An NFSv4-Based security scheme for NAS

Authors:
Xiangguo Li;JianHua Yang;Zhaohui Wu
Affiliations:
Computer Science and Engineering College of Zhejiang University, HangZhou, China;Computer Science and Engineering College of Zhejiang University, HangZhou, China;Computer Science and Engineering College of Zhejiang University, HangZhou, China
Venue:
ISPA'05 Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications
Year:
2005

Citing 13
Cited 0

Scale and performance in a distributed file system

ACM Transactions on Computer Systems (TOCS)
A cryptographic file system for UNIX

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Serverless network file systems

ACM Transactions on Computer Systems (TOCS) - Special issue on operating system principles
An empirical study of a wide-area distributed file system

ACM Transactions on Computer Systems (TOCS)
A cost-effective, high-bandwidth storage architecture

Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Separating key management from file system security

Proceedings of the seventeenth ACM symposium on Operating systems principles
Authenticating Network-Attached Storage

IEEE Micro
Strong Security for Network-Attached Storage

FAST '02 Proceedings of the Conference on File and Storage Technologies
The Design and Implementation of a Transparent Cryptographic File System for UNIX

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Security in Storage Management: The Standards Question

MSS '01 Proceedings of the Eighteenth IEEE Symposium on Mass Storage Systems and Technologies
Don't Trust Your File Server

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Security for a high performance commodity storage subsystem

Security for a high performance commodity storage subsystem
Access Control of Global Distributed Storage System

CIT '04 Proceedings of the The Fourth International Conference on Computer and Information Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a security scheme for network-attached storage based on NFSv4 frame. One novel aspect of our system is that it enhances NFSv4 to guarantee the security of storage. Another novel feature is that we develop new user authentication mechanism which outperforms Kerberos. It uses HMAC and the symmetric cryptography to provide the integrity and privacy of transmitted data. The system includes three essential procedures: authenticating user, establishing security context and exchanging data. Our scheme can protect data from tampering, eavesdropping and replaying attacks, and it ensures that the data stored on the device is copy-resistant and encrypted. In spite of this level of security, the scheme does not impose much performance overhead. Our experiments show that large sequential reads or writes with security impose performance expense by 10-20%, which is much less than some other security systems.