cryptographic file systems
TRANSCRIPT
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
CRYPTOGRAPHIC FILE SYSTEMS
UNDER THE GUIDANCE OF :
PROF CR MANDAL
DEPT OF COMPUTER SCIENCE
OUTLINEINTRODUCTION
A BRIEF RESUME OF ALTERNATE SOLUTIONS
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 2
OUTLINEINTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTIONS
INTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTION
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
CRYPTOGRAPHIC FILE SYSTEM - DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 3
OUTLINEINTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTIONS
INTRODUCTION
“SECURE DATA PROBLEM”
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 4
PROBLEM : DATA SECURITY
•SHARED RESOURCES
•NETWORKED COMPUTERS
•REMOTE FILE SYSTEMS
OUTLINEINTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTIONS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 5
AS A RESULT:-
•STORAGE OF SENSITIVE FILES IS PROBLEMATIC.
•INCONVENIENCE TO AUTHORISED USERS IN SEAMLESS ACCESS.
•OUT OF REACH OF ESSENTIAL SYSTEM SERVICES LIKE BACKUP ETC.
OUTLINEINTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTIONS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 6
INTUITIVE SOLUTION:- “APPLICATION OF CRYPTO TECHNIQUES”
•A PROMISING APPROACH.
•MODERN CIPHER ALGORITHMS SUFFICEINTLY STRONG.
OUTLINEINTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTIONS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 7
OUTLINEINTRODUCTION
A BRIEF RESUME OF ALTERNATE SOLUTIONS
BUT:-
•POORLY INTEGRATED FILE ENCRYPTION TOOLS.
•VULNERABLE TO NON-CRYPTOANALYTIC SYSTEM-LEVEL ATTACKS.
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 8
THEREFORE:-
•ANSWER MUST LIE IN A SYSTEM-LEVEL SOLUTION.
•BASIC FEATURE OF THE FILE SYSTEM INTERFACE ?
OUTLINEINTRODUCTION
BRIEF RESUME OF ALTERNATE SOLUTIONS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 9
BRIEF RESUME OF ALTERNATE SOLUTIONS
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 10
ANALYSIS:-
•USER – LEVEL CRYPTOGRAPHY
•INTEGRATED ENCRYPTION IN APPLICATION SOFTWARE
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 11
USER LEVEL CRYPTOGRAPHY:-
• FILE ENCRYPTION BY THE USER HIMSELF THROUGH A TOOL eg crypt IN LINUX
• ENCRYPTION AND DECRYPTION ARE DIRECTLY UNDER USER’S CONTROL
• cleartext MAY OR MAY NOT BE DELETED BY THE USER OR SOFTWARE
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 12
INTEGRATED ENCRYPTION IN APP SOFTWARE:-
• EACH PROGRAM HAS A BUILT-IN CRYPTO FACILITY
• AUTOMATICALLY ENCRYPT AND DECRYPT FILE DATA AS IT IS WRITTEN AND READ
• ALL APPS MUST INCLUDE SAME CRYPTO ENGINE
• ENCRYPTION FILTER FOR DATA FLOW AMONG DIFFERENT APPS
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 13
BUT:-
•USER LEVEL CRYPTOGRAPHY:-•INVITES MISTAKES, FAILURE TO DELETE cleartext
•TOO CUMBERSOME –KEY MUST BE SUPPLIED SEVERAL TIMES
•cleartext BACKUP ON LOCAL DISKS OR REMOTE FILE SYSTEMS BY APPS
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 14
BUT:-
•APPLICATION – BASED APPROACH:-•EACH APP MUST HAVE BUILT-IN CAPABILITY
•SUPPLY KEY TO EACH APPLICATION
•DATA INTEGRITY AND INTEROPERABILITY AMONGST DIFFERENT SOFTWARE
•PERFORMANCE PENALTY DUE TO MULTIPLE COPIES OF CRYPTO CODE
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 15
SYSTEM LEVEL CRYPTOGRAPHY:-
•IDENTIFICATION OF TRUST MODEL:-•WHICH COMPONENTS OF THE SYSTEM SHOULD BE TRUSTED?
•WHICH COMPONENTS ARE VULNERABLE TO COMPROMISE?
