BLESS: Object level encryption security for object-based storage system

Abstract In Object-Based Storage System (OBSS) there are hundreds even thousands of storage devices to store peta-byte scale of data. A considerable part of such data is sensitive and needs to be encrypted. While existing storage security schemes encrypt entire files to ensure security, it is often unnecessary to encrypt all areas within a file. Otherwise, the encryption of a large number of non-sensitive areas will result in severe performance penalty. This paper presents the design and implementation of an object level encryption for secured object-based storage system referred to as BLESS, which allows a user to specify any size encryption area to avoid unnecessary processing of non-sensitive areas within a file. Not surprisingly, BLESS significantly improves the overall performance of storage systems. Extended object attributes are utilized to record the file security information, thereby ensuring flexibility of BLESS. In order to demonstrate BLESS’s efficiency, we have implemented BLESS on Lustre, which is a widely used OBSS. We measure BLESS’s performance under a variety of benchmarks, and the experiment indicates that BLESS can increase throughput by 42% for sequential workloads and 54% for random workloads compared with traditional full encryption schemes.

[1]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[2]  Andrew W. Leung,et al.  Scalable security for petascale parallel file systems , 2007, Proceedings of the 2007 ACM/IEEE Conference on Supercomputing (SC '07).

[3]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[4]  Scott A. Brandt,et al.  Intra-file Security for a Distributed File System , 2002 .

[5]  Christian Cachin,et al.  Cryptographic Security for a High-Performance Distributed File System , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[6]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[7]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[8]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[9]  Hong Jiang,et al.  Implementing and Evaluating Security Controls for an Object-Based Storage System , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[10]  Ronald L. Rivest,et al.  The RC4 encryption algorithm , 1992 .

[11]  Kanishk Jain Object-based Storage , 2022 .

[12]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[13]  Yiming Hu,et al.  SNARE: a strong security scheme for network-attached storage , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[14]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .