|M.Sc Student||Shor Roman|
|Subject||Efficiently Combining Confidentiality and|
Availability in Distributed Storage Systems
|Department||Department of Computer Science||Supervisors||Professor Eitan Yaakobi|
|Dr. Gala Yadgar|
|Professor Assaf Schuster|
|Full Thesis text|
When sensitive data is stored in the cloud, the only way to ensure its secrecy is by encrypting it before it is uploaded. Recently introduced hardware acceleration methods promise to eliminate the computational complexity of encryption, but leave clients with the challenge of securely managing encryption keys. At the same time, the emerging multi-cloud model, in which data is stored redundantly in two or more independent clouds, provides an opportunity to protect sensitive data with secret-sharing schemes. Secure RAID, a recently proposed scheme, minimizes the computational overheads of secret sharing, but requires non-negligible storage overhead and random data generation. These recent advances introduce new opportunities to reduce data protection costs considerably. However, previous studies were performed before they were introduced, and thus do not indicate which approach will provide the best application-perceived performance.
To bridge this gap, we present the first end-to-end comparison of state-of-the-art encryption-based and secret sharing data protection approaches. In this study we implement two secret-sharing schemes and two encryption-based schemes, and measure their performance in a wide range of system parameters. We address all stages of the data path, including random data generation, encoding and encryption overheads, and overall throughput. Our evaluation on a local cluster and on a multi-cloud prototype identifies the tipping point at which the bottleneck of data protection shifts from the computational overhead of encoding and random data generation to storage and network bandwidth and global availability.