This paper presents a strong security scheme for network-attached storage (NAS) that is based on capability and uses a key distribution scheme to keep network-attached storage from performing key management. Our system uses strong cryptography to protect data from spoofing, tampering, eavesdropping and replay attacks, and it also guarantees that the data stored on the storage is copy-resistant. In spite of this level of security, our system does not impose much performance penalty. Our experimental results shows that, using a relatively inexpensive CPU in the storage device, there are little performance penalty for random disk accesses and about 9-25% performance degradation for large sequential disk accesses (≥ 4 KB).