Portal de Periódicos da CAPES

ECFS

2012; Taylor & Francis; Volume: 6; Issue: 2 Linguagem: Inglês

10.4018/jisp.2012040104

1930-1669

Umashankar Rawat, Shishir Kumar,

Parallel Computing and Optimization Techniques

Proposed is a secure and efficient approach for designing and implementing an enterprise-class cryptographic file system for Linux (ECFS) in kernel-space. It uses stackable file system interface to introduce a layer for encrypting files using symmetric keys, and public-key cryptography for user authentication and file sharing, like other existing enterprise-class cryptographic file systems. It differs itself from existing systems by including all public-key cryptographic operations and public-key infrastructure (PKI) support in kernel-space that protects it from attacks that may take place with a user-space PKI support. It has a narrower domain of trust than existing systems. It uses XTS mode of AES algorithm for file encryption for providing better protection and performance. It also uses kernel-keyring service for improving performance. It stores the cryptographic metadata in file’s access control list (ACL) as extended attributes to ease the task of file sharing. A secure protocol has also been designed and implemented to guard against various possible attacks, when its files are accessed remotely over an untrusted network.