| In the time of the network, the storage technology has been changing dramatically and has started a new time. SAN is an appealing technology in this field, recently. On the one hand, it could provide abundant, rapid and convenient storing resources for the applications in the network. On the other hand, it is able to manage the storing resources in a centralized manner. All above make SAN be the ideal storage management and application model.The encryption card introduced in this dissertation could be applied to the SAN. In this dissertation, firstly, we simply introduce the organization of the SAN, the FC protocol and the PCI Express protocol in the FC encryption card design. Then, we introduce the design of the FC encryption card in detail. And the encryption card, including the software driving, the key transmission between the PC and FPGA, and the encryption of the circuits, is set in front of the storing devices logically, which is mainly works in the FC-1 and FC-2 layers. In this dissertation, we focus on the last two parts. Before the data sending, the encryption card gets the key from the PC in the two following manners: the register group transmission and the DMA transmission. After that, FPGA would get the AES key from the PC, where the AES key has been encrypted through the AES-256 encryption scheme. Then through encryption in the FPGA, the AES key used for the data encryption would be finally obtained.After the data has been sent to the encryption devices, each data type in the FC protocol would be identified. The oxid and the Lun would be extracted in the reading and writing command frame and then stored in the form. And the data, which is then sent to the disk array and corresponding to the oxid, would be encrypted, after encryption, it would recalculate the CRC of the encrypted data. For the correct frame, it would add the correct CRC, and for the incorrect frame, it would add the incorrect CRC. It also calculates the RD value of the frame, which is encoded with the 8b/10b encoding scheme. Then the proper EOF would be chosen according to the RD. Next, the frame would be reassembled and sent to the links. When reading the data from the disk, some module would decode the data frame, which is corresponding to the oxid of the reading command, and clear the corresponding oxid in the form. Meanwhile, the FRAM_END would be interpreted to delete the items, for which there is no data corresponding to the oxid in the reading and writing command frame. We adopt AES-256 counter model as Encryption arithmetic.Finally, we introduce the simulation and the practical test of the FC encryption card. Through the data collected and displayed in the testing equipment, the encryption card meets the design requirements of the speed and the performance and has its value in practice. |
PDF Full Text Request