Horus: Fine-Grained Encryption-Based Security for Large-Scale Storage
Appeared in Proceedings of the 11th Conference on File and Storage Systems (FAST 2013).
Abstract
With the growing use of large-scale distributed systems, the likelihood that at least one node is compromised is increasing. Large-scale systems that process sensitive data such as geographic data with defense implications, drug modeling, nuclear explosion modeling, and private genomic data would benefit greatly from strong security for their storage. Nevertheless, many high performance computing (HPC), cloud, or secure content delivery network (SCDN) systems that handle such data still store them unencrypted or use simple encryption schemes, relying heavily on physical isolation to ensure confidentiality, providing little protection against compromised computers or malicious insiders. Moreover, current encryption solutions cannot efficiently provide fine-grained encryption for large datasets. Our approach, Horus, encrypts large datasets using keyed hash trees (KHTs) to generate different keys for each region of the dataset, providing fine-grained security: the key for one region cannot be used to access another region. Horus also reduces key management and distribution overhead while providing end-to-end data encryption and reducing the need to trust system operators or cloud service providers. Horus requires little modification to existing systems and user applications. Performance evaluation shows that our prototype’s key distribution is highly scalable and robust: a single key server can provide 140,000 keys per second, theoretically enough to sustain more than 100 GB/s I/O throughput, and multiple key servers can efficiently operate in parallel to support load balancing and reliability.
Publication date:
February 2013
Authors:
Yan Li
Nakul Dhotre
Yasuhiro Ohara
Thomas Kroeger
Ethan L. Miller
Darrell D. E. Long
Projects:
Secure File and Storage Systems
Ultra-Large Scale Storage
Available media
Full paper text: PDF
Bibtex entry
@inproceedings{li-fast13, author = {Yan Li and Nakul Dhotre and Yasuhiro Ohara and Thomas Kroeger and Ethan L. Miller and Darrell D. E. Long}, title = {Horus: Fine-Grained Encryption-Based Security for Large-Scale Storage}, booktitle = {Proceedings of the 11th Conference on File and Storage Systems (FAST 2013)}, month = feb, year = {2013}, }