Venue | Category |
---|---|
HotStorage'22 | Data Encryption |
Rethinking Block Storage Encryption with Virtual Disks1. SummaryMotivation of this paperPer-sector information in disk encryptionImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
disk encryption
length preserving and do not require storing any additional information with an encrypted disk sector
force the encryption to be deterministic and disallow integrity mechanisms
motivation
disk encryption in a virtual disk that supports versioning and snapshots
standard practice forfeits some security for ease of management and performance considerations
main problem
explore how best to implement additional per-sector information in Ceph RBD
shortcoming in AES-XTS
changing a single bit in the sector (without changing the key or IV) --> yield the expected change only to the sub-block in the cipher to which this bit belongs
Ceph RBD
distributes each I/O to its corresponding OSD via RADOS
design choices
a): each access is contiguous to the data and its matching IV
b): store all the IVs of the object (4 MiB) after encrypted data
c): a key-value database (RocksDB) to store the IVs
implementation
modify the built-in client-side encryption in Ceph RBD
evaluation
baseline: LUKS2 in Ceph RBD, deterministic LBA based IVs
vary the size of I/Os
background of disk encryption
data is encrypted before being written to disk
encryption is done at a sector-by-sector granularity
disk encryption today
a unique data encryption key per disk
use sector number or LBA as the IV
virtual disk
wide-block encryption
block storage systems would benefit by natively supporting per-sector metadata