IBE Applied to Identity Authentication for Object-Based Storage System

Object-based storage system (OBSS) has tens of thousands of users and stores a large number of sensitive data. its security has received a great deal of attentions Before accessing the storage devices, the clients have to acquire an authorization from the metadata servers. Existing credential-based authentication (CBA) model, which has been widely used for large high-performance storage systems, has unavoidable disadvantages, such as the system must generate a large number of credentials and maintain a huge key hierarchy. Identity-based encryption (IBE) is an emerging scheme to enhance the system security, this paper concentrated on the design and implementation of IBE for the identity authentication in the OBSS. We describe the detailed process of the Identity-Based Authentication (IBA) scheme on the MDS, and incorporate it into a real OBSS to evaluate the efficiency of IBA. The experimental results show that IBA accounts for only about 60% overhead of the CBA.

[1]  Yongdae Kim,et al.  Decentralized Authentication Mechanisms for Object-based Storage Devices , 2003, Second IEEE International Security in Storage Workshop.

[2]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[3]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[4]  Ethan L. Miller,et al.  Secure capabilities for a petabyte-scale object-based distributed file system , 2005, StorageSS '05.

[5]  Moti Yung,et al.  Exposure-resilience for free: the hierarchical ID-based encryption case , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[6]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[7]  Marco Casassa Mont,et al.  IBE Applied to Privacy and Identity Management , 2003 .

[8]  Hong Jiang,et al.  Implementing and Evaluating Security Controls for an Object-Based Storage System , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[9]  Jim Zelenka,et al.  File server scaling with network-attached secure disks , 1997, SIGMETRICS '97.

[10]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[11]  Kwangjo Kim,et al.  ID-Based One Round Authenticated Tripartite Key Agreement Protocol with Pairings , 2002, IACR Cryptol. ePrint Arch..

[12]  Qun Liu,et al.  HUSt: a heterogeneous unified storage system for GIS grid , 2006, SC.

[13]  John H. Howard,et al.  On Overview of the Andrew File System , 1988, USENIX Winter.

[14]  Hyang-Sook Lee,et al.  IDENTITY BASED AUTHENTICATED KEY AGREEMENT FROM PAIRINGS , 2005 .