Performance and Reliability of a Revocation Method Utilizing Encrypted Backup Data

摘要

When multiple users access a network storage system for cloud computing, security becomes a key factor in the service, as well as performance and reliability. The "encrypt-on-disk'' scheme effectively protects transmitted and stored data in network storage. However, this scheme has the problem of revocation for shared files. Active revocation is safe but has denial periods to allow immediate reencryption, while lazy revocation has no denial period but is unsafe during the delay. We propose intelligent storage nodes capable of handling active revocation in storage without the denial period by adopting a primary--backup configuration. This approach provides a good combination of security and availability by replication. However, the reencryption process negatively affects the update performance. Delaying the reencryption process and disk write on the backup node improves performance with no ill effect on security and a small decrease of MTTDL for the simple primary-backup configuration. We evaluate the performance of the proposed approaches by experiments, and the reliability by estimation.