摘要：

具有带外存储虚拟化结构的iSCSI-SAN存在安全隐患：一方面，暴露在IP网络上的存储资源容易遭到假冒身份者的非法访问；另一方面，在网络上直接传输的明文存储数据面临着被网络攻击者监听的安全威胁。该文基于椭圆曲线密码体制ECC设计了适合该网络存储结构的安全模型，该模型通过提供双向认证机制防止假冒身份攻击，通过在认证过程中协商一次性会话密钥并对存储数据进行加密保证存储数据的传输安全，从而提高了存储系统的安全性。

关键词: iSCSI, ECC, SAN, 网络存储, 存储虚拟化

Abstract: iSCSI-SAN with out-band storage virtualization has some security hidden dangers: one is the storage resource exposed at IP network, which is vulnerable to forgery attack. The other one is the storage data transmitted on IP network, which faces the security threat of network sniffer. Based on ECC, a security model suited to above-mentioned network storage structure is designed, which provides two-side authentication to prevent forgery attack and encryption mechanism to ensure the security of storage data transmission. Consequently, the security of storage system is enhanced.

Key words: iSCSI, ECC, SAN, network storage, storage virtualization

中图分类号: 

• TP393.08