Carp: A cost-aware relaxed protocol for encrypted data stores

Abstract

Distributed data stores are critical to the success of applications in cloud. Massive volumes of user data are stored and processed with the support of underlying distributed data stores. With large amounts of data stored remotely in the cloud, security becomes a major concern. Authentication and access control are provided by cloud storage providers. But even with proper authentication and access control policies, storage systems are still vulnerable to attackers who have direct access to storage devices such as disks. Encryption makes it computational difficult to retrieve the original data even when the attackers have the access to the disks. However, there are many challenges in designing an encrypted distributed data store that is highly secure and cost-aware.In this paper, we show that security flexibility and cost efficiency can be achieved at the same time. We present Carp, a cost- aware relaxed protocol for encrypted data stores. Carp is a heuristic solution instead of an optimal one. The key idea is to reduce additional encryption operations for frequently accessed data. It is achieved by allowing data objects stay unencrypted for a short time period after the data are accessed. Reducing encryption operations eventually means reducing the computational cost and power consumption in the data store. Unlike conventional encrypted file systems which store data encryption keys on disks, we present a hybrid design of key generation and caching. Data encryption keys are generated for individual objects or a group of them using cryptographic hashing. We develop a prototype data store and conduct experiments. The experimental results show that Carp can reduce up to 20% encryption operations with high-level security.