CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems
Clustered storage systems are dominant solutions for the era of data-intensive computing. Ceph represents a sustainable clustered storage solution, supporting object, block, and file storage capabilities with no single point of failure. Despite the strong management abilities, security remains a ser...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9973310/ |
| _version_ | 1811196831665750016 |
|---|---|
| author | Fatemeh Khoda Parast Brett Kelly Saqib Hakak Yang Wang Kenneth B. Kent |
| author_facet | Fatemeh Khoda Parast Brett Kelly Saqib Hakak Yang Wang Kenneth B. Kent |
| author_sort | Fatemeh Khoda Parast |
| collection | DOAJ |
| description | Clustered storage systems are dominant solutions for the era of data-intensive computing. Ceph represents a sustainable clustered storage solution, supporting object, block, and file storage capabilities with no single point of failure. Despite the strong management abilities, security remains a serious concern in the Ceph storage system. To date, authentication and access control are the only supported security protocols in the system. Data confidentiality will be undermined if a malicious insider or outside intruder accesses storage devices. This study proposes a lightweight cryptographic-based interface, CephArmor, for a Ceph storage system to ensure data confidentiality in storage. The proposed method has been integrated into the Ceph stable version, Pacific, and evaluated through 45Drives Storinator servers, a commercial hardware commodity for storage solutions in real-world scenarios. The experimental results denote a nuanced overhead regarding elapsed time, throughput, average operations per second, and latency on a write operation. In contrast, the read operations illustrated near-zero performance overhead for the same metrics. |
| first_indexed | 2024-04-12T01:06:08Z |
| format | Article |
| id | doaj.art-e91a2a4b7f8243dab8fc036cfd60a148 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-12T01:06:08Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-e91a2a4b7f8243dab8fc036cfd60a1482022-12-22T03:54:17ZengIEEEIEEE Access2169-35362022-01-011012791112792710.1109/ACCESS.2022.32273849973310CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage SystemsFatemeh Khoda Parast0https://orcid.org/0000-0001-9340-7456Brett Kelly1Saqib Hakak2Yang Wang3Kenneth B. Kent4https://orcid.org/0000-0003-2764-823XFaculty of Computer Science, University of New Brunswick, New Brunswick, NB, CanadaProtocase/45Drives, Sydney, NS, CanadaCanadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick, Fredericton, NB, CanadaShenzhen Institute of Advanced Technology, Chinese Academy of Sciences, Beijing, ChinaFaculty of Computer Science, University of New Brunswick, New Brunswick, NB, CanadaClustered storage systems are dominant solutions for the era of data-intensive computing. Ceph represents a sustainable clustered storage solution, supporting object, block, and file storage capabilities with no single point of failure. Despite the strong management abilities, security remains a serious concern in the Ceph storage system. To date, authentication and access control are the only supported security protocols in the system. Data confidentiality will be undermined if a malicious insider or outside intruder accesses storage devices. This study proposes a lightweight cryptographic-based interface, CephArmor, for a Ceph storage system to ensure data confidentiality in storage. The proposed method has been integrated into the Ceph stable version, Pacific, and evaluated through 45Drives Storinator servers, a commercial hardware commodity for storage solutions in real-world scenarios. The experimental results denote a nuanced overhead regarding elapsed time, throughput, average operations per second, and latency on a write operation. In contrast, the read operations illustrated near-zero performance overhead for the same metrics.https://ieeexplore.ieee.org/document/9973310/Clustered storage systemCephhigh-performance computingcryptographysecurity |
| spellingShingle | Fatemeh Khoda Parast Brett Kelly Saqib Hakak Yang Wang Kenneth B. Kent CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems IEEE Access Clustered storage system Ceph high-performance computing cryptography security |
| title | CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems |
| title_full | CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems |
| title_fullStr | CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems |
| title_full_unstemmed | CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems |
| title_short | CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems |
| title_sort | cepharmor a lightweight cryptographic interface for secure high performance ceph storage systems |
| topic | Clustered storage system Ceph high-performance computing cryptography security |
| url | https://ieeexplore.ieee.org/document/9973310/ |
| work_keys_str_mv | AT fatemehkhodaparast cepharmoralightweightcryptographicinterfaceforsecurehighperformancecephstoragesystems AT brettkelly cepharmoralightweightcryptographicinterfaceforsecurehighperformancecephstoragesystems AT saqibhakak cepharmoralightweightcryptographicinterfaceforsecurehighperformancecephstoragesystems AT yangwang cepharmoralightweightcryptographicinterfaceforsecurehighperformancecephstoragesystems AT kennethbkent cepharmoralightweightcryptographicinterfaceforsecurehighperformancecephstoragesystems |