Cloud Storage Cost Modeling for Cryptographic File Systems

Nowadays, data security is a demand for companies when adopting storage services on public clouds. From long term persistence services, such as Amazon Glacier, to online block storage systems for virtual machines disks, security principles can be part of the cloud context, especially for customer's sensitive data. The confidentiality of storage services considers aspects such as data life-cycle, location, and size, besides that, this principle is often provided by a cryptography mechanism applied in one of the persistence layers, such as in the File-System (FS). However, to add cryptography for data security demands extra CPU cycles for ciphering the data during its persistence. Although these extra CPU cycles are not considered on current cloud costs estimations, it should be part of the total application execution's costs. This paper presents the architectures for Cryptography File Systems (CFS) adoption for data storing in cloud computing. Furthermore, a mathematical model is presented and discussed as an estimation tool of cryptography overhead when using CFSs in the cloud storage stack. The model is verified in a real scenario for estimating the total cost when adding security for storage in a cloud environment. As main result, the model could estimate the overhead within 90% to 92% of accuracy for the AES algorithm, according to real cases traces, considering available memory, {I/O} throughput and workload size.

[1]  Sarah M. Diesburg,et al.  A survey of confidential data storage and deletion methods , 2010, CSUR.

[2]  John C. Grundy,et al.  Emerging Security Challenges of Cloud Virtual Infrastructure , 2016, APSEC 2010.

[3]  M. Phil,et al.  PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING , 2015 .

[4]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[5]  Feng Hao,et al.  Deleting Secret Data with Public Verifiability , 2016, IEEE Transactions on Dependable and Secure Computing.

[6]  Clemens Fruhwirth,et al.  New Methods in Hard Disk Encryption , 2005 .

[7]  Bob Toxen The NSA and Snowden: securing the all-seeing eye , 2014, CACM.

[8]  Mike Halcrow eCryptfs: a stacked cryptographic filesystem , 2007 .

[9]  Aruna Verma,et al.  Secure file storage in cloud computing using hybrid cryptography algorithm , 2016, 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET).

[10]  Morris J. Dworkin Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode , 2010 .

[11]  Yuri Demchenko,et al.  Impact of information security measures on the velocity of big data infrastructures , 2016, 2016 International Conference on High Performance Computing & Simulation (HPCS).

[12]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.

[13]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[14]  Erez Zadok,et al.  Cryptographic File Systems Performance: What You Don’t Know Can Hurt You , 2003, Second IEEE International Security in Storage Workshop.

[15]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.