中文摘要：

存储区域网系统中存在大量的消息通信,使用传统对全部消息加密的策略会带来较大的开销,严重影响系统性能。提出了基于选择的消息加密策略,在分析存储区域网中消息构成的基础上,提出了消息分类算法和选择性加密算法,使用不同加密算法加密消息中的不同部分,降低安全系统的开销;提出了可变周期的密钥更新策略,动态优化安全系统的性能。并在开源存储区域网系统Lustre上实现了原型系统,测试了系统的读写性能,通过与对所有消息加密原型系统的比较,验证了基于选择的消息加密策略具有明显的效率优势,给存储区域网系统带来的性能下降在10%~20%之间,与对所有消息加密所带来的20%~30%的性能下降相比,基于选择的消息加密策略在保证消息安全性的同时,具有明显的效率优势。

英文摘要：

There is a large amount of communication messages in storage area network. Using traditional cryptographic strategy to encrypt all the messages will seriously affect the performance of the system. A selective cryptographic strategy of messages in storage area network is proposed. On the basis of analyzing the message＇s structure in storage area network, the classifying algorithm of message and the selective cryptographic algorithm are introduced, and they are used to encrypt different parts of message with different algorithm in order to reduce the consume of the security system. The variable strategy of key＇s life cycle is also proposed to optimize the performance of the security system dynamically. By modifying source code of storage area network system named Luster to implement the prototype system, and evaluating its I/O performance, the result proves that the selective cryptographic strategy of message works efficiently, and its performance loss maintains between 10%-20%, while the performance loss of the traditional encryption strategy for all the messages is between 20%-30%. So the selective cryptographic algorithm of messages is more efficient and can ensure message security of communication in storage area network.