[openstack-dev] Object Encryption

Caitlin Bestler Caitlin.Bestler at nexenta.com
Fri Jan 11 16:34:36 UTC 2013

Bhandaru, Malini wrote:

> We at Intel having been mulling encryption in Openstack for security and privacy for a while and would like your
> feedback on the following blueprint. It details extending Swift to support server side encryption. It defines a key 
> manager built on top of a Swift system, ideally a separate Swift instance from the Object storage swift.

>    https://blueprints.launchpad.net/swift/+spec/encrypted-objects

I see the same issues in this blueprint that I saw in a similar cinder proposal -- what benefit is there in giving the end
user control over which keys are used when the end user is entrusting all the keys to the Service Provider anyway?

The Service Provider still has the ability to decrypt all content, which means that all content can be subpoenaed.

The only security provided by this type of solution is protecting the content stored on disks from being stolen just
by stealing the disks.

You can achieve that by having each Object Server create its own keys for Objects it stores, and just requiring the
Object Server to store those keys separately. 

There is also value in a system where the end user stores their own keys without relying on the Service Provider.
But users can implement that solution themselves, they do not need Swift (or Cinder) to help.

If self-encrypting-drive type solutions are elevated to provide vendor neutral controls I think you have accomplished
The most important security objective - protecting content from being stolen by stealing disk drives. In my evaluation,
Attempting to do more than that requires a solution that is beyond the scope of OpenStack as a whole.

More information about the OpenStack-dev mailing list