Tip

Are you ready for storage security standards?

Dr. Vijay Ahuja
Founder and President,

    Requires Free Membership to View

Cipher Solutions Inc.
Dr. Vijay Ahuja is the president and founder of Cipher Solutions Inc., a professional services company that assists its clients in implementing storage security and offers customized seminars on storage and network security issues. Dr. Ahuja has been an industry leader in network security and more recently in storage security.

Storage security has been in limelight for last two to three years. There has been an earnest effort by vendors, consortia and standards bodies to design, develop, document and deliver some of the security technologies to protect storage network resources.

From the perspective of storage security standards, ANSI's T11 Technical Committee's Fibre Channel Security Protocols (FC SP) Workgroup has been developing security standards for Fibre Channel and the first working draft of the document has been just published. This document is the start of what should evolve into a comprehensive set of Fibre Channel security standards. This working draft includes the first significant step in storage security – authenticating the storage network entities.

The scope of the draft document includes:

  • Protocols to authenticate and setup secrets for Fibre Channel entities
  • Protocols for frame-by-frame integrity and confidentiality
  • Protocols to define and distribute security policies

The draft has detailed descriptions of some of the authentication protocols. Three protocols are outlined:

  • DH CHAP (Diffie Hellman Challenge Handshake Authentication Protocol) based on well-known CHAP scheme
  • FCAP (Fibre Channel Authentication Protocol) using digital certificates
  • FCPAP (Fibre Channel Password Authentication and Key Exchange Protocol) using Secure Remote Password (SRP) scheme

Each protocol provides for authenticating the storage entities and optionally generates a shared secret key among the authenticating entities. These shared keys may be used for possible confidentiality of frames using IPSec ESP protocol. DH CHAP is mandatory, while FCAP and FCPAP are optional authentication protocols. The draft document is dated March 2, 2003 and is available as document number T11/03-149v0. It is termed as "a working draft" and as such it is subject to changes and revisions until finalized.

So what does it mean for an enterprise? The answer lies in your storage security policies. You should roll out security technologies according to your storage security needs. In terms of standards, the security protocols for Fibre Channel are being developed in the following order:

  • Storage authentication protocols to authenticate entities within storage networks
  • Details of protocols to provide confidentiality
  • Integrity of Fibre Channel data at frame level


This was first published in April 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.