Study on Security iSCSI Based on SSH

The iSCSI protocol is becoming an important protocol to enable remote storage access through the ubiquitous TCP/IP networks. This paper analyzes the security and performance characteristics of the iSCSI protocol, points out the limitation of the security iSCSI scheme based on IPSec, and presents the security iSCSI scheme based on SSH. With application of SSH port forwarding, a secure tunnel can be built in TCP layer to ensure the security of iSCSI session. Experiments show that throughput of the security iSCSI based on SSH rises up 20% and CPU utilization greatly lowers 50% with the same encryption algorithm, compared with the security iSCSI based on IPSec. So the performance of the security iSCSI based on SSH is obviously superior to the one based on IPSec.

[1]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[2]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[3]  Ming Zhang,et al.  A caching strategy to improve iSCSI performance , 2002, 27th Annual IEEE Conference on Local Computer Networks, 2002. Proceedings. LCN 2002..

[4]  David Hung-Chang Du,et al.  Performance study of software-based iSCSI security , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[5]  Ronald Mraz Secure Blue: an architecture for a scalable, reliable high volume SSL Internet server , 2001, Seventeenth Annual Computer Security Applications Conference.

[6]  Franco Travostino,et al.  Securing Block Storage Protocols over IP , 2004, RFC.