CephArmor: A Lightweight Cryptographic Interface for Secure High-Performance Ceph Storage Systems

Clustered storage systems are dominant solutions for the era of data-intensive computing. Ceph represents a sustainable clustered storage solution, supporting object, block, and file storage capabilities with no single point of failure. Despite the strong management abilities, security remains a serious concern in the Ceph storage system. To date, authentication and access control are the only supported security protocols in the system. Data confidentiality will be undermined if a malicious insider or outside intruder accesses storage devices. This study proposes a lightweight cryptographic-based interface, CephArmor, for a Ceph storage system to ensure data confidentiality in storage. The proposed method has been integrated into the Ceph stable version, Pacific, and evaluated through 45Drives Storinator servers, a commercial hardware commodity for storage solutions in real-world scenarios. The experimental results denote a nuanced overhead regarding elapsed time, throughput, average operations per second, and latency on a write operation. In contrast, the read operations illustrated near-zero performance overhead for the same metrics.