| With the fast development of information technology, each individual and organizational have much more demand for information storage, as a result the Storage Area Network is used intensively now. There are two types of SAN: FC-SAN and IP-SAN, but they all have fine feathers and defects. Once the two merge together, it can take advantage of each other and meet the needs of different users.The FC-SAN and the IP-SAN all have security issue, and when they are merged, new problem will appear. This paper researched on the integration storage system and designed a security solution. The security of storage includes secure authentication, access control, security of dynamic data and static data. Based on the integration storage system, the Challenge Handshake Authentication Protocol was improved for secure authentication between the user and the storage controller. The Fiber Channel Protocol is different from the Internet Protocol, so the FC initiator used the out-band mode while the IP initiator used in-band mode. A group and role based access control model was proposed, the group was used to control access to the device and the role was used to control access to the file. The data transmited in ethernet is unsafe, so a C/S mode Virtual Private Network was designed to protect the dynamic data. The XTS-AES algorithm was used to encrypt the data on the devices, while the secret keys were assigned and managed uniformly. So the static data on the devices is safe even if the devices are lost.The experiment results show that the security solution can provide the integration storage system with reliable security guarantee, at the same time, the Virtual Private Network and the XTS-AES algorithm only take little overload for the system. |
PDF Full Text Request