Extending Data Security in a distributed storage system

45Drives offers its customers the ability to store massive amounts of data in-house, giving those customers a high level of data sovereignty. To do this 45Drives uses the opensource software Ceph which interconnects many servers into a distributed storage system. A limitation of Ceph is that it only provides data security at transit but provides no native encryption mechanism to secure stored data at rest. In our previous work we implemented an encryption module for Ceph and a key management system, but we have yet to integrate these two components to achieve security at rest support for Ceph. A critical limitation we face is that such an integration must have a minimal impact on the runtime performance of the system. Additionally, we are extending Ceph’s data security to the application level using homomorphic encryption, enabling an application to perform computations on ciphertext instead of plaintext. Consequently, customers deploying Ceph can ensure that their data is protected even when it is processed by third parties using untrusted platforms. Given that there has been little research into how current homomorphic encryption (HE) technologies fit into distributed storage solutions, we believe that our research provides practical insights into the use of HE.

Faculty Supervisor:

Kenneth Kent

Student:

Partner:

45 Drives

Discipline:

Computer science

Sector:

Information and cultural industries

University:

University of New Brunswick

Program: