دانلود رایگان مقاله انگلیسی مدیریت کلید صعودپذیر برای ذخیره سازی ابر توزیع شده - IEEE 2018

عنوان فارسی
مدیریت کلید صعودپذیر برای ذخیره سازی ابر توزیع شده
عنوان انگلیسی
Scalable Key Management for Distributed Cloud Storage
صفحات مقاله فارسی
0
صفحات مقاله انگلیسی
7
سال انتشار
2018
نشریه
آی تریپل ای - IEEE
فرمت مقاله انگلیسی
PDF
نوع مقاله
ISI
پایگاه
اسکوپوس
کد محصول
E9108
رشته های مرتبط با این مقاله
مهندسی کامپیوتر
گرایش های مرتبط با این مقاله
رایانش ابری
مجله
کنفرانس بین المللی مهندسی ابر - International Conference on Cloud Engineering
دانشگاه
IBM Research - Zurich Ruschlikon - Switzerland
doi یا شناسه دیجیتال
https://doi.org/10.1109/IC2E.2018.00051
چکیده

Abstract


As use of cryptography increases in all areas of computing, efficient solutions for key management in distributed systems are needed. Large deployments in the cloud can require millions of keys for thousands of clients. The current approaches for serving keys are centralized components, which do not scale as desired. This work reports on the realization of a key manager that uses an untrusted distributed key-value store (KVS) and offers consistent key distribution over the Key-Management Interoperability Protocol (KMIP). To achieve confidentiality, it uses a key hierarchy where every key except a root key itself is encrypted by the respective parent key. The hierarchy also allows for key rotation and, ultimately, for secure deletion of data. The design permits key rotation to proceed concurrently with key-serving operations. A prototype was integrated with IBM Spectrum Scale, a highly scalable cluster file system, where it serves keys for file encryption. Linear scalability was achieved even under load from concurrent key updates. The implementation shows that the approach is viable, works as intended, and suitable for highthroughput key serving in cloud platforms.

نتیجه گیری

V. CONCLUSION


As encryption of data at rest becomes more prevalent, the challenge of managing the encryption keys also surfaces for diverse systems. The scalable key-management design presented in this work targets cloud-scale deployments. It is compatible with storing the master keys in an HSM, but achieves better performance than a solution exclusively relying on a centralized key manager or a HSM.


The key manager is built on top of an untrusted key-value store (KVS) and demonstrated in the context of the IBM Spectrum Scale cluster file system. It serves file-encryption keys using the KMIP standard. A key-hierarchy and key rotation operations supporting secure deletion of critical data have been described and prototyped.


The evaluation shows that the key manager was able to scale linearly even under load from key updates, and performance measurements conducted on the individual components indicate that the throughput and latency are mostly limited by the performance of the distributed KVS.