -byte blocks Decrypted 20216 -byte blocks Decrypted 7416 -byte blocks Data shown below is for the round trip of 1 K of user data 4/29/2006 Murthy Si. SCSI 27
![Performance data with available alternative on UML test bed 4292006 Murthy Si SCSI 28 Performance data with available alternative (on UML test bed) 4/29/2006 Murthy Si. SCSI 28](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-28.jpg)
Performance data with available alternative (on UML test bed) 4/29/2006 Murthy Si. SCSI 28
![Performance data under proposed scheme on UML test bed 4292006 Murthy Si SCSI 29 Performance data under proposed scheme (on UML test bed) 4/29/2006 Murthy Si. SCSI 29](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-29.jpg)
Performance data under proposed scheme (on UML test bed) 4/29/2006 Murthy Si. SCSI 29
![Impact of File size on performance 4292006 Murthy Si SCSI 30 Impact of File size on performance 4/29/2006 Murthy Si. SCSI 30](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-30.jpg)
Impact of File size on performance 4/29/2006 Murthy Si. SCSI 30
![Lessons Learnt l l l i SCSI Initiator and Target Apps and modules need Lessons Learnt l l l i. SCSI Initiator and Target (Apps and modules) need](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-31.jpg)
Lessons Learnt l l l i. SCSI Initiator and Target (Apps and modules) need to built on host machine and installed into UML rootfs. Take care to point to right kernel tree. UML Kernel support for iscsi_transport needs to be configured as a module and not static. Debugging modules (Linux and i. SCSI) inside UML proved very tricky. TCP checksum needs to be recomputed in IPSec after segmented encryption on initiator. Also after decryption of data that has been read back. The payload length is held very dearly by i. SCSI layer (Both initiator and target). Trying to tweak the length in IP layer doesn’t work ! 4/29/2006 Murthy Si. SCSI 31
![Future Efforts l l l Expand to include arbitrary file sizes Include in Future Efforts • l l l Expand to include arbitrary file sizes Include in](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-32.jpg)
Future Efforts • l l l Expand to include arbitrary file sizes Include in an IPsec + i. SCSI TOE User interface, /Proc system based enhancements to improve flexibility, security Ability to mark packets using netfilter hacks. Expand IPsec key generation mechanism to include i. SCSI With some modifications, the same scheme can be used to encrypt with application layer SW and NOT Re-encrypt/decrypt at IPsec. 4/29/2006 Murthy Si. SCSI 32
![Conclusions l l An asymmetric IPsec protocol enhancement was developed for improving the security Conclusions l l An asymmetric IPsec protocol enhancement was developed for improving the security](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-33.jpg)
Conclusions l l An asymmetric IPsec protocol enhancement was developed for improving the security and performance of remote online backup systems. Demonstrated how UML can be used to facilitate kernel/networking software. development. An invention disclosure was filed with University of Colorado Tech Transfer Office. A paper to be submitted to ICNP conference. 4/29/2006 Murthy Si. SCSI 33
![Benefits of the scheme l Addresses gaps in storage security expected to improve performance Benefits of the scheme l Addresses gaps in storage security, expected to improve performance](https://slidetodoc.com/presentation_image_h2/11b2b69a154face73878c43dbc6dcd15/image-34.jpg)
Benefits of the scheme l Addresses gaps in storage security, expected to improve performance and eliminate need for multiple tools to provide security. l Cuts hardware costs. CPU/TOE on the Target need not be as fast as those on Initiator. Or can be used to process more requests. l Flexibility – The scheme can be used with any Encryption and Authentication scheme supported by IPsec. l The scheme does not weaken other security measures. l The idea of the scheme probably can be applied to SSL tunneling. 4/29/2006 Murthy Si. SCSI 34
Dr andukuri
Allocative efficiency vs productive efficiency
Productively efficient vs allocatively efficient
Productive inefficiency and allocative inefficiency
Allocative efficiency
C b a d
Pranav murthy
Murthy gokula
Jln murthy
Shashi murthy
Jobtracker
Ashlesh murthy
K ramachandra murthy
I scsi
Russell odom and clay lawson
I scsi
Dorothea puente victimology
Serial attached scsi expanders
I scsi
Puerto atx btx
Levelez
Selection rule for raman spectroscopy
Asymmetric synthesis example
Pkix architectural model
Game theory asymmetric information
Perbedaan antara symmetric dan asymmetric multiprocessing
Dihydropyridine
Aes des
Asymmetric communication
Symmetric and asymmetric matrix
Asymmetric key authentication
Asymmetric dominance effect
Asymmetric encryption java
Asymmetric vlan
Asymmetric vlan