S.I. : CLOUD COMPUTING FOR SCIENTIFIC AND BUSINESS NEEDS Split key management framework for Open Stack Swift object storage cloud Surekha Thota 1 • Ravi Prakash Reddy Induri 1 • Raghavendra Kune 2 Received: 1 August 2016 / Accepted: 26 March 2017 Ó CSI Publications 2017 Abstract Object storage systems are emerging as new generation service oriented store technologies of large scale data management and delivery in clouds. Recently, several object storage technologies are emerging, one such tech- nology is OpenStack Swift. Swift is based on container services methodology for data organization and retrieval, managed via open standards like web services REST pro- tocols. Swift has several components for data management and retrieval, but, lacks in providing security features (like the key management and encryption) of the data while the data is at rest and in transit. In this paper, we propose a framework for OpenStack Swift key management based on multi-factor split keys, and propose a methodology for key organisation using the document database Mongo DB. First, we describe the object based storage mechanisms in swift, its limitations, followed by key management framework and its components. In this paper we compare the performance of the proposed symmetric-split-key encryption/decryption methodology with the symmetric key, and the performance of the key retrieval when organized in Relational database MySQL and Document database Mongo DB. Keywords Client side encryption Á Amazon S3 Á OpenStack Swift Á Split key management Á MONGO DB 1 Introduction In Today’s era with the advent of latest technologies and tremendous usage of social networking applications, there is a tremendous increase in the data volumes especially in case of unstructured data like text, images, audio, video streams etc. IDC predicts, that the unstructured data may reach up to 40 zetta bytes by 2020 [1]. To handle such large scale voluminous data, object storage technologies are emerging as new generation storage platforms [2]. The key challenges are (1) data management—handling the drastic growth of data without performance degradation, (2) data access—ability to access/process large volumes of unstructured data, and (3) security—providing the security of the data, while it is at rest and in transit [3]. Due to the multitenant architecture of clouds, the resources are being shared among several users, thus leading a major security breach in cloud environments. Openstack Swift technology handles the secure authentication using tempauth middle- ware, which validates the data only with user name, pass- word and account. For the users, who expect high level of data security, encryption is one of the best tools. Based on the location of the encryption being done, encryption methodologies are classified into Server-side and Client- side encryption. Server-side encryption protects the data at rest, whereas Client-side encryption protects the data dur- ing transit and at rest. But, there are no automated mech- anisms that could encrypt the data and organize the keys in Swift. The key management plays an important role, for securely managing and retrieving the keys during encryp- tion. Below, we introduce to the basics of OpenStack Swift, Swift storage mechanisms, Swift access control mecha- nisms, Client-side encryption, our contributions and the organisation of the paper. & Surekha Thota surekhaswarup@gmail.com Ravi Prakash Reddy Induri irpreddy@gnits.ac.in Raghavendra Kune raghav.es@gmail.com 1 Department of Information Technology, G. Narayanamma Institute of Technology and Science, Hyderabad, India 2 Advanced Data Processing Research Institute, Department of Space, Secunderabad, India 123 CSIT DOI 10.1007/s40012-017-0166-8