IJCNIS Vol. 4, No. 8, 8 Aug. 2012
Cover page and Table of Contents: PDF (size: 370KB)
Full Text (PDF, 370KB), PP.33-39
Views: 0 Downloads: 0
Encrypting File System (EFS), File System in User-space (FUSE), Network File System (NFS), Public-Key Infrastructure (PKI), Access Control List (ACL), Pluggable Authentication Module (PAM)
Linux systems use Encrypting File System (EFS) for providing confidentiality and integrity services to files stored on disk in a secure, efficient and transparent manner. Distributed encrypting file system should also provide support for secure remote access, multiuser file sharing, possible use by non-privileged users, portability, incremental backups etc. Existing kernel-space EFS designed at file system level provides all necessary features, but they are not portable and cannot be mounted by non-privileged users. Existing user-space EFS have performance limitations and does not provide support for file sharing.
Through this paper, modifications in the design and implementation of two existing user-space EFS, for performance gain and file sharing support, has been presented. Performance gain has been achieved in both the proposed approaches using fast and modern ciphers. File sharing support in proposed approaches has been provided with Public Key Infrastructure (PKI) integration using GnuPG PKI module and Linux Pluggable Authentication Module (PAM) framework. Cryptographic metadata is being stored as extended attributes in file's Access Control List (ACL) to make file sharing task easier and seamless to the end user.
U. S. Rawat, Shishir Kumar, "Distributed Encrypting File System for Linux in User-space", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.8, pp.33-39, 2012. DOI:10.5815/ijcnis.2012.08.04
[1]Andrew G. Morgan, "Linux Pluggable Authentication Module," http://www.kernel.org/ pub/linux/libs/pam.
[2]A. Grunbacher, "POSIX Access Control Lists on Linux," Proceedings of the USENIX Annual Technical Conference (ATC), FREENIX Track, San Antonio, Texas, USA, June 2003, pp. 259–272.
[3]"DMCrypt: Linux Kernel Device-Mapper Crypto Target," http://code.google.com/p/cryptsetup/wiki/DMCrypt.
[4]"Cryptsetup - Setup Virtual Encryption Devices under dm-crypt Linux," http://code.google.com/p/cryptsetup.
[5]M.A. Halcrow, "eCryptfs: An Enterprise-class Cryptographic Filesystem for Linux," Proceedings of the Linux Symposium, Ottawa, Canada, July 2005, pp. 201–218.
[6]E. Zadok, I. Badulescu, "A Stackable File System Interface for Linux," LinuxExpo, Raleigh, North Carolina, May 1999, pp. 141–151.
[7]E. Zadok, J. Nieh, "FiST: A Language for Stackable File Systems," Proceedings of the USENIX Annual Technical Conference (ATC), San Diego, CA, USA, June 2000, pp. 55–70.
[8]Matt Blaze, "A Cryptographic File System for UNIX," Proceedings of the ACM Conference on Computer and Communications Security (CCS), Fairfax, VA, USA, November 1993, pp. 9–16.
[9]Valient Gough, "EncFS Encrypted Filesystem Source Code," http://encfs.googlecode.com/files/encfs-1.7.4.tgz.
[10]Miklos Szeredi, "Filesystem in Userspace," 2012. http://sourceforge.net/projects/fuse/files/fuse-2.X.
[11]A. A. Tamimi, "Performance Analysis of Data Encryption Algorithms," Project Report, Washington University, St. Louis, USA, 2006.
[12]IEEE Standard 1619–2007, "The XTS-AES Tweakable Block Cipher," Institute of Electrical and Electronics Engineers, Inc., 2008.
[13]M. Dworkin, ''Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices,'' NIST SP 800-38E, 2009.
[14]M. Liskov, K. Minematsu, "Comments on XTS-AES" ,2008. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments- Liskov_Minematsu.pdf
[15]Matthew V. Ball, Cyril Guyot, James P. Hughes, Luther Martin & Landon Curt Noll, "The XTS-AES Disk Encryption Algorithm and the Security of Ciphertext Stealing," Cryptologia, vol. 36, no. 1, pp. 70-79, January 2012.
[16]M.A. Alomari, K. Samsudin, A.R.Ramli, "A Parallel XTS Encryption Mode of Operation," IEEE Student Conference on Reseach and Development (SCOReD), UPM Serdang, Malaysia, November 2009, pp. 172-175.
[17]"GnuPG PKI Module," http://www.gnupg.org.
[18]M. A. Halcrow, "Demands, Solutions, and Improvements for Linux Filesystem Security," Proceedings of the Linux Symposium, Ottawa, Canada, July 2004, pp. 269–286.
[19]Matt Blaze, "CFS Encrypting File System Source Code," http://www.crypto.com/software/.
[20]"OpenSSL FIPS Object Module v2.0 Source Code," 2012. http://www.openssl.org/source/ openssl-fips-2.0.tar.gz.
[21]"IOZone," http://www.iozone.org.
[22]"OpenCryptoki v2.4.2 PKCS#11 implementation for Linux," http://sourceforge.net/projects/opencryptoki.