EFFICIENT ASYMMETRIC IPSEC FOR SECURE ISCSI

Murthy S. Andukuri, C. Edward Chow

Abstract

In this paper we propose a new asymmetric IPsec scheme to enhance the security of data at the remote end, while simultaneously improving the overall performance. The idea is to apply IPsec encryption/decryption in a segmented manner on the iSCSI traffic, such that the user data remains encrypted after leaving the sender, and is decrypted only when it is retrieved by the sender. A dual key cryptographic scheme is proposed where the private key is used to encrypt the iSCSI payload at the sender and traditional IPsec is modified to encrypt/decrypt only on the TCP/iSCSI headers. A development test bed was built using User-Mode-Linux virtual machines for developing and debugging the asymmetric IPsec software and running as the sender and receiver to verify the functionality and security features of the proposed design. A benchmark test bed was built with two real PCs where the asymmetric IPsec modules can be dynamically loaded. The performance results show that the existing implementation of the proposed asymmetric IPsec scheme reduces the IPsec processing time by about 25%.

References

  1. Kirk, J., 2006, “Symantec unveils remote data backup software” by Jeremy Kirk, http://www.computerworld.com/securitytopics/ security/story/0,10801,110148,00.html Clark, T., 2002, “IP SANs: A Guide to iSCSI, iFCP, and FCIP Protocols for Storage Area Networks”. Addison Wesley Professional, 2002.
  2. Shurtleff, J., 2004, “IP storage: A review of iSCSI, FCIP, iFCP,” 2004. http://www.iscsistorage.com/ipstorage.htm RFC2401, 1998, “Security Architecture for IP,” Kent & Atkinson.
  3. †: This research work was supported in part by two NISSSC AFOSR grant awards under numbers FA9550- 06-1-0477 and FA9550-04-1-0239.
Download


Paper Citation


in Harvard Style

S. Andukuri M. and Edward Chow C. (2010). EFFICIENT ASYMMETRIC IPSEC FOR SECURE ISCSI . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 314-317. DOI: 10.5220/0002996903140317


in Bibtex Style

@conference{secrypt10,
author={Murthy S. Andukuri and C. Edward Chow},
title={EFFICIENT ASYMMETRIC IPSEC FOR SECURE ISCSI},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={314-317},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002996903140317},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - EFFICIENT ASYMMETRIC IPSEC FOR SECURE ISCSI
SN - 978-989-8425-18-8
AU - S. Andukuri M.
AU - Edward Chow C.
PY - 2010
SP - 314
EP - 317
DO - 10.5220/0002996903140317