摘要: |
在分析并行文件系统Lustre存在的安全隐患的基础上,根据其存储特点,利用公开密钥基础设施(PKI)安全机 制设计相应的安全模型。该模型包括证书管理和用户访问两部分,证书管擇部分采用PKI本身的证书管理机制,用 户访问部分采用双向身份认证和数字签名方式,且在认证过程中加入对^机数的检验。在传输请求信息和认证信 息时,采用非对称加密机制;在传输大量数据时,采用对称加密机制。该模型能较好地解决存储系统存在的身份冒 充、数据窃取、数据篡改以及重放攻击等安全隐患,提髙Lustre的安全性。 |
关键词: 公开密钥基础设施;Lustre 安全模型;双向身份验证;数字签名 |
DOI: |
分类号: |
基金项目: |
|
Security model design for Lustre based on PKI |
LIU Su-qin, LI Xing-sheng, SHUO Jun, WANG Jing
|
(College of Computer and Communication Engineering in Chirm University of Petroleum,Qingdao 266555,Chirm)
|
Abstract: |
By analyzing safety loophole and storage characteristic of Lustre file system, a security model for Lustre file system was designed based on public key infrastructure (PKI) security mechanism. The model includes certificate management and client accessing. Certificate management mechanism of PKI is adopted in certificate management module. Bidirectional identity authentication and digital signature are applied in client accessing module. Random number must be checked during authentication. Dissymmetrical encryption mechanism is applied to the transmission of request information End authentication information. Symmetrical encryption mechanism is applied to the transmission of data stream The security model can remove safety loopholes in Lustre file system, such as imitating identity, filching data, distorting data and replaying attack. It can enhance the security of Lustre file system. |
Key words: PKI (public key infrastructure) Lustre security model bidirectional identity authentication digital signature |