摘要
数据中心及各种云平台的迅猛发展对所采用的光纤通道存储区域网(FC SAN)提出了更高的要求。其所涉及的安全性问题逐渐成为其中的研究重点,而身份认证通常是构筑网络系统的安全基石,是构成其他信息安全技术的基础,因此设计一个可靠性高、安全性强的认证方案显得尤为迫切。在研究FC SAN中现有DHCHAP(Diffie-Hellman Change-Handshake Authentication Protocal)协议认证的基础上,针对随机值不安全,通信次数多的问题提出一种改进的安全协议方案。通过使用有效的干扰因子隐藏原有协议的随机数,并额外引入动态参数,在comware v7的系统平台上设计并实现了二重双向认证机制。通过模拟不同组网环境,模拟报文攻击等实验,确认了协议的有效性和安全性,进一步提升了目前常用FC SAN中设备与设备,设备与节点(服务器、磁盘)之间通信的安全性和高效性。
The rapid development of data centre and a variety of cloud platforms raise higher demands to the Fibre Channel storage area network( FC SAN) they used. The security problem involved gradually becomes the research focus of it. However,identity authentication is usually the security cornerstone of the construction of network system,as well as the basis of other information security technologies. Therefore,it is particularly urgent to design an authentication scheme with high reliability and strong security. Based on studying existing DHCHAP authentication protocol used in FC SAN,the paper proposes an improved security protocol scheme aiming at the problems of random numbers insecurity and too more the times of communication. It conceals the random numbers of original protocol by using effective interference factor,and introduces in extra the dynamic parameter. On system platform of comware v7 we designed and implemented a dual bidirectional authentication mechanism. By the experiments of simulating different networking environments and simulating packet attacks,we confirmed the effectiveness and security of the protocol,it further improves the security and efficiency of communications between the devices or between the devices and the nodes( servers,disks) currently used in FC SAN.
出处
《计算机应用与软件》
CSCD
2016年第10期135-139,157,共6页
Computer Applications and Software
关键词
Diffie-Hellman挑战握手认证协议
随机数
干扰因子
二重双向认证
Diffie-Hellman Challenge-Handshake Authentication Protocol(DHCHAP)
Random numbers
Interference factor
Dual bidirectional authentication
