| Compared to the traditional storage systems, the Object-Based Storage System with a new tripartite security protocol has many differences on security controls. As one of the main issues, the research on the security for metadata server is valuable to the security for the whole system.Based on the Oakley key determination protocol, an enhanced cookie authentication protocol is implemented by which the metadata server and the client can be sure of each other's identities without exchanging the password and agree on a secret key that is immediately available for use in encrypting the subsequence conversations.In order to fulfill the tripartite security protocol, a security manager is designed and implemented. The security manager is responsible for access controls and key management. As the heart of the security controls for the object-based storage system, the security manager implements: the three security methods of the OSD security protocol, the access control mechanism, as well as the key management and updating mechanism. All the functions above are fulfilled.We also evaluate the performance of our implementation. Compared with that of the system without any security mechanism, the performance of the system with the ALLDATA method decreases by roughly 50%, while the other security methods decrease by only 6%. Moreover, our experiments demonstrate that the time spent on metadata operations increases little, 50μsec at most for any of the three methods. |
PDF Full Text Request