[openstack-dev] Encrypted Objects in Swift
Bhandaru, Malini K
malini.k.bhandaru at intel.com
Thu Apr 25 08:51:19 UTC 2013
Hello Robert!
Oleg's (Mirantis) patch to Swift would support encryption. But we still need a key manager to hold keys and
Work is afoot on building one. There was a presentation from a Korean company whose customers wanted object encryption and I believe they are using Mirantis's solution.
Regards
Malini
-----Original Message-----
From: Clark, Robert Graham [mailto:robert.clark at hp.com]
Sent: Wednesday, April 24, 2013 2:24 PM
To: OpenStack List; Oleg Gelbukh
Subject: Re: [openstack-dev] Encrypted Objects in Swift
Did the object encryption proposal (1.) ever move forward?
On 08/02/2013 00:19, "Bhandaru, Malini K" <malini.k.bhandaru at intel.com>
wrote:
>Greetings Robert!
>
>I did not notice your post for a whole week! Glad you joined the
>discussion chain.
>
>Since this message ..
>1) Mirantis brought out their prototype object encryption routine
>2) JHU-APL folks brought out their volume encryption support
>3) My focus has shifted to key management .. (will copy you on any
>blueprints)
>
>*** I like your use case example of may be a tenant's data being seized
>and by separate object encryption, the data from other tenants is not
>exposed.
>
>Certainly the server has access to keys, so the protection is from
>stolen disks. The keys will certainly be kept elsewhere and further
>encrypted with a master key.
>
>You are correct, changing salt or for that matter any cipher block
>chaining encryption will impact synchronization cost via rsync cost.
>
>Regards
>Malini
>
>-----Original Message-----
>From: Clark, Robert Graham [mailto:robert.clark at hp.com]
>Sent: Tuesday, January 29, 2013 4:43 AM
>To: OpenStack List; Oleg Gelbukh
>Subject: Re: [openstack-dev] Encrypted Objects in Swift
>
>I can't speak to the original set of questions but I'd like to get
>involved in this discussion so here's a few of my thoughts.
>
>I don't think it would matter either way. If the object changes by 1
>bit then the whole encrypted object would change, the impact on
>replication/updates in an encrypted Swift is pretty high. Similarly
>salting encrypted objects makes very little sense, salting is a useful
>way to mitigate pre-computation attacks such as rainbow tables. These
>aren't really applicable to object store.
>
>I'm interested as to what requirements Swift encryption really meets.
>Certainly it doesn't make you trust your cloud provider any more, they
>after all handle the keys for your objects so can decrypt/inspect at
>any time. Swift object encryption would protect against data breaches
>through physical disk theft or loss (so long as the disk/chassis/rack
>with the keys on it wasn't also stolen) but of course you could just
>use full disk-encryption to the same end, with stock Swift.
>
>There are possibilities for multi-tenant clouds where disks may be
>seized by various agencies. In those situations keys for a specific
>tenant could be released and the data of the other tenants on any
>seized hardware would be protected.
>
>From: "Bhandaru, Malini K"
><malini.k.bhandaru at intel.com<mailto:malini.k.bhandaru at intel.com>>
>Reply-To: OpenStack List
><openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack
>.or
>g>>
>Date: Thu, 13 Dec 2012 03:12:28 +0000
>To: Oleg Gelbukh <ogelbukh at mirantis.com<mailto:ogelbukh at mirantis.com>>,
>OpenStack List
><openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack
>.or
>g>>
>Subject: Re: [openstack-dev] Encrypted Objects in Swift
>
>Greetings Oleg!
>
>Much thanks for your reply! If I do not hear from you, will await blog
>updates.
>
>
>1. Would you keep the IV fixed for an object /container once created
>fixed?
>Or change on each update? The latter would be more secure, but result
>in more rsync traffic.
>
>
>2. As opposed to modifying container, would it be simpler to
>maintain encryption related information in a separate
>encrypt-middleware, such as
>
><key-string, encryption-alg, IV, ..>
>
>But this may mean one more entity to duplicate and ensure availabilty.
>
>
>3. Where do you use salt?
>
>Malini
>
>
>From: Oleg Gelbukh [mailto:ogelbukh at mirantis.com]
>Sent: Wednesday, December 12, 2012 5:51 AM
>To: OpenStack Development Mailing List; Bhandaru, Malini K
>Subject: Re: [openstack-dev] Encrypted Objects in Swift
>
>Hello, Malini
>
>Sorry for long delay, please see some answers inline. Thanks for your
>interest and insightful questions and links!
>
>On Fri, Dec 7, 2012 at 4:43 AM, Bhandaru, Malini K
><malini.k.bhandaru at intel.com<mailto:malini.k.bhandaru at intel.com>> wrote:
>Glad to hear from you Oleg!
>
>Intel is interested in building encryption support for object storage.
