A Security Scheme for United Storage Network
USN realizes the integration of SAN and NAS with IP network, but it brings new security consideration such as user authorization, data privacy and integrity. A USN model based on the third party transfer protocol is suggested to realize the security scheme. This security scheme has the following characteristics: A key distribution scheme is used to create credentials for users in order to reduce authorization server performance penalty; Using HMAC authenticates users requests so as to minimize computation overhead; Performing encryption/decryption of data at clients and storing data checksums on the storage will minimize the storage performance penalty; The lockbox is used to integrate keys in order to minimize the sum of keys need managed by authorization server. Experiments show that it takes less than 10% performance overhead to realize the security scheme for USN comparing the baseline USN.
Unable to display preview. Download preview PDF.
- 1.Vorugaanti, K., Sarkar, P.: An Analysis of Three Gigabit Networking Protocols for Storage Area Networks. IEEE, Los Alamitos (2001)Google Scholar
- 2.Baumert, C.: Secuing IP Storage Networks. Cylink Corporation, USA (October 2002)Google Scholar
- 3.Gibson, G.A., van Meter, R.: Network Attached Storage Architecture. Communication of Theacm (November 2000)Google Scholar
- 4.Zhiheny, W., Yingcai, B.: A New Scheme of Integrating NAS with SAN. Journal of Shanghai Jiaotong University E-8(1) (2003)Google Scholar
- 5.Yingwu, Z.Y.H.: SNARE: A Strong Security Scheme for Network-Attached Storage. In: The 2nd International Symposium on Reliable Distributed Systems, SRDS 2003 (2003)Google Scholar
- 6.Reidel, E., Kallahalla, M., Swaminathan, R.: A framework for evaluating storage systems security. In: The 1st conference on File and Storage Technologies (FAST) (January 2002)Google Scholar
- 7.Miller, E., Long, D., Freeman, W., Reed, B.: Strong Security for Network-Attached Storage. In: The FAST 2002 Conference on File and Storage Technologies (January 2002)Google Scholar