| With the advance of informationization level, a variety of data expand at anincredible rate. The rapid development of network promotes the rapid development ofstorage prototype in the direction of data-centric and network-centric. Data is valuableresources for users, so the importance of data decides the importance of data security.The network storage security means that ensuring data confidentiality, integrity,availability and non-repudiation in the storage equipment or during the transmission,and ensuring the reliability of the entire network storage system.The large-scale and high performance of mass storage system presents newchallenges to the network storage security. With the arising of trusted computingtechnology, new needs is raised for network storage security. With the thoughts oftrusted computing and provable security, we study the security of network storageprotocol. The main contributions are as follows:1. The access control and secure data transmission among the servers, the disks andthe user are the basic security requirements for network storage. The current NASDcould not satisfy the security requirements for network storage system. Then, a provablysecure trusted protocol for NASD was proposed. The protocol achieves authentication,key agreement and secure channel within two rounds among the server, the disks andthe user. At the same time, the protocol could realize the platform authentication andplatform integrity verification in the first round of protocol interaction, which improvesthe efficiency of the protocol, and prevent the server from malicious attacks effectively.Finally, the analysis results show that the protocol is SK-secure in CK model, whichachieves data confidentiality, integrity and non-repudiation.2. The OSD and SAN have their own disadvantage in the construction of massstorage system. Then, a network storage system based on the Public Key Infrastructurewas proposed. The user is identified and maintained by the CA. Such system will realizeauthentication and issue capabilities in different servers, which can improve theexpansibility and the bottleneck of the server for the original system. At the same time,a secure storage network protocol for the new system was proposed and analyzed byusing CK model. The results show that the new system has high bandwidth, low latency,expansibility, large-scale, high security and low cost, which is suitable for mass storagesystem.3. Merging a variety of network storage systems is an economical and practicalmethod, but it also brings some new security issues. Then, a scheme for merging SAN and NASD into a new network storage system was proposed. Such system has highbandwidth, expansibility, large-scale, which is suitable for mass storage system. Thestorage system of multi-domain is merged by the distributed security storagearchitecture based on the identity. At the same time, a secure trusted storage networkprotocol for the new system was proposed. Such protocol is composed of twosub-network protocols, trusted access protocol and secure channel protocol. Finally, theCK model is used to analyze the security of the protocol. The results show that the newnetwork storage system will be secure if SAN and NASD are secure. |
PDF Full Text Request