|Title:||Efficiently Combining Confidentiality and Availability in Distributed Storage Systems
|Supervisors:||Gala Yadgar, Eitan Yaakobi, Assaf Schuster
|Abstract:||When sensitive data is stored in the cloud, the only way to ensure its secrecy is by encrypting it before it is uploaded. Recently introduced hardware acceleration methods promise to eliminate the computational complexity of encryption, but leave clients with the challenge of securely managing encryption keys. At the same time, the emerging multi-cloud model, in which data is stored redundantly in two or more independent clouds, provides an opportunity to protect sensitive data with secret-sharing schemes. Secure RAID, a recently proposed scheme, minimizes the computational overheads of secret sharing, but requires non-negligible storage overhead and random data generation. These recent advances introduce new opportunities to reduce data protection costs considerably. However, previous studies were performed before they were introduced, and thus do not indicate which approach will provide the best application-perceived performance.
To bridge this gap, we present the first end-to-end comparison of state-of-the-art encryption-based and secret sharing data protection approaches. In this study we implement two secret-sharing schemes and two encryption-based schemes, and measure their performance in a wide range of system parameters. We address all stages of the data path, including random data generation, encoding and encryption overheads, and overall throughput. Our evaluation on a local cluster and on a multi-cloud prototype identifies the tipping point at which the bottleneck of data protection shifts from the computational overhead of encoding and random data generation to storage and network bandwidth and global availability.
|Copyright||The above paper is copyright by the Technion, Author(s), or others. Please contact the author(s) for more information|
|Disclaimer||Recent theses may have not yet been approved by the Technion Senate, and are provided here for the purpose of fast dissemination of knowledge only. Final approval of the Technion Senate is needed for a thesis to be used for the partial fulfillment of the requirements for the degree of M.Sc. or Ph.D.|
Remark: Any link to this technical report should be to this page (http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-info.cgi/2018/MSC/MSC-2018-06), rather than to the URL of the PDF files directly. The latter URLs may change without notice.
To the list of the MSC technical reports of 2018
To the main CS technical reports page
Computer science department, Technion