FAULT TOLERANT CONVERGENT KEY MANAGEMENT IN OBJECT-BASED STORAGE

Abstract

An increasing amount of data is being stored in cloud-based storage services and this trend is expected to grow in the coming years. This creates a huge demand for systems and algorithms that are more efficient in the use of storage resources while being able to meet necessary cloud requirements of availability and scalability. A major source of inefficiency on cloud storage systems is data duplication, since bandwidth and storage resources are wasted to transfer and store data that is already present in the system. Data deduplication is the technique to detect duplicate and store only one instance of the data. Different users of the system can put a reference to the data in case data belongs to multiple users. Duplicates can be detected at two levels i.e. File level and Block level. File level means the file is duplicated and Block level means file is broken up into pieces called blocks and then duplicates can be detected at block level. The way to detect duplicates is to hash the file or blocks and then detect duplicates based on hash value. Much of the work is already being done in the area of data deduplication but none of them addresses the security aspect i.e. will the same data deduplication solution work when considering the data in the encrypted form. The problem with encrypted data is the same data after encryption through multiple users keys can produce different cipher texts and hence hash value solution to detect duplicates doesn’t work. The idea is to take the key (to encrypt) data from the data itself and then use that key to encrypt the data. The key is referred to as the convergent key and the encryption is referred to as the convergent encryption [10]. The drawback of this encryption scheme is that it is prone to brute force attacks and then can easily be compromised. The proposed architecture addresses the problems of convergent encryption [10] and provides efficient key management such that system is fault tolerant in cases when user have limited access to storage servers. The solution segregates the key and data on multiple storage servers so that attackers cannot easily attack and hence security is not compromised.