CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems

Abstract

Clustered storage systems are dominant solutions in modern-day data production. Ceph represents a sustainable clustered storage solution, supporting object, block, and file storage capabilities, with no single point of failure. Despite the strong management abilities, security remains a serious concern in the Ceph storage system. To date, authentication and access control are the only supported security protocols in the system. Data confidentiality will be undermined if a malicious insider or outside intruder accesses to storage devices. This study proposes a lightweight cryptographic-based interface, CephArmor, for a Ceph storage system to ensure data confidentiality in storage. The proposed method has been integrated into the stable Ceph version, Pacific, and evaluated through 45Drives Storinator servers, a commercial hardware commodity for storage solutions in real-world scenarios. The experimental results denote a nuanced overhead in terms of elapsed time, throughput, average operations per second, and latency on a write operation. While the read operations illustrated near zero performance overhead.