High-performance reconfigurable encryption scheme for distributed storage

Abstract

Read online

As the world embraces the digital economy and enters an information society, data has emerged as a critical production factor.The collection, processing, and storage of data have become increasingly prevalent.Distributed storage systems, known for their efficiency, are widely used in various data fields.However, as the scale of data storage continues to expand, distributed storage faces more significant security risks, such as information leakage and data destruction.These challenges drive the need for innovative advancements in big data distributed storage security technology and foster the integration of domestic cryptographic technology with computing storage technology.This work focused on addressing security issues, particularly information leakage, in distributed storage nodes.A dynamic and reconfigurable encryption storage solution was proposed, which considered the requirements for encryption performance and flexibility.A high-performance reconfigurable cryptographic module was designed based on the bio mapping framework.Based on this module, multiple storage pools equipped with different cryptographic algorithms were constructed to facilitate high-performance encryption and decryption operations on hard disk data.The scheme also enabled dynamic switching of cryptographic algorithms within the storage pools.A cryptographic protocol with remote online loading functions for cryptographic algorithms and keys was developed to meet the unified management and convenient security update requirements of reconfigurable cryptographic modules in various storage nodes.Furthermore, the scheme implemented fine-grained data encryption protection and logical security isolation functions based on cryptographic reconstruction technology.Experimental results demonstrate that the performance loss of this scheme for encryption protection and security isolation of stored data is approximately 10%.It provides a technical approach for distributed storage systems to meet the cryptographic application technology requirements outlined in GB/T 39786-2021 “Information Security Technology-Basic Requirements for Cryptography Applications” Level 3 and above in terms of device and computing security, application and data security.

Keywords

• distributed storage encryption
• reconfigurable encryption technology
• block device encryption
• algorithm online loading
• logical safety isolation