Lustre Security Mechanism: Models, Schemes and Research Based on PKI

Lustre file system can improve I/O throughput in the clusters effectively, but there still be some security problems in TCP/IP network environment, such as identity theft, data interception, data modification and replay-attack. Lustre is planning to use Kerberos security mechanism which can not solve some problems in enterprise-wide, such as overhead, digital signature and password attack. To the problems, this paper presents a security model for Lustre based on PKI. The model includes a certificate management module and a client access module. Certification management mechanism based on PKI is adopted in the certificate management module. Bidirectional identity authentication and digital signature are applied in the client access module. Random number must be checked during authentication. The security model can reduce safety loopholes and enhance security in Lustre file system, such as identity theft, data interception, data modification and replay-attack.