A Secure Secondary Backup Storage with an Isolated Authentication

Abstract

The primary backup disks store sensitive data such as privacy information and enterprise secrets. However, they are not encrypted usually because they are shared among multiple users in real time. Nevertheless, there is no concept of additional backing up the disks except the RAID support. This paper introduces a secure secondary backup system for the primary backup disks. The proposed system encrypts the scheduled files and backups them into the secondary backup disks. The encryption process uses the encryption key provided from hardware security modules that were directly plugged into the disks during the synchronization step in which the HSMs authenticate the disk owners and then unplugged. This architecture mechanically separates the HSM from the host, makes it immune to the reverse attack at the host side and keeps the disks safe from the insider's attack combined with a physical theft.