Applied Technologies and Innovations

  Previous Article | Back to Volume | Next Article
  Abstract | References | Citation | Download | Preview | Statistics
Volume 5
Issue 2
Online publication date 2011-11-01
Title Improving data integrity and performance of cryptographic log structured file systems
Author Genti Daci, Megi Shyle
Abstract Modern File systems like the Cryptographic Log Structured File System are aimed to provide security and confidentiality. Current deployments of such File Systems do not ensure the integrity of encrypted data, stored on disk. Due to Kernel bugs, racing conditions and arbitrary dead-locks, CLFS data can be damaged or modified by users and intruders. Financial systems are particularly concerned with security as business continuity is essential to the produced output. That's why, we considered necessary to intervene in two directions. First we will modify the way keys are stored in the system, as their safe storage is a clue point to the whole protection this system assures. Implementing a Trusted Platform Module is our suggestion to the case. Afterwards, provided this secure environment, our aim lies towards ensuring data integrity on CLFS without compromising the overall performance. This paper considers the standard data verification methods, with the main goal to overcome one of its major limitations, low performance of File System check-summing. To improve the performance of this process we try to study and examine various design choices and propose metadata check-summing. Several tests are made to prove that this added functionality does not significantly affect performance.   
Citation
References
Blaze, M., 1993. “A cryptographic file system for unix,” Proceedings of the 1st ACM Conference on Computer and Communication security, Fairfax, VA, November, pp.9-16

Chen, J., Liu, L., Feng, D., 2010. “Design and implementation of object-oriented encryption storage system based on trusted computing platform,” International conference on computational intelligence and security, pp.546-50

Jin, G., Bo, L., 2011. “Design and implementation of a cryptographic file system for linux based on trusted  computing platform,” Proceedings of the 4th International Conference on Intelligent Computation Technology and Automation ICICTA 2011, pp.102-105

Knutsson, K., 2002. "Security without cost: A cryptographic log-structured file system", Department of Software Engineering and Computer Science Blekinge Institute of Technology, pp.1-26

Patil, S., Kashyap, A., Sivathanu, G., Zadok, E., 2004. “I3FS: An in-kernel integrity checker and intrusion detection file,” Proceedings of LISA'2004, November 14-9, pp.67-77
Pearson, S., 2002. “Trusted computing platform, the next security solution,” Bristol UK: HP Laboratories

Rogaway, P. and Coppersmith D., 1997. “A software-optimized encryption algorithm,” Journal of Cryptology, Vol.11(4), pp.1-14

Rosenblum, M. and Ousterhout, J., 1992. “The design and implementation of a log-structured file system,” ACM Transactions on Computer Systems 10(1), February, pp.26-52

Zadok, E., 1998. “Cryptfs: A stackable vnode level encryption file system,” Technical report, CUCS-021-98, pp.1-14

SHA1: Secure hash standard, 1997. Federal Information Processing Standards Publication 180-1, pp.1-11

Sivathanu, G., Wright, C., Zadok, E., 2004. “Enhancing file system integrity through check-sums,” Stony Brook University Technical Report FSL-04-04, pp.1-5

Keywords Cryptography, data security, log structured file system, metadata check-summing, trusted platform module
DOI http://dx.doi.org/10.15208/ati.2011.8
Pages 1-10
Download Full PDF Download
  Previous Article | Back to Volume | Next Article
Share
Search in articles
Statistics
Journal Published articles
ATI 263
Journal Hits
ATI 698678
Journal Downloads
ATI 7514
Total users online -