Alogorithm - Secure iSCSI Storage Protocol with Hash Pair Mechanism

Abstract— iSCSI communication traffic is authenticated through the session establishment phase of the initiator and target. Both have to establish an iSCSI session before the data is accessible. During this login phase, both participating parties need to exchange information to authenticate each other, negotiate the session's parameters, and spot the connection as belonging to an iSCSI session. But this authentication is still happening at the iSCSI layer and is still vulnerable to corruption. The proposed method will further secure the traffic by adding one more layer of security at the iSCSI layer and the IP layer. This will be achieved with the help of a Hash pair mechanism and a preshaare password between the initiator and target which will generate a digital signature to be included in the iSCSI PDU or frame. Also at another level, the IP layer, we further authenticate the IP header with the help of a second hash pair mechanism which gives us the hashed IP header to prevent security threat. I.INTRODUCTION OF STORAGE SOLUTION iSCSI-An OverviewiSSCS is a transport protocol for SCSI that operates on top of TCP through encapsulation of SCSI commands in a TCP/IP stream. It enables the transport of I/O Block data over IP Networks.  Mapping SCSI to iSCSITrannspor Layer-1. Multiplexing , Fragmentation , 2. Port link Establishment (Default 3260) 3. Flow control Using Sliding Window Protocol 4. Synchronize Out of order packet and discarded Packet. Internet Protocol Layer-1. Network layer to IP-Based SAN 2. Maintains IP address 3. IP Routers & Switches used to transfer iSCSI PDU. Data Link Layer-1. Gigabit Ethernet (GbE) iSCSI Connection and Session establishmentiSSCS Connection: 1. Verify a TCP connection over which the initiator and target communicate via iSCSI PDUs. 2. Verify uniquely identified in a session by an initiator defined connection ID (CID). Securing iSCSI Storage Solution Using Hashed Pair Mechanism Author -Madhukar Gunjan C, LSI Technologies India Pvt Ltd., INDIA 13. Verify the response and any data associated with an iSCSI command must be returned on the same connection. iSCSI Session: 1. Verify a set of iSCSI connections that link an iSCSI initiator and target. 2. Verify uniquely identified by a 64 bit Session ID (SID) built from a 48 bit initiator defined Initiator Session ID (ISID) and a 16 bit target defined Target Session Identifying Handle (TSIH). 3. Verify resources of a target (i.e., LUNs) must be identical across all connections that make up a session. 4. Verify commands can be alternated across all connections in a session for bandwidth aggregation. 5. Verify error recovery connections can be created on the same network portal as a failed connection. Security at Risk-The existing solution takes care of Security Risk at the initial stage to protect initial login attack. Initial authentication mechanisms may include a SRP to validate the integrity of the sessions. So we are least bothered and taking care of active attacks on session authentication, and about active attacks on the TCP/IP sessions that result after the authentication (e.g., TCP/IP Snooping), Since there is no strong protection provided at iSCSI layer and IP layer protection available at this stage. The diagram shows the various phases of iSCSI layer authentication. The authentication is done at the initial login phase only. Also currently there is no authentication happening at the IP layer level. Disadvantages-In most cases, the data is more important than performance. After the Full featured Phase, the initiator sends SCSI frames and the data as payload within the iSCSI PDU. At this stage it is possible for a snooper to attack over the IP network and perform the following harmful acts: 1. Hack the confidential data. 2. Inject error during data transmission. 3. Alter the packets containing data and SCSI command messages. 4. Access passwords from iSCSI login frame. 5. Reset the Connection and play havoc by attacking the security negotiation process Details of Solution-In iSCSI, a SCSI command is encapsulated in TCP/IP packets and transferred between a server (initiator) and a storage device (target) via IP networks. Since standard SCSI commands are embedded in iSCSI, users can operate a remote storage device directly as if they were accessing to a local disk connected to the server. The frame structure is something like:-To start with we require the user to provide with a password at the application level. This password is preshaare between the initiator and the target at the onset only. We would use this password later to generate a digital signature at the iSCSI layer. Here we are going to have the first Hash Value function which will use the pre-shared password and generate a digital signature which goes into the iSCSI frame. We will add this piece of information