Establishing ciphertext and metadata integrity for data stored in software-defined-storage systems
Loading...
Date
2025-05
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of New Brunswick
Abstract
Authenticated Encryption with Associated Data (AEAD) ciphers are widely used in transport security, especially since their use is mandatory in TLS 1.3. They are valued for providing both confidentiality and data integrity with minimal performance cost. However, AEAD ciphers are rarely used for encrypting data at rest. While major cloud providers use AEAD to encrypt individual objects in object storage, other types of storage systems typically do not. In this thesis, we examine how AEAD encryption methods can be integrated into software-defined storage (SDS) systems and evaluate their impact in terms of performance, scalability, and security. We use Ceph as a case study, as it is one of the most widely used open-source SDS platforms. Our goal is to make our findings applicable to other SDS solutions as well. Our evaluation indicates that AEAD ciphers are a viable option for encrypting data at rest in SDS environments.