Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Parallel and Distributed Processing and Applications

ISPA 2005: Parallel and Distributed Processing and Applications - ISPA 2005 Workshops pp 130–139Cite as

An NFSv4-Based Security Scheme for NAS

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3759))

Abstract

This paper presents a security scheme for network-attached storage based on NFSv4 frame. One novel aspect of our system is that it enhances NFSv4 to guarantee the security of storage. Another novel feature is that we develop new user authentication mechanism which outperforms Kerberos. It uses HMAC and the symmetric cryptography to provide the integrity and privacy of transmitted data. The system includes three essential procedures: authenticating user, establishing security context and exchanging data. Our scheme can protect data from tampering, eavesdropping and replaying attacks, and it ensures that the data stored on the device is copy-resistant and encrypted. In spite of this level of security, the scheme does not impose much performance overhead. Our experiments show that large sequential reads or writes with security impose performance expense by 10-20%, which is much less than some other security systems.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Reed, B.C., Chron, E.G., Burns, R.C., Long, D.D.E.: Authenticating network-attached storage. IEEE Micro. 20(1), 49–57 (2000)

    Article  Google Scholar 

  2. Haddon, B.K.: Security in Storage Management The Standards Question. In: Proc. of 18th IEEE Symposium on Mass Storage Systems (2001)

    Google Scholar 

  3. Xie, C., Jin, H., Wu, S., Li, S., Wang, Z.: Access Control of Global Distributed Storage System. In: Das, G., Gulati, V.P. (eds.) CIT 2004. LNCS, vol. 3356, pp. 369–374. Springer, Heidelberg (2004)

    Google Scholar 

  4. Mazires, D., Shasha, D.: Don’t trust your file server. In: Proceedings of the 8th Workshop on Hot Topics in operating Systems (HotOS VIII), Schloss Elmau, Germany, pp. 99–104 (May 2001)

    Google Scholar 

  5. Mazires, D., Kaminsky, M., Kaashoek, M.F., Witchel, E.: Separating key management from file system security. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles, pp. 124–139 (December 1999)

    Google Scholar 

  6. Miller, E.L., Freeman, W.E., Long, D.D.E., Reed, B.C.: Strong secutity for network attached storage. In: Proceedings of the 1st ACM Conference on File and Storage technologies (FAST), Monterey, CA, pp. 1–13 (Janaury 2002)

    Google Scholar 

  7. Zhu, Y., Hu, Y.: SNARE: A Strong Security Scheme for Network-Attached Storage. In: Processings of 22nd International Symposium on Reliable Distributed Systems, October 06-08 (2003)

    Google Scholar 

  8. Gibson, G.A., Nagle, D.F., Amiri, J.B.K., Chang, F.W., Gobioff, H., Hardin, C., Riedel, E., Rochberg, D., Zelenka, J.: A Cost-effective, High-bandwidth Storage Architecture. In: Proceedings of the 8th Conference on Architectural Support for Programming Languages and Operating Systems, San Jose, CA (October 1998)

    Google Scholar 

  9. Cattaneo, G., Catuogno, L., Sorbo, A.D., Persiano, P.: The Design and Implementation of a Transparent Cryptographic File System for Unix. In: Proceedings of the Freenix Track: 2001 USENIX Annual Technical Conference, Boston, MA, pp. 199–212 (June 2001)

    Google Scholar 

  10. Gobioff, H.: Security for a High Performance Commodity Storage Subsystem. PhD thesis, Carnegie Mellon University (1999)

    Google Scholar 

  11. Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-hashing for Message Authentication. Request for Comment (RFC) 2104. Internet Engineering Task Force (IETF) (Febraury 1997)

    Google Scholar 

  12. Steiner, J.G., Neuman, B.C., Schiller, J.: Kerberos: An Authentication Service for Open Network Systems. In: Proceedings of the Winter 1988 USENIX Technical Conference, Dallas, TX (Febraury 1988)

    Google Scholar 

  13. Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Sidebotham, R.N., West, M.J.: Scale and Performance in a Distributed File System. ACM Transactions on Computer Systems (Febraury 1988)

    Google Scholar 

  14. Hughes, J.: Security in storage. In: Proc. of 19th IEEE Symposium on Mass Storage Systems (2002)

    Google Scholar 

  15. Kohl, J., Neuman, C.: The Kerberos Network Authentication Service(V5). Request for Comment (RFC) 1510 (September 1993)

    Google Scholar 

  16. Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1, Request for Comment (RFC) 2743 (January 2000)

    Google Scholar 

  17. Bellare, M., Canetti, R., Krawczyk, H.: Message Authentication Using Hash Functions -The HMAC Construction. In: RSA Laboratories CryptoBytes, Spring, vol. 2(1) (1996)

    Google Scholar 

  18. Blaze, M.: A cryptographic file system for unix. In: Proceedings of the first ACM Conference on Computer and Communication Security, Fairfax, VA, pp. 9–15 (November 1993)

    Google Scholar 

  19. Spasojevic, M., Satyanarayanan, M.: An Empirical Study of a Wide-area Distributed File System. ACM Transactions on Computer Systems 14(2), 200–222 (1996)

    Article  Google Scholar 

  20. Sun, W., Shu, J., Zheng, W.: Storage Virtualization System with Load Balancing for SAN. In: GCC Workshops 2004, vol. 254 (2004)

    Google Scholar 

  21. Li, B., Shu, J.-w., Zheng, W.: Design and optimization of an iSCSI system. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds.) GCC 2004. LNCS, vol. 3252, pp. 262–269. Springer, Heidelberg (2004)

    Google Scholar 

  22. Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, C., Eisler, M., Noveck, D.: NFS Version 4 Protocol. Request for Comment (RFC) 3010, Internet Engineering Task Force (IETF) (December 2001)

    Google Scholar 

  23. Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, C., Eisler, M., Noveck, D.: Network File System (NFS) version 4 Protocol. Request for Comment (RFC) 3530, Internet Engineering Task Force (IETF) (April 2003)

    Google Scholar 

  24. Anderson, T.E., Dahlin, M.D., Neefe, J.M., Patterson, D.A., Roselli, D.S., Wang, R.Y.: Serverless Network File Systems. ACM Transactions on Computer Systems (Febraury 1996)

    Google Scholar 

  25. Freeman, W., Miller, E.: Design for a Decentralized Security System for Network Attached Storage. In: Proc. of 17th IEEE Symposium on Mass Storage Systems (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering College of Zhejiang University, HangZhou, 310027, China

    Xiangguo Li, JianHua Yang & Zhaohui Wu

Authors
  1. Xiangguo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. JianHua Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhaohui Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. State Key Laboratory for Novel Software Technology, Nanjing University, 210093, Nanjing, China

    Guihai Chen

  2. Dept. of CS, Georgia State University, 30302, Atlanta, GA, USA

    Yi Pan

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200030, Shanghai, China

    Minyi Guo

  4. Department of Computer Science, University of Virginia,  

    Jian Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, X., Yang, J., Wu, Z. (2005). An NFSv4-Based Security Scheme for NAS. In: Chen, G., Pan, Y., Guo, M., Lu, J. (eds) Parallel and Distributed Processing and Applications - ISPA 2005 Workshops. ISPA 2005. Lecture Notes in Computer Science, vol 3759. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11576259_15

Download citation

  • DOI: https://doi.org/10.1007/11576259_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29770-3

  • Online ISBN: 978-3-540-32115-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation