Design And Implementation Of NAS-Based Network File Security Storage System

With the rapid development of network and data storage technology, whether the governments, enterprises or individuals are increasingly dependent on computers to store information, and transmit or exchange important information through the network. The internal documents of legal metrology verification institution relate to the core interests of inspection companies and the credibility of verification institution. But the electronic documents has the security risks of being leaked, tampered, repudiated and so on when they are transmited or stored in the network. Therefore, a network file security storage system based on NAS is designed and implemented in this thesis.The system is based on the research of network storage, cryptography, PKI, access control and identity authentication technology. And to meet the security requirements of storage and transmission in the practical conditon, a storage model based on NAS is brought forward which trusts a third party to store and manage keys. This provides a whole security solution for the network file storage system from the system perspective. In the model, the public keys are managed by PKI to make the keys distribution convenient and to implement the user identity authentication; otherwise the private key is saved in the USB Key to avoid the risk of easily eavesdropping for that stored on the hard drive.Common users can upload, download and delete files in the network storage system, and administrators can manage the roles and users who can use it. The system implements the usability, security, privacy, reliability, integrality and non-repudiation of data, and has the characteristics of ease of use, scalability, maintainability and so on. The files and their keys have been encrypted when they are being transmitted and stored. The file data is encrypted by symmetric algorithm to improve the performance, and then the asymmetric algorithm is used to protect the key.In this thesis, firstly, the research background and present situation are introduced, and the research content and main work of the subject is given. Then, the network storage model, cryptography theory, public key infranstructure, access control and identity authentication technology are studied deeply, and the advantages, disadvantages and applicable conditions of each technology are analysed. Based on the research and analysis of above theories, in the part of system analysis, the implementation scheme and development environment of the system are determined according to the practical condition and system requirements. Then, the architecture and function modules are designed according to the system requirements, and then the concrete design of each module is given in detail. In the part of system implementation, the detailed implementation and the key technologies of each module are described. At last, the system is tested in the environment of PC instead of special equipment. Compare with transmitting file data through Windows ftp command, the system is proved to provide strong security services and also can satisfy the basic performance requirements for users.