Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security Mechanisms? Xiaojun Ruan, Adam Manzanares, Shu Yin and Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin [email protected]
Nov 19, 2014
Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security
Mechanisms?
Xiaojun Ruan, Adam Manzanares, Shu Yin and Xiao Qin
Auburn Universityhttp://www.eng.auburn.edu/~xqin
2 04/08/23
IntroductionIntroduction
04/08/23
IntroductionIntroduction
404/08/23
IntroductionIntroduction
Proposed Architecture
• Write requestsWrite requests • Read requestsRead requests • Data movementData movement • Power Power
ManagementManagement
Disk 1 Disk 2 Disk 3 Disk 4 Disk 5
Buffer Disks
RAM BufferRAM Buffer Buffer Disk Controller
Buffer Disk ControllerDisk RequestsDisk Requests
Security vs. Power Consumption
ACM Transactions on Information and System Security, Vol. 9, No. 2, May 2006.
R. CHANDRAMOULI et. al
Improve both Energy Efficiency and Security: Approach 1
• To improve the energy efficiency of security To improve the energy efficiency of security mechanisms in disk systems mechanisms in disk systems
Security Mechanisms
Improve Energy
Efficiency
Improve both Energy Efficiency and Security: Approach 2
• To integrate conventional security services To integrate conventional security services with energy-efficient disk architectures.with energy-efficient disk architectures.
Security Mechanisms
Energy Conservation Schemes
Table 1 System Parameters of the Testbed
CPU SpeedPentium 4 2.4 GHZ
Memory 512 MB
Operating System Ubuntu 7.10
USB 1.1 12 Mb/s
HD Bus IDE
XysslXyssl
• Implements many popular encryption Implements many popular encryption algorithmsalgorithms
• Provides sample programsProvides sample programs• Allowed us to develop software based Allowed us to develop software based
on the sample programson the sample programs
ConkyConky
• Lightweight system monitorLightweight system monitor• Highly configurableHighly configurable• Simple text configuration fileSimple text configuration file
ConkyConky
Testbed InformationTestbed Information
• Encryption AlgorithmsEncryption Algorithms• 3DES3DES• AESAES
• Hash FunctionsHash Functions• MD5MD5• SHA-1SHA-1• SHA-256SHA-256
• RSA Signature VerificationRSA Signature Verification
Possible BottlenecksPossible Bottlenecks
Receive
Encrypt or Verify
Store
Flash Drive (Network)
CPU
Hard Disk
Experiment ResultsExperiment Results
• MD5 VerificationMD5 Verification
Experiment ResultsExperiment Results
• MD5 VerificationMD5 Verification
Experiment ResultsExperiment Results
• SHA-1 VerificationSHA-1 Verification
Experiment ResultsExperiment Results
• SHA-1 VerificationSHA-1 Verification
Experiment ResultsExperiment Results
• RSA VerificationRSA Verification
Experiment ResultsExperiment Results
• RSA VerificationRSA Verification
Experiment ResultsExperiment Results
• Advanced Encryption StandardAdvanced Encryption Standard
Experiment ResultsExperiment Results
• Advanced Encryption StandardAdvanced Encryption Standard
Experiment ResultsExperiment Results
• 3DES3DES
Experiment ResultsExperiment Results
• 3DES3DES
A Sample Table
CPULoad
ReadLoad
WriteLoad
Save Energy for Reads?
Save Energy for Writes?
MD5 M H M Unlikely Yes
SHA1 M VH M Unlikely Yes
SHA2 M VH M Unlikely Yes
RSA M VH M No Yes
AES VH VH M No Yes
3DES EH M L Yes Yes
ConclusionConclusion• For MD5, SHA-1, SHA-2 and RSA, the For MD5, SHA-1, SHA-2 and RSA, the
bottleneck is the reading speed due to the bottleneck is the reading speed due to the network data transmitting rate.network data transmitting rate.
• For 3DES, bottleneck is CPU, because For 3DES, bottleneck is CPU, because 3DES algorithm’s workload is very high.3DES algorithm’s workload is very high.
• There is no space to save energy for There is no space to save energy for Bottleneck components Bottleneck components
Major drawbacks of this researchMajor drawbacks of this research• Workload was not representativeWorkload was not representative
• Dedicated I/O workload.Dedicated I/O workload.• Did not consider access patterns of a single Did not consider access patterns of a single
user / multiple usersuser / multiple users
• Test bed was not representative Test bed was not representative • An emulated network environment.An emulated network environment.• Only evaluated a single disk rather than parallel Only evaluated a single disk rather than parallel
disksdisks
Download the presentation slideshttp://www.slideshare.net/xqin74
Google: slideshare Xiao Qin
Download our paper
Google: Xiao Qin
X.-J. Ruan, A. Manzanares, S. Yin, M. Nijim, and X. Qin, “Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security Mechanisms?” Proc. 4th IEEE Int'l Conf. Networking, Architecture, and Storage, July 2009.
http://www.eng.auburn.edu/~xqin/pubs/nas09.pdf
Abstract: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5197358
QuestionsQuestions
??