TLS for Storage Systems

Transport Layer Security (TLS), sometimes referred to as SSL (deprecated predecessor), is an important mechanism for preventing eavesdropping, tampering, and message forgery of network-based communications between clients and servers. The stream-oriented TLS is designed to run on top of a reliable transport protocol (e.g., TCP); however, the Datagram Transport Layer Security (DTLS) provides similar security guarantees for datagram-based applications. To fully exploit the security protections of TLS and DTLS, care must be exercised in selecting certain options and features (e.g., cipher suites) as well as correctly handling operational details (e.g., certificate validation and management). As with many aspects of security, TLS/DTLS must be adjusted to respond to changes in the threat landscape, so these adjustments need to be factored into TLS/DTLS implementations and use. TLS and DTLS, to a lesser degree, are important security protocols used with many storage systems, which increasingly use RESTful APIs and Web-based management interfaces (e.g., SMI-S, CDMI, and Swordfish). This session highlights important TLS/DTLS details that are relevant to storage systems. In addition, information will be provided on recent changes and anticipated changes that could have an impact on storage infrastructures.

Learning Objectives

Recognize the key aspects of TLS/DTLS,Understand the storage issues associated with TLS/DTLS use,Awareness of common security expectations and requirements for TLS/DTLS