CephVault: A secure Key Management System (KMS) for Ceph
Loading...
Date
2024-03
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of New Brunswick
Abstract
Organizations are leveraging cluster storage solutions to address expansive storage requirements. Ceph is a reliable and massively scalable cluster solution that supports object, block, and file storage capabilities on commodity hardware without a single point of failure. Despite growing popularity, the absence of native object encryption support in Ceph raises concerns about potential security vulnerabilities and data compromise. CephArmor, a cryptography interface, was previously developed to provide data confidentiality in Ceph while data is at rest. In this work, we propose a secure Key Management System (KMS), CephVault that can support key generation for various encryption schemes and key lengths required by CephArmor. CephVault, which supports twelve phases of a KMS life cycle, is developed as an intrinsic component of Ceph. We demonstrate that the proposed solution provides better features and security than other KMSs, making CephVault a competitive and preferable choice to many existing KMSs available in the Ceph ecosystem.