{"title":"基于软件的iSCSI安全性性能研究","authors":"Shuang-Yi Tang, Yingping Lu, D. Du","doi":"10.1109/SISW.2002.1183513","DOIUrl":null,"url":null,"abstract":"In this paper, we study possible iSCSI security different security requirements. To evaluate the performance of different security schemes, we conduct performance experiments using a software-based iSCSI implementation with proper security extensions. In data encryption schemes, we consider two alternatives, IP Security Protocol (IPSec) and Secure Socket Layer (SSL), and compare the resulting iSCSI performances with these two schemes. We find that the software-based iSCSI implementation offers reasonable throughput with a 2 GHz CPU at the network speed of 100Mbps; however, with a 1 GHz CPU, the software implementation is not capable of providing sufficient throughput with triple-DES encrypted storage data. In addition, we also find that IPSec ESP scheme has better performance when the requested data size is small, compared to SSL. Given that both performance and security are critical issues in the deployment of iSCSI, it is important to understand the tradeoffs between them. We believe that this study sheds some helpful light on this understanding.","PeriodicalId":183673,"journal":{"name":"First International IEEE Security in Storage Workshop, 2002. Proceedings.","volume":"130 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":"{\"title\":\"Performance study of software-based iSCSI security\",\"authors\":\"Shuang-Yi Tang, Yingping Lu, D. Du\",\"doi\":\"10.1109/SISW.2002.1183513\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we study possible iSCSI security different security requirements. To evaluate the performance of different security schemes, we conduct performance experiments using a software-based iSCSI implementation with proper security extensions. In data encryption schemes, we consider two alternatives, IP Security Protocol (IPSec) and Secure Socket Layer (SSL), and compare the resulting iSCSI performances with these two schemes. We find that the software-based iSCSI implementation offers reasonable throughput with a 2 GHz CPU at the network speed of 100Mbps; however, with a 1 GHz CPU, the software implementation is not capable of providing sufficient throughput with triple-DES encrypted storage data. In addition, we also find that IPSec ESP scheme has better performance when the requested data size is small, compared to SSL. Given that both performance and security are critical issues in the deployment of iSCSI, it is important to understand the tradeoffs between them. We believe that this study sheds some helpful light on this understanding.\",\"PeriodicalId\":183673,\"journal\":{\"name\":\"First International IEEE Security in Storage Workshop, 2002. Proceedings.\",\"volume\":\"130 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"28\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"First International IEEE Security in Storage Workshop, 2002. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SISW.2002.1183513\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International IEEE Security in Storage Workshop, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SISW.2002.1183513","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Performance study of software-based iSCSI security
In this paper, we study possible iSCSI security different security requirements. To evaluate the performance of different security schemes, we conduct performance experiments using a software-based iSCSI implementation with proper security extensions. In data encryption schemes, we consider two alternatives, IP Security Protocol (IPSec) and Secure Socket Layer (SSL), and compare the resulting iSCSI performances with these two schemes. We find that the software-based iSCSI implementation offers reasonable throughput with a 2 GHz CPU at the network speed of 100Mbps; however, with a 1 GHz CPU, the software implementation is not capable of providing sufficient throughput with triple-DES encrypted storage data. In addition, we also find that IPSec ESP scheme has better performance when the requested data size is small, compared to SSL. Given that both performance and security are critical issues in the deployment of iSCSI, it is important to understand the tradeoffs between them. We believe that this study sheds some helpful light on this understanding.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
