Design And Implementation Of Authentication Mechanism In Object-based Storage System

With the trend of network development in information storage, data storage security has became a major concern. The first step of data security is to establish a good authentication mechanism.Among today's widely used storage systems, Object-Based Storage (OBS) shows a good performance, which organizes object as the basic data structure. It overcomes the expansion shortage of Network-Attached Storage (NAS), and the shared limitation of Storage Area Network (SAN). OBS optimizes the data sharing platform and provides high-performance access. The authentication mechanism built on the OBS system uses a Trusted third party Agency (TA) to handle the user information registration process and identity management. Identity-based signature is used to check the certificate integrity. The authentication process utilizes the two-stage certification mechanism. The first stage happens in MetaData Server (MDS), and the second stage happens in Object-based Storage Device (OSD).Metadata server authentication efficiency affects as a key factor for the performance of the storage system. Based on the two-stage certification mechanism, an improved model is designed. In this model, MDS can optionally select different authentication mechanisms, depending on the metadata information need and the operation type. The metadata stored in MDS can be divided into positioning metadata and privacy metadata. The positioning metadata can be obtained directly, but the privacy metadata requires authentication to get through. To prevent unauthorized users from accessing the device by positioning metadata, the object storage device (OSD) is responsible for two-way authentication in the second stage. Improved MDS design aims at reducing costs while ensuring safety.Comprehensive test is used between Two-stage certification mechanism and the improved MDS certification mechanism. The results show that using password authentication and two-stage authentication mechanism would less affects the overhead and throughput of the storage system. What's more, improved design of MDS authentication mechanism can further reduce the security overhead, with a small loss in performance greatly increases the efficiency of authentication.