in addition to the iSCSI Header, the SCSI data or command in the iSCSI frame. The hash value function will work in the following way:-H(input) =h Where:-Input is the Pre-shared password which the user specifies, H is the hash function which takes a variable size input and returns a fixed sized string which is called the hash value h, which in our case would be the digital signature. The function would also have an inverse which will return the input variable when passed the digital signature as an argument. H’(h)=input 2Let us look at this with the following diagram-At this stage we secure the iSCSi session establishment with the help of this digital signature and the 1st hash value function [HVF1]. We would be having a reverse hash function at the other end [target] which will, from the digital signature, re-generate the pre-shared password and authenticate the session. Once the passwords match we establish the connection. Once the iSCSI session is established, then everything goes as before till we come to the IP layer. At this stage we would have a second hash function [Hash Value Function 2 or HVF2] which will take the initiator IP header and feed it into the function to generate a hashed IP header. Again at the target side we have a reverse of the hash function which will re-generate the Original IP header from the initiator. Now from the original IP header we extract the source and destination IP’s and confirm them with an address index table present at this layer. This table is updated with all the IP’s of the devices that are participating and are active in the network and is available with all the devices in the network. The Address index table is updated automatically as and when new devices join or leave the network. The table will be something like this:-Initiator/Host IP Target/ISCSI Target Port IP 172.28.10.11 10.10.11.12 172.28.11.10 10.10.11.13 Address Index Table Once the source and destination IP’s are matched, we secure the connection and ensure that no spoofing is happening. This way we make sure that the source and destination IP’s re-generated from the hashed function are always valid IP’s and are tamper proof. Now this index table functionality is something new which would be present at the IP layer level of all devices. However we would want to have this table to be administratively monitored and edited if required. The following diagrams explain the concept from the initiator and target perspective-From Initiator/Host to ISCSI Target 3From ISCSI Target to Initiator/Host The flow chart of the whole process would be as per the following diagram:-Ethernet Frame Received Filter Hashed IP Header Reverse HVF2+Hashe d IP Header =Origi nal IP Header Is Src IP Addr in IP Header= initiator IP Addr of Index Table && Is Dest IP Addr in IP Header= Target IP Addr of Index Table Discard The Frame Move frame to TCP Layer Filter out iSCSI PDU Is Digital Sign included in the ISCSI PDU + HVF1 = Pre-Shared User Password Discard The Frame Bona-fide SCSI Frame. Access to Storage or Target GrantedYes Yes Yes Yes Yes Yes Yes NoNo Features: 1. The digital signature feature can also be used in case of IPV6. 2. The address index table can be administratively edited to allow or deny devices participating in the network. 3. Hash pair functionality can be implemented either on a dedicated piece of hardware i.e. offloading the CPU computation onto a HBA (Host Bus Adapter) or on Software initiators and targets i.e. virtual SCSI adapters. Advantages: 1. Authentication and Confidentiality – Ensures that the identities of both the sender and the receiver of a communication are authentic 4before information is exchanged and keeps important information confidential, private and within the control of the owning organization. 2. Data Integrity – Ensures the data integrity during transmission. We can be now sure that data is not stolen, deleted or maliciously altered. Thus this mechanism prevents storage networks from being compromised. 3. Implementation – The above described mechanism only requires a small amount of code addition to the iSCSI driver and to the NIC/HBA card driver and will be easy to implement. Disadvantages-1. Since we are not changing the frame size, some amount of payload data has to be compromised in order to accommodate the digital signature. Usage-1. This mechanism can be used with already existing infrastructure and would be helpful in securing iSCSI traffic. And the overall solution would greatly minimize unauthorized access to data and make the network more robust. Terms Used-NIC – Network Interface Card HBA – Host Bus Adaptor PDU – Protocol Data Unit HVF – Hash Value Function References [1] www. ietf .org/rfc/rfc3720.txt [2]http://research.microsoft.com/users/mi ronov/papers/hash_survey.pdf Author's Address-Madhukar Gunjan C LSI Technologies India Pvt Ltd. #4/1,Baneerghatta Road, Bangalore-560076 5