期刊文献+

iSCSI网络存储系统中加密方法研究与设计 被引量:8

An encryption method based on iSCSI network storage system
下载PDF
导出
摘要 由于iSCSI协议不提供安全服务,大部分网络存储也不具备加密功能,提出了一种面向iSCSI的实时加密模块,使得网络存储系统加载该模块后,能够为用户提供透明实时的数据安全服务。为iSCSI target设计了加密写和解密读流程,加解密模块相对原网络存储系统独立,不用更改系统内核,而iSCSI initiator不会感知加密操作的存在,基于标准iSCSI协议的客户端可直接使用。此外,利用多核网络处理器的加密协处理器,来优化读写性能。实验结果显示,系统并没有因为加密模块的引入而导致严重的性能损失,性能令人满意。 Due to the fact that the iSCSI protocol does not provide security services and most network storage systems do not have the encryption capabilities either, we propose a real-time encryption module for the iSCSI, which enables the network storage system to provide users with transparent real-time encryption services after loading this module. We design an encrypted writing and decrypted reading process for the iSCSI target. Since the encryption module is independent of the original network storage system, the operating system's kernel does not need to change. The iSCSI initiator does not perceive the existence of encryption operation, thus clients based on standard iSCSI protocol can use the service directly. In addition, we use the security coprocessor of the multi-core network processor to optimize the read and write performance. Experimental results show that introducing the encryption module to network storage system does not lead to serious loss of performance, and the system performance is satisfactory.
出处 《计算机工程与科学》 CSCD 北大核心 2016年第12期2456-2462,共7页 Computer Engineering & Science
基金 中国科学院战略性先导科技专项课题(XDA06010302) 国家863计划(2011AA01A102)
关键词 ISCSI协议 网络存储 实时加密 数据安全 网络处理器 iSCSI protocol network storage real-time encryption data security network processor
  • 相关文献

参考文献5

二级参考文献20

  • 1周敬利,徐锋,余胜生.Linux下基于iSCSI存储系统的实现与性能评测[J].计算机工程与科学,2004,26(6):1-3. 被引量:7
  • 2周敬利,杨光,余胜生,曾东.iSCSI存储系统中的安全性能研究及其模型实现[J].计算机工程,2005,31(2):160-162. 被引量:2
  • 3刘卫平,蔡皖东.基于IPSec的分级安全iSCSI技术研究[J].计算机工程,2006,32(9):162-164. 被引量:3
  • 4SKNRAD智能化存储网络公司.iSCSI V交换机-关于存储设备虚拟化管理的白皮书[M].,..
  • 5RFC3720,Intemet small computer systems interface(iSCSI)[EB/ OL].http://www.ietf.org/rfc/rfc3720.txt,2004.
  • 6Tang S-Yi, Lu Y, Du K. Performance study of software-based iSCSI security[C].Proceeding of the First International IEEE Se- curity in Storage Workshop,2002.
  • 7Shiva Chaitanya, Kevien Butler, Anand Sivasubramaniam. Design,implementation and evaluation of security in iSCSI-based network storage systems[C].Second ACM International Workshop on Storage Security and Survivability,2006.
  • 8Kamisaka K, Yamaguchi S,Oguchi M.Performance analysis of iSCSI middleware optimazed for encryption processing in a long-latency environment[C]. Proceedings of the 20th International Conference on Advanced Information Networking and Applications(AINA'06),2006.
  • 9Ashish Palekar,Narendran Ganapathy, Anshul Chadda, et al.Design and implementation ofa Linux SCSI target for storage area networks[C].Proceedings of the 5th Annual Linux Showcase and Conference,2001.
  • 10UNH-iSCSI project[EB/OL].http://unh-iscsi.sourceforge.rtet.

共引文献5

同被引文献61

引证文献8

二级引证文献18

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部