数据中心及各种云平台的迅猛发展对所采用的光纤通道存储区域网(FC SAN)提出了更高的要求。其所涉及的安全性问题逐渐成为其中的研究重点,而身份认证通常是构筑网络系统的安全基石,是构成其他信息安全技术的基础,因此设计一个可靠性高、安全性强的认证方案显得尤为迫切。在研究 FC SAN 中现有 DHCHAP(Diffie-Hellman Change-Handshake Authentication Proto-cal)协议认证的基础上,针对随机值不安全,通信次数多的问题提出一种改进的安全协议方案。通过使用有效的干扰因子隐藏原有协议的随机数,并额外引入动态参数,在 comware v7的系统平台上设计并实现了二重双向认证机制。通过模拟不同组网环境,模拟报文攻击等实验,确认了协议的有效性和安全性,进一步提升了目前常用 FC SAN 中设备与设备,设备与节点(服务器、磁盘)之间通信的安全性和高效性。%The rapid development of data centre and a variety of cloud platforms raise higher demands to the Fibre Channel storage area network (FC SAN)they used.The security problem involved gradually becomes the research focus of it.However,identity authentication is u-sually the security cornerstone of the construction of network system,as well as the basis of other information security technologies.Therefore, it is particularly urgent to design an authentication scheme with high reliability and strong security.Based on studying existing DHCHAP au-thentication protocol used in FC SAN,the paper proposes an improved security protocol scheme aiming at the problems of random numbers in-security and too more the times of communication.It conceals the random numbers of original protocol by using effective interference factor, and introduces in extra the dynamic parameter.On system platform of comware v7 we designed and implemented a dual bidirectional authenti-cation mechanism.By the experiments of simulating different networking environments and simulating packet attacks,we confirmed the effec-tiveness and security of the protocol,it further improves the security and efficiency of communications between the devices or between the de-vices and the nodes (servers,disks)currently used in FC SAN.
展开▼
