Length preserving compression - Marrying encryption with compression

Abstract

This work tackles an inherent conflict between two important trends. The first is the integration of data compression capabilities into many storage systems supporting random I/O on the compressed data. The second is encrypting data at the host, before data is written to the storage, in order to address regulatory and enterprise requirements. This provides end-to-end protection for the data, but since the data arrives encrypted, it prevents the storage from compressing the data. Can compression savings be achieved together with host side encryption without changing the storage protocols or storage backend? In this paper we show that they can. We present Length Preserving Compression (LPC), which combines compression with encryption, to provide the benefits of both. The challenge is to achieve compression savings without overloading the host side with complex data management tasks which come with the fact that compression changes the data layout. We do this by keeping the data layout management capabilities on the storage while compressing and encrypting on the host. Equally important is that LPC works without changes to the compressing storage system or to the standard storage protocols involved. We implemented LPC in Linux dm-crypt and in the Xen blktap encryption and extensively evaluated its performance and impact on security and compression ratios.