Lamassu: Storage-Efficient Host-Side Encryption - … · Lamassu: Storage-Efficient Host-Side...

Lamassu: Storage-Efficient Host-Side Encryption

Peter Shah, Won So Advanced Technology Group  9 July, 2015

1 © 2015 NetApp, Inc. All rights reserved.

Agenda

1) Overview

2) Security

3) Solution Architecture

4) Experimental Results

5) Conclusion


Overview Architectural Goals

1) Enable external / untrusted storage §  Public Clouds, etc.




2) Provide data security §  Restrict trust domain





3) Preserve storage deduplication §  Use convergent encryption §  Focus on block-oriented deduplication





3) Preserve storage deduplication §  Use convergent encryption §  Focus on block-oriented deduplication

4) Work with existing applications §  Transparent addition §  No changes to app or storage systems §  Self-contained*


Lamassu

Security Encryption Model


Equality-Preserving Encryption Convergent Encryption (CE)

§  For any given plain text, convergent encryption will always produce the same cipher text.


Message-Locked Encryption (MLE) Convergent Encryption


§  Most common form: Key derived from data


Data Block

Hash

Cipher Text

Block Key

Message-locked encryption path

AES





Data Block

Cipher Block

Block Key

Message-locked decryption path

AES

Key Storage Convergent Encryption




Data Block

Hash

Cipher Block

Block Key

AES

?

Key Storage Convergent Encryption




Data Block

Hash

Cipher Block

Block Key

AES

Secret Key

AES

Non-convergent

Metadata Storage Key Storage Architecture


Transparent Key Management Keys as Metadata

§  Treat per-block hash-keys as file metadata §  Potentially hundreds, or thousands per file


Keys

File Data



§  Store keys inside each file §  Preserve transparency §  Allow external storage to copy, rename, etc.


Stored

File Data




§  Separate data from metadata §  Keep keys from polluting duplicate blocks §  Keep added data from breaking block alignment


Stored

File Data

Logical File Layout File Structure

20

Segment 0 … Segment 1 Segment 2

Fixed-Size Segment

Segment n

© 2015 NetApp, Inc. All rights reserved.


21

Segment 0

Metadata Data 0 Data 1 Data 2 Data m …

… Segment 1 Segment 2

Physical Offset 0

Logical Offset 0

Fixed-Size Segment

Segment n

Fixed-Size Data Block



22

Segment 0

Metadata Data 0 Data 1 Data 2 Data m …

… Segment 1 Segment 2

Physical Offset 0

Logical Offset 0

Fixed-Size Segment

Segment n

Fixed-Size Data Block


Meta Slot 1 Slot 0 Slot m … Slot 2

Key Table Slot

Crash Detection and Recovery Metadata Consistency

§  Data and metadata must be in sync §  Depends on underlying storage to prevent partial writes




24

… Block N N … Starting State




25

… Block N

Block N’

N … N’

Starting State

Update Block




26

… Block N

Block N’

N … N’

… Block N …

Starting State

Update Block

Write Meta N’

N




27

… Block N

Block N’

N … N’

… Block N …

Starting State

… Block N’ N’

… N

Update Block

Write Meta

Write Data

N’

N




§  Stale keys are cleaned up during subsequent metadata updates

28

… Block N

Block N’

N … N’

… Block N …

Starting State

… Block N’ N’

… N

Update Block

Write Meta

Write Data

N’

N


Results Storage Efficiency & Performance


Overview Prototype Implementation

30

Linux Kernel

FUSE

Application

NFS

Net

wor

k

VFS

Key Manager Lamassu


Remote Storage System

Comparison with other Systems Benchmarking Strategy

1) PlainFS §  FUSE-based (pass-through)




2) EncFS §  FUSE-based §  Provides AES encryption




2) EncFS §  FUSE-based §  Provides AES encryption

3)  LamassuFS §  FUSE-based §  Provides AES encryption §  Provides convergent encryption


Comparison of Deduplication Ratios Deduplication Results


40

50

60

70

80

90

100

10 20 30 40 50

Rel

ativ

e da

ta s

ize

afte

r de

dupl

icat

ion

(%)

Percentage of redundancy in raw data

PlainFS EncFS LamassuFS

Comparison of Deduplication Ratios Deduplication Results


40

50

60

70

80

90

100

10 20 30 40 50

Rel

ativ

e da

ta s

ize

afte

r de

dupl

icat

ion

(%)

Percentage of redundancy in raw data


Comparison with other FUSE systems using remote NFS storage

Singe File I/O Throughput

0

25

50

75

100

125

150

seq-write seq-read rand-write rand-read rand-rw

I/O B

andw

idth


© 2015 NetApp, Inc. All rights reserved. 36

Comparison with other FUSE systems using local DRAM storage

Single File I/O Throughput

10

100

1000

seq-write seq-read rand-write rand-read rand-rw

I/O B

andw

idth


© 2015 NetApp, Inc. All rights reserved. 37

Recap and Observations Conclusions

§  Strong security on shared storage §  Uses standard encryption techniques

§  Preserves storage-based deduplication

§  Transparent to both application and storage §  Easy to deploy

§  Flexible user-mode architecture §  Can integrate with other host-side technologies


Recap and Observations Conclusions

§  Strong security on shared storage §  Uses standard encryption techniques

§  Preserves storage-based deduplication

§  Transparent to both application and storage §  Easy to deploy

§  Flexible user-mode architecture §  Can integrate with other host-side technologies


Questions? Special Thanks James Kelley

Thank You


Lamassu: Storage-Efficient Host-Side Encryption - … · Lamassu: Storage-Efficient Host-Side...

Documents

Transcript of Lamassu: Storage-Efficient Host-Side Encryption - … · Lamassu: Storage-Efficient Host-Side...