HASS: Highly Available, Scalable and Secure Distributed Data Storage Systems

As computers become pervasive and data size increases dramatically, data management systems' security, scalability and availability features turn into major design issues, especially in distributed computingenvironments. This paper proposes a Highly Available, Scalable and Secure distributed data storage system (HASS) for high performance and secure data management. Distributed and parallel data storage or file systems such as Object-based Storage Devices (OSD) and flexible key distribution schemes such as stateless Identity Based Encryption (IBE) are integrated to achieve scalability in terms of performance and key management. OSD provides high performance parallel I/O whereas IBE eliminates pre-shared secrete/symmetric keys and simplifies key distribution. Data at rest (static) and in transit (dynamic) are protected with different encryption strategies for privacy and integrity. With IBE, public keys are not stored whereas private and session keys are generated dynamically for data in transit protection/encryption. SecretSharing is used for data at rest protection. Replication on OSD sites duplicates data shares for high availability. Overall, the proposed HASS system delivers high performance data management with security, scalability and high availability features.

[1]  Andrew W. Leung,et al.  Scalable security for petascale parallel file systems , 2007, Proceedings of the 2007 ACM/IEEE Conference on Supercomputing (SC '07).

[2]  Yongdae Kim,et al.  Decentralized Authentication Mechanisms for Object-based Storage Devices , 2003, Second IEEE International Security in Storage Workshop.

[3]  Hong Jiang,et al.  Implementing and Evaluating Security Controls for an Object-Based Storage System , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[4]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[5]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[6]  Avishai Wool,et al.  CRUST: cryptographic remote untrusted storage without public keys , 2007, Fourth International IEEE Security in Storage Workshop.

[7]  H. Venkateswaran,et al.  Responsive Security for Stored Data , 2003, IEEE Trans. Parallel Distributed Syst..

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Amin Vahdat,et al.  Interposed request routing for scalable network storage , 2000, TOCS.

[10]  K. Gopinath,et al.  G_{its}^2 VSR: An Information Theoretical Secure Verifiable Secret Redistribution Protocol for Long-term Archival Storage , 2007 .

[11]  S.A. Brandt,et al.  CRUSH: Controlled, Scalable, Decentralized Placement of Replicated Data , 2006, ACM/IEEE SC 2006 Conference (SC'06).

[12]  Tao Yang,et al.  The Panasas ActiveScale Storage Cluster - Delivering Scalable High Bandwidth Storage , 2004, Proceedings of the ACM/IEEE SC2004 Conference.

[13]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[14]  Bhavani M. Thuraisingham,et al.  Secure Data Objects Replication in Data Grid , 2010, IEEE Transactions on Dependable and Secure Computing.

[15]  Ran Canetti,et al.  A two layered approach for securing an object store network , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[16]  GhemawatSanjay,et al.  The Google file system , 2003 .

[17]  Erik Riedel,et al.  The OSD security protocol , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.