The Research And Design Of Storage Encryption On RAID System

Today, the security problem of data in storage system has cause more and more attention, and storage encryption has become one of the hottest technologies in the IT research field. To encrypt data in storage system provides the last defense line for the security of data. As RAID is the key element in a large-scale storage system, research and implementation of RAID storage system encryption means a lot. Currently, most encryption method on RAID system is the hardware encryption which needs high-priced hardware device. Therefore, to design a software encryption module on the base of the embedded RAID controller software is a good scheme.The core issue of software encryption is to choose a proper encryption layer and a highly efficient and secure encryption alogrithm. The currently existing storage system software encryption methods, which are most frequently used, are manual file encryption, filesystem-level encryption, virtual drive encryption and full disk encryption. These methods were studied from the Storage Stack's point of view, and the features, advantages and disadvantages were also stduied. On the basis of that, and after analyzing the characteristic of RAID controller software, the encryption layer was considered to be between the filesystem-level and disk driver-level. For the choice of encryption algorithm, the SEAL algorithm, which is a pseudorandom function family algorithm and highly efficient, was believed to be the best proper algorithm for storage encryption. A key infrastructure was designed to against the possible danger cause by the weakness of SEAL.After analyzing the running processes of the RAID controller software, the encryption module was chosen to be implemented between the SCSI Target module and Cache Management module, with the consideration of security and performance. Based on the analysis of the I/O processes in the encrypted RAID system, the architecture of encryption module was designed, and the function of every submodule in this architecture was described in detail.The I/O performance encrypted RAID system was tested with the technical benchmark software IOMETER, and the result showed that there was a certain loss on I/O performance compared to the RAID without encryption module, especially in the condition of sequence read and write.