Static, Dynamic and Incremental MAC Combined Approach for Storage Integrity Protection

Author

Hou, Fangyong ; He, Hongjun ; Xiao, Nong ; Liu, Fang ; Zhong, Guangjun

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China

fYear

2010

fDate

June 29 2010-July 1 2010

Firstpage

1616

Lastpage

1621

Abstract

Storage systems are more distributed and more subject to attacks. One basic security requirement is to authenticate the stored data. This paper describes SDI-MAC, a static, dynamic and incremental MAC combined approach to guarantee end-to-end data integrity to clients in distributed data storage environment. SDI-MAC associates two different integrity codes to different granularities of the stored data, applies incremental conversion between the two different kinds of integrity codes, and enhances the ability of MAC based data authentication to resist against replay attack. At last, SDI-MAC can make balance among performance, cost and security. Related approach and system implementation are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to realize data authentication of network storage system.

Keywords

data integrity; message authentication; storage management; distributed data storage environment; end-to-end data integrity; incremental conversion; integrity codes; network storage system; security requirement; static-dynamic-incremental MAC combined approach; storage integrity protection; stored data authentication; Authentication; Encryption; File systems; Nonvolatile memory; Servers; MAC; dynamic; incremental; integrity; static; storage;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Conference_Location

Bradford

Print_ISBN

978-1-4244-7547-6

Type

conf

DOI

10.1109/CIT.2010.286

Filename

5577943