TY - GEN
T1 - Design, implementation and evaluation of security in iSCSI-based network storage systems
AU - Chaitanya, Shiva
AU - Butler, Kevin
AU - Sivasubramaniam, Anand
AU - McDaniel, Patrick
AU - Vilayannur, Murali
PY - 2006
Y1 - 2006
N2 - This paper studies the performance and security aspects of the iSCSI protocol in a network storage based system. Ethernet speeds have been improving rapidly and network throughput is no longer considered a bottleneck when compared to Fibre-channel based storage area networks. However, when security of the data traffic is taken into consideration, existing protocols like IPSec prove to be a major hindrance to the overall throughput. In this paper, we evaluate the performance of iSCSI when deployed over standard security protocols and suggest lazy crypto approaches to alleviate the processing needs at the server. The testbed consists of a cluster of Linux machines directly connected to the server through a Gigabit Ethernet network. Micro and application benchmarks like BTIO and dbench were used to analyze the performance and scalability of the different approaches. Our proposed lazy approaches improved through-put by as much as 46% for microbenchmarks and 30% for application benchmarks in comparison to the IPSec based approaches.
AB - This paper studies the performance and security aspects of the iSCSI protocol in a network storage based system. Ethernet speeds have been improving rapidly and network throughput is no longer considered a bottleneck when compared to Fibre-channel based storage area networks. However, when security of the data traffic is taken into consideration, existing protocols like IPSec prove to be a major hindrance to the overall throughput. In this paper, we evaluate the performance of iSCSI when deployed over standard security protocols and suggest lazy crypto approaches to alleviate the processing needs at the server. The testbed consists of a cluster of Linux machines directly connected to the server through a Gigabit Ethernet network. Micro and application benchmarks like BTIO and dbench were used to analyze the performance and scalability of the different approaches. Our proposed lazy approaches improved through-put by as much as 46% for microbenchmarks and 30% for application benchmarks in comparison to the IPSec based approaches.
UR - http://www.scopus.com/inward/record.url?scp=34547471190&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34547471190&partnerID=8YFLogxK
U2 - 10.1145/1179559.1179564
DO - 10.1145/1179559.1179564
M3 - Conference contribution
AN - SCOPUS:34547471190
SN - 1595935525
SN - 9781595935526
T3 - Proceedings of the Second ACM International Workshop on Storage Security and Survivability, Storage SS'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
SP - 17
EP - 28
BT - Proceedings of the Second ACM International Workshop on Storage Security and Survivability, StorageSS'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
T2 - 2nd ACM International Workshop on Storage Security and Survivability, StorageSS'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Y2 - 30 October 2006 through 30 October 2006
ER -