>Our initial exploration resulted in catching the Mirantis blog!
>Establishes it is an important feature and the time is right.
>
>
>1) Would the Mirantis prototype be open source? Looking forward to
>its debut.
>Yes, currently we're preparing the code and design description for
>publishing. Please, follow our blog for updates later this week.
>
>Intel's special interest - achieving encryption speed up using the
>AES_NI Intel hardware instructions for encryption speed and
> its open source libraries
>fast encryption that exploits parallelism and function stitching, and
>HW register width increases.
>http://www.intel.com/content/www/us/en/communications/communications-ia
>-mu
>lti-buffer-paper.html
>http://www.intel.com/content/www/us/en/communications/communications-ia
>-cr
>yptographic-paper.html
>
>
>
>2) More specifically - what algorithm will you be using for
>encryption? Will it be user configurable?
>
>The data in motion AES approaches to encryption typically use an
>initial vector (random for the session) and the key And anything that
>has chaining will result in large changes in the byte stream for a
>small change in the plain text object, which would result in more
>network traffic to move the object using rsync. Or are you dismissing
>the initial vector, and keeping chaining or dismissing it too.
>
>Or are you using a data at rest encryption method? The Intel library
>of XTS encryption is in use by True Crypt which offers storage encryption.
>
>http<http://download.intel.com/design/intarch/PAPERS/324310.pdf>://<htt
>p:/
>/download.intel.com/design/intarch/PAPERS/324310.pdf>download.intel.com
>/de
>sign/intarch/PAPERS/324310.pdf<http://download.intel.com/design/intarch
>/PA
>PERS/324310.pdf>
>
>We're focusing on data-at-rest encryption right now, and we're using
>AES-128-CBC algorithm as a primary method. Thanks for the links, we'll
>look how to integrate those libs in our work.
>
>
>3) Do you see any use cases not covered? Would like to collaborate.
>
>4) To provide an additional layer of protection, along with the key
>mentioned in the Mirantis article, a secondary random-key could be used
>with each object, possibly XOR-ed with the account or container key, to
>encrypt objects. Thus should result in key-loss/compromise not exposing
>the data unless the Key Manager is also compromised and these secondary
>keys get exposed.
>We're planning on storing IV/salt/secondary key in the container DB for
>each object. This will help increase overall security of the solution,
>but will require modification of container-server.
>
>5) Am sure you have thought of this .. but the key manager itself
>could use the encrypted storage system to back up its vital data.
>This is an interesting idea, but it generally affects the key storage
>part of the architecture, which is basically out of scope of our
>prototype.
>
>6) From your design looks like the key manager is a separate
>service from the authentication system (Keystone or other). Was this
>to partition functionality and increase availability?
>Key manager is a middleware in Swift that talks to the key storage
>system. We implemented it as driver-based, which means we can easily
>integrate with any key store, including one integrated into auth system.
>We want to separate the key-manager from any particular auth system
>supported by Swift to be able to work with all of them.
>
>7) We believe the encryption component with key management could be
>used in other places within Open Stack, for example booting from
>encrypted boot volume.
>This is also very interesting idea. It will probably require
>modifications to the current prototype implementation of key manager,
>of course.
>
>8) Also believe the Keystone enhancements under discussion-
>"Trust"/delegation http://wiki.openstack.org/keystone/Delegation
>
>would be useful for handing off access to encrypted objects, say for a
>one time use, or limited period (use case: pay-per-view video) to an
>application that would stream the media content.
>
>
>Regards
>Malini
>
>
>
>From: Oleg Gelbukh
>[mailto:ogelbukh at mirantis.com<mailto:ogelbukh at mirantis.com>]
>Sent: Thursday, December 06, 2012 2:20 AM
>To: OpenStack Development Mailing List
>Subject: Re: [openstack-dev] Encrypted Objects in Swift
>
>Hello,
>
>Yes, we have the prototype implementation of this feature waiting for
>publication. I believe we'll be able to publish it in a week or so.
>
>Do you have some specific interest in this development? We greatly
>appreciate any feedback, including questions and example use cases.
>
>--
>Best regards,
>Oleg Gelbukh
>Sr. IT engineer
>Mirantis Inc.
>
>On Thu, Dec 6, 2012 at 7:07 AM, Bhandaru, Malini K
><malini.k.bhandaru at intel.com<mailto:malini.k.bhandaru at intel.com>> wrote:
>Hello All!
>
>Is there development effort associated with
>http://www.mirantis.com/blog/openstack-swift-encryption-architecture/
>in OpenStack?
>
>Regards
>Malini
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.
>org
>>
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.
>org
>>
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>--
>Best regards,
>Oleg Gelbukh
>Sr. IT Engineer
>Mirantis Inc.
>_______________________________________________ OpenStack-dev mailing
>list
>OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.
>org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list