Lamassu: Storage-Efficient Host-Side Encryption - … · Lamassu: Storage-Efficient Host-Side...
Transcript of Lamassu: Storage-Efficient Host-Side Encryption - … · Lamassu: Storage-Efficient Host-Side...
Lamassu: Storage-Efficient Host-Side Encryption
Peter Shah, Won So Advanced Technology Group 9 July, 2015
1 © 2015 NetApp, Inc. All rights reserved.
Agenda
1) Overview
2) Security
3) Solution Architecture
4) Experimental Results
5) Conclusion
2 © 2015 NetApp, Inc. All rights reserved.
Overview Architectural Goals
1) Enable external / untrusted storage § Public Clouds, etc.
3 © 2015 NetApp, Inc. All rights reserved.
Overview Architectural Goals
1) Enable external / untrusted storage § Public Clouds, etc.
2) Provide data security § Restrict trust domain
4 © 2015 NetApp, Inc. All rights reserved.
Overview Architectural Goals
1) Enable external / untrusted storage § Public Clouds, etc.
2) Provide data security § Restrict trust domain
5 © 2015 NetApp, Inc. All rights reserved.
Overview Architectural Goals
1) Enable external / untrusted storage § Public Clouds, etc.
2) Provide data security § Restrict trust domain
3) Preserve storage deduplication § Use convergent encryption § Focus on block-oriented deduplication
6 © 2015 NetApp, Inc. All rights reserved.
Overview Architectural Goals
1) Enable external / untrusted storage § Public Clouds, etc.
2) Provide data security § Restrict trust domain
3) Preserve storage deduplication § Use convergent encryption § Focus on block-oriented deduplication
4) Work with existing applications § Transparent addition § No changes to app or storage systems § Self-contained*
7 © 2015 NetApp, Inc. All rights reserved.
Lamassu
Equality-Preserving Encryption Convergent Encryption (CE)
§ For any given plain text, convergent encryption will always produce the same cipher text.
9 © 2015 NetApp, Inc. All rights reserved.
Message-Locked Encryption (MLE) Convergent Encryption
§ For any given plain text, convergent encryption will always produce the same cipher text.
§ Most common form: Key derived from data
10 © 2015 NetApp, Inc. All rights reserved.
Data Block
Hash
Cipher Text
Block Key
Message-locked encryption path
AES
Message-Locked Encryption (MLE) Convergent Encryption
§ For any given plain text, convergent encryption will always produce the same cipher text.
§ Most common form: Key derived from data
11 © 2015 NetApp, Inc. All rights reserved.
Data Block
Cipher Block
Block Key
Message-locked decryption path
AES
Message-Locked Encryption (MLE) Convergent Encryption
§ For any given plain text, convergent encryption will always produce the same cipher text.
§ Most common form: Key derived from data
12 © 2015 NetApp, Inc. All rights reserved.
Data Block
Cipher Block
Block Key
Message-locked decryption path
AES
Key Storage Convergent Encryption
§ For any given plain text, convergent encryption will always produce the same cipher text.
§ Most common form: Key derived from data
13 © 2015 NetApp, Inc. All rights reserved.
Data Block
Hash
Cipher Block
Block Key
AES
?
Key Storage Convergent Encryption
§ For any given plain text, convergent encryption will always produce the same cipher text.
§ Most common form: Key derived from data
14 © 2015 NetApp, Inc. All rights reserved.
Data Block
Hash
Cipher Block
Block Key
AES
Secret Key
AES
Non-convergent
Transparent Key Management Keys as Metadata
§ Treat per-block hash-keys as file metadata § Potentially hundreds, or thousands per file
16 © 2015 NetApp, Inc. All rights reserved.
Keys
File Data
Transparent Key Management Keys as Metadata
§ Treat per-block hash-keys as file metadata § Potentially hundreds, or thousands per file
§ Store keys inside each file § Preserve transparency § Allow external storage to copy, rename, etc.
17 © 2015 NetApp, Inc. All rights reserved.
Stored
File Data
Transparent Key Management Keys as Metadata
§ Treat per-block hash-keys as file metadata § Potentially hundreds, or thousands per file
§ Store keys inside each file § Preserve transparency § Allow external storage to copy, rename, etc.
§ Separate data from metadata § Keep keys from polluting duplicate blocks § Keep added data from breaking block alignment
18 © 2015 NetApp, Inc. All rights reserved.
Stored
File Data
Transparent Key Management Keys as Metadata
§ Treat per-block hash-keys as file metadata § Potentially hundreds, or thousands per file
§ Store keys inside each file § Preserve transparency § Allow external storage to copy, rename, etc.
§ Separate data from metadata § Keep keys from polluting duplicate blocks § Keep added data from breaking block alignment
19 © 2015 NetApp, Inc. All rights reserved.
Stored
File Data
Logical File Layout File Structure
20
Segment 0 … Segment 1 Segment 2
Fixed-Size Segment
Segment n
© 2015 NetApp, Inc. All rights reserved.
Logical File Layout File Structure
21
Segment 0
Metadata Data 0 Data 1 Data 2 Data m …
… Segment 1 Segment 2
Physical Offset 0
Logical Offset 0
Fixed-Size Segment
Segment n
Fixed-Size Data Block
© 2015 NetApp, Inc. All rights reserved.
Logical File Layout File Structure
22
Segment 0
Metadata Data 0 Data 1 Data 2 Data m …
… Segment 1 Segment 2
Physical Offset 0
Logical Offset 0
Fixed-Size Segment
Segment n
Fixed-Size Data Block
© 2015 NetApp, Inc. All rights reserved.
Meta Slot 1 Slot 0 Slot m … Slot 2
Key Table Slot
Crash Detection and Recovery Metadata Consistency
§ Data and metadata must be in sync § Depends on underlying storage to prevent partial writes
23 © 2015 NetApp, Inc. All rights reserved.
Crash Detection and Recovery Metadata Consistency
§ Data and metadata must be in sync § Depends on underlying storage to prevent partial writes
24
… Block N N … Starting State
© 2015 NetApp, Inc. All rights reserved.
Crash Detection and Recovery Metadata Consistency
§ Data and metadata must be in sync § Depends on underlying storage to prevent partial writes
25
… Block N
Block N’
N … N’
Starting State
Update Block
© 2015 NetApp, Inc. All rights reserved.
Crash Detection and Recovery Metadata Consistency
§ Data and metadata must be in sync § Depends on underlying storage to prevent partial writes
26
… Block N
Block N’
N … N’
… Block N …
Starting State
Update Block
Write Meta N’
N
© 2015 NetApp, Inc. All rights reserved.
Crash Detection and Recovery Metadata Consistency
§ Data and metadata must be in sync § Depends on underlying storage to prevent partial writes
27
… Block N
Block N’
N … N’
… Block N …
Starting State
… Block N’ N’
… N
Update Block
Write Meta
Write Data
N’
N
© 2015 NetApp, Inc. All rights reserved.
Crash Detection and Recovery Metadata Consistency
§ Data and metadata must be in sync § Depends on underlying storage to prevent partial writes
§ Stale keys are cleaned up during subsequent metadata updates
28
… Block N
Block N’
N … N’
… Block N …
Starting State
… Block N’ N’
… N
Update Block
Write Meta
Write Data
N’
N
© 2015 NetApp, Inc. All rights reserved.
Overview Prototype Implementation
30
Linux Kernel
FUSE
Application
NFS
Net
wor
k
VFS
Key Manager Lamassu
© 2015 NetApp, Inc. All rights reserved.
Remote Storage System
Comparison with other Systems Benchmarking Strategy
1) PlainFS § FUSE-based (pass-through)
31 © 2015 NetApp, Inc. All rights reserved.
Comparison with other Systems Benchmarking Strategy
1) PlainFS § FUSE-based (pass-through)
2) EncFS § FUSE-based § Provides AES encryption
32 © 2015 NetApp, Inc. All rights reserved.
Comparison with other Systems Benchmarking Strategy
1) PlainFS § FUSE-based (pass-through)
2) EncFS § FUSE-based § Provides AES encryption
3) LamassuFS § FUSE-based § Provides AES encryption § Provides convergent encryption
33 © 2015 NetApp, Inc. All rights reserved.
Comparison of Deduplication Ratios Deduplication Results
34 © 2015 NetApp, Inc. All rights reserved.
40
50
60
70
80
90
100
10 20 30 40 50
Rel
ativ
e da
ta s
ize
afte
r de
dupl
icat
ion
(%)
Percentage of redundancy in raw data
PlainFS EncFS LamassuFS
Comparison of Deduplication Ratios Deduplication Results
35 © 2015 NetApp, Inc. All rights reserved.
40
50
60
70
80
90
100
10 20 30 40 50
Rel
ativ
e da
ta s
ize
afte
r de
dupl
icat
ion
(%)
Percentage of redundancy in raw data
PlainFS EncFS LamassuFS
Comparison with other FUSE systems using remote NFS storage
Singe File I/O Throughput
0
25
50
75
100
125
150
seq-write seq-read rand-write rand-read rand-rw
I/O B
andw
idth
PlainFS EncFS LamassuFS
© 2015 NetApp, Inc. All rights reserved. 36
Comparison with other FUSE systems using local DRAM storage
Single File I/O Throughput
10
100
1000
seq-write seq-read rand-write rand-read rand-rw
I/O B
andw
idth
PlainFS EncFS LamassuFS
© 2015 NetApp, Inc. All rights reserved. 37
Recap and Observations Conclusions
§ Strong security on shared storage § Uses standard encryption techniques
§ Preserves storage-based deduplication
§ Transparent to both application and storage § Easy to deploy
§ Flexible user-mode architecture § Can integrate with other host-side technologies
38 © 2015 NetApp, Inc. All rights reserved.
Recap and Observations Conclusions
§ Strong security on shared storage § Uses standard encryption techniques
§ Preserves storage-based deduplication
§ Transparent to both application and storage § Easy to deploy
§ Flexible user-mode architecture § Can integrate with other host-side technologies
39 © 2015 NetApp, Inc. All rights reserved.
Questions? Special Thanks James Kelley