Dissertation > Excellent graduate degree dissertation topics show

Research on Key Technology in Security of Object-based Storage

Author: YaoZuo
Tutor: ZhangJiangLing; FengDan
School: Huazhong University of Science and Technology
Course: Computer System Architecture
Keywords: object-based storage intrusion detection two-way authentication non-continuous encryption efficiently share encryption file system
CLC: TP393.08
Type: PhD thesis
Year: 2011
Downloads: 52
Quote: 0
Read: Download Dissertation

Abstract


With the evolution of high performance computing from the traditional host to thenetworked cluster, the traditional host-based storage systems can not meet therequirements of the aggregate access and data storage of the cluster which with hundredsof servers, and becomes the I/O bottleneck. Following the networked clustering directionof the host, the traditional host-based storage architecture has gradually developed tonetworked storage. As the result of the developing of network storage technology, storingis no longer a purely local behavior. It is combined with the network closely, and becomesa part of network. Because the network is an open system, and there are security flawsexisting in the network protocols and software systems, so inevitably there are somesecurity risks in network systems. As a member of the network system, the networkstorage system is exposed to the intruder as well. Once the attacker successfully invades adata storage device, he can get confidential data, or even can hinder access of thelegitimate users, and lead to incalculable losses. Comparing to the mature study on thenetwork security, the research on the network storage security is still in the initial stage. Incurrent, the research results of the network storage security are mainly come from researchinstitutions and large enterprises of USA and the other developed countries. It is still at thebeginning of the study in China, and there is no key technology in this field. Therefore, toresearch and develop the technologies and products of network storage security withindependent intellectual property rights, makes strategic significance to China’sinformation security infrastructure.This paper focus on the security issues of the object-based storage, such as the activeprotection of the object-based storage, the access security of the object-based storage, thedata encryption mechanism with high efficiency and so on, proposes some valid schemesand achieves some research results. The main researches and achievements in the paperare as follows:(1) Research on the initiative protection mechanisms of the object-based storage. Inorder to avoid the stored object being stolen or damaged results from the compromisedhost system, this paper presents a scheme of initiative protection of the object-basedstorage. Because many intrusions would lead to read/write access to the storage, theintrusions can be found if there is IDS in the storage system. In the object-based storageenvironment, the IDS even can capture data and attributes for analysis according to theneeds with the support of intelligent storage devices. The scheme takes full advantage ofcharacteristics of the object-based storage and the existing IDS technology, embeddingIDS into object-based storage device-OSD to monitor the behavior of the applicationprograms accessing the storage devices,therefore protects the OSD from the intrusions,and raises the security of the object-based storage. By using the improved unsupervisedclustering and support vector machine algorithm for intrusion detection, the IDS candetect intrusions more accurately and efficiently, and can detect the unknown intrusionseffectively. At the same time, it adopts the double-layer structure and the alert fusion technology based on multiplicative increase linearly decreasing algorithm, and reduces thefalse alarm rate. As it is simple to realize and has very small performance impact onsystem, this scheme is very practical.(2) Research on the security access mechanism of object-based storage. According tothe characteristic of the object-based storage system, this paper proposes a new securityaccess mechanism based on ECC-based two-way authentication and key exchangeprotocol. It has different protocols algorithm for different relationships between thedevices of object-based storage system. The protocols run with no need of secure channel,but can guarantee the security of key exchange and achieve the certification status of themutual communication parties. According to the safety analysis, each sub-protocol canresistant against intermediaries’ attacks and other kinds of network attacks. Meanwhile, themain keys are randomly generated and temporarily effective, so they have no need ofspecific conservation and management. Therefore, compared to the existing accesssecurity mechanisms of the object-based storage, this new mechanism not only enhancethe security of the access of the object-based storage, but also reduce the difficulty of keymanagement and the requirements of secure channels, the complexity of the protocols arenot high as well.(3) Research on the encryption mechanism of the object-based dada. As the accesscontrol and the intrusion detection mechanism are used to prevent attacks coming from thenetwork, but they are unable to prevent the internal data theft or data leakage caused bystorage device theft. To protect the data security better, the data encryption in storagedevices has become an essential security measures. The traditional encrypting file systemshas big encryption overhead and user-revoke overhead, because they encrypt all data andexpose the sharing keys to every user. The problems not only cause loss on the systemperformance, but also cause great inconvenience to the legitimate users. This paperproposes a scheme of non-continuous efficient sharing encryption file system. In thescheme, only the tender contents would be encrypted to reduce the encryption overhead.At the same time, a user is revoked by setting the user’s certification invalid, and whichcan avoid the big overhead on re-encryption of data and the overhead on the distributionand re-distribution of sharing keys because of revoking user. And so that it allows largescale users’ efficient sharing the encryption file system. Because the keys and the user’scertifications are managed by the non-centralized owner of the file group, the security riskof the system is dispersed, and the creditability requirement for the server is reduced.The proposed initiative protection mechanisms of the object-based storage, the securityaccess mechanism of object-based storage based on ECC-based two-way authenticationand key exchange protocol, and the encryption mechanism of the object-based dada, havecertain reference for constructing high-security object-based storage system.

Related Dissertations

  1. Intrusion detection based on the ultrasonic echo envelope in the military security patrols,E919
  2. Research on Intrusion Detection Based on Feature Selection,TP393.08
  3. The Research on Intrusion Detection System Based on Machine Learning,TP393.08
  4. Design and Implementation of Identity Based Security Access Storage Software,TP393.08
  5. Research on the Intrusion Detection Method Based on Rough Sets and Apriori CRS Algorithm,TP393.08
  6. Petri net -based network intrusion detection system Research and Implementation,TP393.08
  7. FSVM -based data mining method and its application to intrusion detection research,TP393.08
  8. Electronic file operations safety monitoring technology research,TP309
  9. Based on Virtual Honeynet Intrusion Detection System,TP393.08
  10. The Research of Intrusion Detection Based on Improved RBF Neural Network,TP393.08
  11. Research on Intrusion Detection Based on Semi-Supervised SVM,TP393.08
  12. Research of Intrusion Detection Model Based on Rough Set and Artificial Immune,TP393.08
  13. Based on Artificial Immune Intrusion Detection Model,TP393.08
  14. Research of Intrusion Detection Model Based on Artificial Immune System,TP393.08
  15. Research on the Key Technologies of Intelligent Intrusion Detection System,TP393.08
  16. Lightweight Intrusion Detection System Based on Feature Selection,TP393.08
  17. Study on Pattern Matching Algorithm and Its Scheduling of NIDS,TP393.08
  18. Research and Application of Clustering Ensemble Algorithms Based on Weight Designing,TP301.6
  19. The Research of Mobile Ad Hoc Network Intrusion Detection Technology,TN929.5
  20. Research on Identity Authentication in Distance Education System,TP393.08
  21. Support Vector Machine and Its Application in Intrusion Detection,O212

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile