BLESS: Object level encryption security for object‐based storage system

In Object‐Based Storage System (OBSS) there are hundreds even thousands of storage devices to store peta‐byte scale of data. A considerable part of such data is sensitive and needs to be encrypted. While existing storage security schemes encrypt entire files to ensure security, it is often unnecessary to encrypt all areas within a file. Otherwise, the encryption of a large number of non‐sensitive areas will result in severe performance penalty. This paper presents the design and implementation of an object level encryption for secured object‐based storage system referred to as BLESS, which allows a user to specify any size encryption area to avoid unnecessary processing of non‐sensitive areas within a file. Not surprisingly, BLESS significantly improves the overall performance of storage systems. Extended object attributes are utilized to record the file security information, thereby ensuring flexibility of BLESS. In order to demonstrate BLESS’s efficiency, we have implemented BLESS on Lustre, which is a widely used OBSS. We measure BLESS’s performance under a variety of benchmarks, and the experiment indicates that BLESS can increase throughput by 42% for sequential workloads and 54% for random workloads compared with traditional full encryption schemes.