Research On Data Security For Erasure-coded Storage Clusters

To meet storage requirements of capacity scalability and high I/O concurrency,cluster storage becomes an effective way to store data.However,designers need to consider the reliability and security of storage clusters.On one hand,the cluster is composed of multiple independent storage nodes,adding storage nodes can promote the overall performance of cluster,but also increases the failure probability of nodes.On the other hand,because the cluster adopts open network storage architecture,there are many potential security risks.Therefore,it is necessary to choose an appropriate data organization method to strengthen security and reliability of the cluster.The research platform of this study is an erasure-coded storage cluster,which embedds erasure codes to guarantee high reliability.This study aims at data security of the cluster on aspects of both confidentiality and integrity.(1)For confidentiality.A new encryption scheme called XOR-RS is proposed to enhance confidentiality of RS-based storage clusters.XOR-RS adpots a new XOR-based encryption method.In particular,XOR-RS chooses a small factor and encrypts it,and performs xor operations on data using the encrypted factor to accomplish indirect encryption.Furthermore,XOR-RS organizes encryption and I/O operations in a pipelined way to avoid unnecessary waits.(2)For integrity.Both effective integrity checking and failure recovery mechanisms are introduced to the storage cluster.A reliable manager server stores integrity information and performs integrity verification.Storage nodes generate validation information of fixed length from random data blocks,and the third party will compare the information with the result of the integrity information stored previously.If there is data damage,damaged data can be restored effectively with the help of erasure codes.Experimental results show that:(1)The encryption scheme can decrypt the original data successfully;(2)The integrity checking mechanism can verify the correctness of the data;(3)The recovery mechanism can restore damaged data correctly.As to performance,our new encryption scheme outperforms the conventional encryption by a factor of 2.17 in terms of encryption speed.With pipeline optimization,storage performance can increase by 20%.In summary,apart from guaranteeing high data security,these schemes exhibit advantages in both performance and space utilization.