A Credential-based Security Mechanism for Object-based Storage
Unlike Direct Attached Storage (DAS), Network Attached Storage (NAS) or Storage Area Network (SAN), Object-based Storage, an emerging network storage technology, separates the control path, the data path and the management path, and enables direct interaction between clients and the storage devices. Clients acquire only the metadata information and some cryptographic primitives from the metadata servers. The Clients, the metadata servers and the storage devices are separate, so it is very important to construct a security mechanism for securing data exchange between them. In this paper we present a credential-based security mechanism for Object-based Storage that stands on existing security infrastructure. In this mechanism, the Object-based Storage Device (OSD) security model is a credential-based access control system, and commands transfer and data access both need be authorized. The Client requests a credential including a capability key from the Security Manager after authenticated by the Security Manager through a PKI system. The Security Manager and the OSD Device (OBSD) have a shared secret key to calculate the capability key which is used as a single secret key to identify the integrity of credential and encrypt the communications between the Client and the OBSD.
Zhongmin Li Zhanwu Yu
State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing Wuhan University Wuhan, Hubei, China, 430079
国际会议
2006 International Conference on Communications,Circuits and Systems(第四届国际通信、电路与系统学术会议)
广西桂林
英文
1610-1614
2006-06-25(万方平台首次上网日期,不代表论文的发表时间)