Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Serverless network file systems
ACM Transactions on Computer Systems (TOCS) - Special issue on operating system principles
An empirical study of a wide-area distributed file system
ACM Transactions on Computer Systems (TOCS)
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Authenticating Network-Attached Storage
IEEE Micro
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Security in Storage Management: The Standards Question
MSS '01 Proceedings of the Eighteenth IEEE Symposium on Mass Storage Systems and Technologies
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
Access Control of Global Distributed Storage System
CIT '04 Proceedings of the The Fourth International Conference on Computer and Information Technology
Hi-index | 0.00 |
This paper presents a security scheme for network-attached storage based on NFSv4 frame. One novel aspect of our system is that it enhances NFSv4 to guarantee the security of storage. Another novel feature is that we develop new user authentication mechanism which outperforms Kerberos. It uses HMAC and the symmetric cryptography to provide the integrity and privacy of transmitted data. The system includes three essential procedures: authenticating user, establishing security context and exchanging data. Our scheme can protect data from tampering, eavesdropping and replaying attacks, and it ensures that the data stored on the device is copy-resistant and encrypted. In spite of this level of security, the scheme does not impose much performance overhead. Our experiments show that large sequential reads or writes with security impose performance expense by 10-20%, which is much less than some other security systems.