Abstract:

Due to the fact that the iSCSI protocol does not provide security services and most network storage systems do not have the encryption capabilities either, we propose a realtime encryption module for the iSCSI, which enables the network storage system to provide users with transparent realtime encryption services after loading this module. We design an encrypted writing and decrypted reading process for the  iSCSI target. Since the encryption module is independent of the original network storage system, the operating system's kernel does not need to change. The iSCSI initiator does not perceive the existence of encryption operation, thus clients based on standard iSCSI protocol can use the service directly. In addition, we use the security coprocessor of the multicore network processor to optimize the read and write performance. Experimental results show that introducing the encryption module to network storage system does not lead to serious loss of performance, and the system performance is satisfactory.

Key words: iSCSI protocol, network storage, realtime encryption, data security, network processor