Title :
Lustre Security Mechanism: Models, Schemes and Research Based on PKI
Author :
Liu Su-qin ; Li Xing-sheng ; Shuo Jun ; Wang Jing ; Liu Hui-hui
Author_Institution :
Coll. of Comput. & Commun. Eng., China Univ. of Pet., Qingdao, China
Abstract :
Lustre file system can improve I/O throughput in the clusters effectively, but there still be some security problems in TCP/IP network environment, such as identity theft, data interception, data modification and replay-attack. Lustre is planning to use Kerberos security mechanism which can not solve some problems in enterprise-wide, such as overhead, digital signature and password attack. To the problems, this paper presents a security model for Lustre based on PKI. The model includes a certificate management module and a client access module. Certification management mechanism based on PKI is adopted in the certificate management module. Bidirectional identity authentication and digital signature are applied in the client access module. Random number must be checked during authentication. The security model can reduce safety loopholes and enhance security in Lustre file system, such as identity theft, data interception, data modification and replay-attack.
Keywords :
digital signatures; file organisation; public key cryptography; transport protocols; Kerberos security mechanism; Lustre file system; Lustre security mechanism; PKI; TCP/IP network; authentication; bidirectional identity authentication; certificate management module; client access module; digital signature; public key infrastructure; Authentication; Communication system security; Computer security; Data security; Digital signatures; File systems; IP networks; Safety; Secure storage; Throughput;
Conference_Titel :
Intelligent Systems and Applications (ISA), 2010 2nd International Workshop on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5872-1
Electronic_ISBN :
978-1-4244-5874-5
DOI :
10.1109/IWISA.2010.5473551
