Data Privacy Protection And Sharing In Object-based Storage System

As the data value promotes ceaselessly in distributed storage system, it’s becomingmore important that data should be encrypted firmly to store. While protecting the privacyof the users requires the minimum trust foundation of the storage system, the storagesystem demands for security of providing end-to-end data encryption. Object-basedstorage devices are so famous for the intelligent management of data characteristics thatthey are widely applied to massive information storage field. Most of reaches are focus onauthentication and authorization. But how to ensure the security of the transmission andstorage of data and how to share data in safety with special users are also urgent problems.In identity-based security for object storage system, the files are encrypted by asymmetric data key SK and the ciphertext is transmited and stored in the storage devices,which provides data security with end-to-end data confidentiality protection.Identity-based encryption method IBE is priority to PKI because identity is used as publickey to avoid authentication problem of asymmetrical encryption method. Data key SK isprotected by IBE method, only the corresponding private key can decrypt sharing key todata key and then correctly access the contents of the file, while role certificate isintroduced to reduce information redundancy in security metadata list. FK and accesscontrol information is stored as security metadata, the key management combining withrole-based access control mechanism can achieve the purpose of searching and updatingsecurity metadata more efficiently. The message authentication protocol HMAC-SHA1takes data key SK as random key to provide data integrity protection. Cache mechanism isintroduced to cache frequently accessible data, thus the time of obtaining metadata isreduced and the encryption and decryption demands less repeat, the performance of thewhole system is improved efficiently.The result of system test shows that the system mainly improves the security by keyprotection and sharing mechanism, and The integrity protection costs don’t exceed15%,overhead of encryption is less than25%.