Redundant array of encrypting disks

摘要

By placing an encryption function below a RAID function and requiring independence of encryption functionality along the same boundaries of data member independence of the RAID function, failures of the encryption and key management for individual encryption functions can be recovered with the same data rebuild mechanism as the RAID function. For example, in a RAID set of disk drives, each data partition and each parity partition has a respective data encryption key for storing encrypted data or encrypted parity in the partition, and a LUN or logical volume is mapped to a stripe of data partitions and an associated parity partition across the RAID set so that the data rebuild mechanism of the RAID function may recover from a loss of a single data encryption key without compromising security of the LUN or logical volume.

主权项

1. A method of storing redundant encrypted data, said method comprising:
computing parity from a first data member and a second data member, encrypting the first data member with a first data encryption key and storing the encrypted first data member in a first data storage device, encrypting the second data member with a second data encryption key and storing the encrypted second data member in a second data storage device, and encrypting the parity with a third data encryption key and storing the encrypted parity in a third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key; and recovering from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and which further includes detecting a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, recovering from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by: assigning a new data encryption key to said one of the first data storage device and the second data storage device; recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device.