Disk encryption today uses standard encryption methods that are length preserving and do not require storing any additional information with an encrypted disk sector. This significantly simplifies disk encryption management as the disk mapping does not change with encryption. On the other hand, it forces the encryption to be deterministic when data is being overwritten and it disallows integrity mechanisms, thus lowering security guarantees. Moreover, because the most widely used standard encryption methods (like AES-XTS) work at small sub-blocks of no more than 32 bytes, deterministic overwrites form an even greater security risk. Overall, today's standard practice forfeits some security for ease of management and performance considerations. This shortcoming is further amplified in a virtual disk setting that supports versioning and snapshots so that overwritten data remains accessible. In this work, we address these concerns and stipulate that especially with virtual disks, there is motivation and potential to improve security at the expense of a small performance overhead. Specifically, adding per-sector metadata to a virtual disk allows running encryption with a random initialization vector (IV) as well as potentially adding integrity mechanisms. We explore how best to implement additional per-sector information in Ceph RBD, a popular open-source distributed block storage with client-side encryption. We implement and evaluate several approaches and show that one can run AES-XTS encryption with a random IV at a manageable overhead ranging from 1\%--22\%, depending on the IO size.
翻译:今天的磁盘加密使用标准加密方法,这些加密方法长度不超过32字节,不需要用加密磁盘部门存储任何额外信息。这大大简化了磁盘加密管理,因为磁盘映像不会随着加密而改变。另一方面,它迫使加密在数据被覆盖时具有确定性,不允许建立完整性机制,从而降低安全保障。此外,由于最广泛使用的标准加密方法(如AES-XTS)在不超过32字节的小区块工作,在虚拟磁盘上增加随机初始化矢量(IV),并有可能增加完整性机制。总体而言,今天的标准做法放弃了某些安全,以便于管理和性能考虑。这一缺陷在支持版本和快照的虚拟磁盘设置中被进一步放大,以便仍然可以查阅超编数据。在这项工作中,我们解决了这些关切,并规定,特别是在虚拟磁盘上,以小型性能管理成本管理成本为代价,改进安全。具体说,在虚拟磁盘上增加一个随机初始化矢量矢量(IV)以及潜在的完整性机制。我们探索如何最佳地实施一个可控的C-S-BS-R级存储系统,我们在一个部门端端端端端端端端端服务器上,我们将一个S-S-S-S-S-x-xxxxxxS-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S-S