Roman Shor, M.Sc. Thesis Seminar
Wednesday, 7.2.2018, 10:30
When sensitive data is stored in the cloud, the only way to ensure its secrecy is by encrypting it before it is uploaded.
Not only is encryption itself computationally expensive but the encryption keys must also be safely stored and the data decrypted whenever it is downloaded.
The emerging multi-cloud model, in which data is stored redundantly in two or more independent clouds, provides an opportunity to protect sensitive data with secret-sharing schemes. This approach trades complexity and key management for storage overhead. However, with the introduction of hardware accelerated encryption mechanisms, the benefit of this tradeoff is not clear.
In this work, we establish the applicability of secure RAID, a recently proposed construction that minimizes the storage and computation overheads of secret sharing to multi-cloud environments. To that end, we present the first end-to-end comparison of state-of-the-art encryption-based and secret-sharing data protection approaches. Our evaluation on a local cluster and on a multi-cloud prototype identifies the tipping point at which the bottleneck of data protection shifts from the computational overhead of encoding and random data generation to storage and network bandwidth and global availability.