Abstract: Based on the hierarchy model of storage system, there are a few strategies and mechanisms to implement storage security. This paper analyzes several storage security implementation on application-layer or operating system layer, lists their virtue and disadvantage, brings forward a hardware security schema based on block layer, and achieves transparency and completeness in real time and without lowering performance of the system. It gives description of implementation of schema based on FPGA and analyses the performance of the two kinds of implementation structure.

Key words: Storage security, Advanced encryption standard(AES), Output-feedback(OFB), Model, Key management

摘要： 基于存储系统的分层特性，有多种策略和机制来实现安全存储。该文分析了在应用层、操作系统层等较高层的实现的优缺点，提出了一种扇区级的硬件安全方案，实现了存储安全的透明性和完备性，且在保证高安全性的同时不影响系统的性能。描述了对该方案的FPGA设计和实现，并依据实验结果对两种不同实现结构的性能进行了分析。

关键词: 存储安全, AES, OFB, 模式, 密钥管理