{"title":"存储区域网络的安全组服务","authors":"Yongdae Kim, M. Narasimha, F. Maino, G. Tsudik","doi":"10.1109/SISW.2002.1183514","DOIUrl":null,"url":null,"abstract":"Storage Area Networks, with their ability to offer high data availability, reliability and scalability, are a promising solution for the large scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for a Storage Area Network (SAN) is to provide data integrity and confidentiality. In this paper we propose a solution which addresses these core security requirements. In particular, we focus on mechanisms that enable efficient key distribution to allow scalable data sharing. Our scheme uses strong cryptographic techniques to achieve data security and integrity. Further, we delegate the bulk of the cryptographic processing to the SAN entities (e.g., switches, routers or other network elements), thereby removing bottlenecks at the disks and causing minimal inconvenience to the hosts. By recognizing the peer nature of the group of SAN entities, we propose efficient group key mechanisms that do not involve any centralized key distribution servers. This allows our scheme to be scalable and be free from any single point of failure or attack.","PeriodicalId":183673,"journal":{"name":"First International IEEE Security in Storage Workshop, 2002. Proceedings.","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Secure group services for storage area networks\",\"authors\":\"Yongdae Kim, M. Narasimha, F. Maino, G. Tsudik\",\"doi\":\"10.1109/SISW.2002.1183514\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Storage Area Networks, with their ability to offer high data availability, reliability and scalability, are a promising solution for the large scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for a Storage Area Network (SAN) is to provide data integrity and confidentiality. In this paper we propose a solution which addresses these core security requirements. In particular, we focus on mechanisms that enable efficient key distribution to allow scalable data sharing. Our scheme uses strong cryptographic techniques to achieve data security and integrity. Further, we delegate the bulk of the cryptographic processing to the SAN entities (e.g., switches, routers or other network elements), thereby removing bottlenecks at the disks and causing minimal inconvenience to the hosts. By recognizing the peer nature of the group of SAN entities, we propose efficient group key mechanisms that do not involve any centralized key distribution servers. This allows our scheme to be scalable and be free from any single point of failure or attack.\",\"PeriodicalId\":183673,\"journal\":{\"name\":\"First International IEEE Security in Storage Workshop, 2002. Proceedings.\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"First International IEEE Security in Storage Workshop, 2002. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SISW.2002.1183514\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International IEEE Security in Storage Workshop, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SISW.2002.1183514","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Storage Area Networks, with their ability to offer high data availability, reliability and scalability, are a promising solution for the large scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for a Storage Area Network (SAN) is to provide data integrity and confidentiality. In this paper we propose a solution which addresses these core security requirements. In particular, we focus on mechanisms that enable efficient key distribution to allow scalable data sharing. Our scheme uses strong cryptographic techniques to achieve data security and integrity. Further, we delegate the bulk of the cryptographic processing to the SAN entities (e.g., switches, routers or other network elements), thereby removing bottlenecks at the disks and causing minimal inconvenience to the hosts. By recognizing the peer nature of the group of SAN entities, we propose efficient group key mechanisms that do not involve any centralized key distribution servers. This allows our scheme to be scalable and be free from any single point of failure or attack.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