•TRUST SHOULD BE LIMITED TO THOSE PARTS OF THE SYSTEM THAT ARE DIRECTLY UNDER USER’S CONTROL
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 16
SYSTEM LEVEL CRYPTOGRAPHY:-
•IDENTIFICATION OF TRUST MODEL:-•PROTECTION OF PHYSICAL MEDIA
•INCLUDES ONLINE DISKS, BACKUP COPIES
•PROTECTION OF NETWORK CONNECTION INDISTRIBUTED SYSTEMS
•CAN YOU TRUST THE SERVER?
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 17
SYSTEM LEVEL CRYPTOGRAPHY:-
•PROTECTION OF PHYSICAL MEDIA:-•USAGE OF SPECIALISED HARDWARE
•DISK CONTROLLER WITH EMBEDDED ENCRYPTION HARDWARE
•COMPLETELY TRANSPARENT TO USER
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 18
SYSTEM LEVEL CRYPTOGRAPHY:-
•BUT:-•DIFFCULTY IN SHARING RESOURCES
•AVAILABILITY OF HARDWARE IS AN ISSUE
•DATA NOT PROTECTED TILL AND FROM REMOTE FILE SERVERS
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 19
SYSTEM LEVEL CRYPTOGRAPHY:-
•PROTECTION OF NETWORK CONNECTIONS:-•END-TO-END ENCRYPTION
•FILE SERVER SHOULD BE TRUSTED TO HOUSE KEYS
•TWO CRYPTO OPERATIONS FOR EACH FILE ACCESS AT SERVER – ADDING WORKLOAD AT SERVER
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 20
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC SERVICES IN A FILE SYSTEM
SYSTEM LEVEL CRYPTOGRAPHY:-
•YET ANOTHER APPROACH:-•CREATION OF ENCRYPTED AREAS ON DISK
•REQUIRES PREALLOCATION OF STORAGE SPACE TO A GIVEN KEY
•OFTEN APPEARS AS A SINGLE LARGE FILE AND DIFFICULT TO MANAGE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 21
CRYPTOGRAPHIC FILE SYSTEM
UNDERLYING PRINCIPLE
BRIEF RESUME OF ALTERNATE SOLUTIONSCRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 22
UNDERLYING PRINCIPLE:-
•WHERE SHOULD THE RESPONSIBILITY OF FILE ENCRYPTION BELONG IN THE SYSTEM?
•TOO LOW A LEVEL – TRUST COMPONENTS AWAY FROM USER’S CONTROL
•TOO CLOSE TO USER – HIGH DEGREE OF HUMAN INTERVENTION REQUIRED
BRIEF RESUME OF ALTERNATE SOLUTIONSCRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 23
UNDERLYING PRINCIPLE:-
UNTRUTSED COMPONNETS
TRUSTED COMPONENTS
DATA FLOW
BRIEF RESUME OF ALTERNATE SOLUTIONSCRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLE
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 24
CRYPTOGRAPHIC FILE SYSTEM
DESIGN GOALS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 25
DESIGN GOALS:-
•RATIONAL KEY MANAGEMENT•OBTAIN KEY FROM USER
• RESTRICT ASKING KEY TO ONCE PER SESSION
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 26
DESIGN GOALS:-
•TRANSPARENT ACCESS SEMANTICS•BEHAVIOUR OF ENCRYPTED FILES SHOULD NOT BE DIFFERENT FROM OTHER FILES
• ALL SYSTEM FILES SHOULD WORK NORMALLY
•POSSIBILITY OF COMPILATION AND EXECUTION IN A SECURE ENVIRONMENT
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 27
DESIGN GOALS:-
•TRANSPARENT PERFORMANCE•LOW COMPUTATIONAL PENALTY
• PROTECTION OF FILE CONTENTS•ACTUAL AND STRUCTURAL DATA SHOULD NOT BE REVEALED
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 28
DESIGN GOALS:-
•PROTECTION OF METADATA•PROTECTION OF FILENAMES ETC
• PROTECTION OF NETWORK CONNECTIONS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 29
DESIGN GOALS:-
•NATURAL KEY GRANULARITY•GROUPING OF RELATED CONTENTS WITH A SINGLE KEY
•EASY TO CREATE NEW KEYS FOR OTHER SUCH GROUPS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 30
DESIGN GOALS:-
•COMPATIBILITY WITH UNDERLYING SYSTEM SERVICES
•STORAGE AND MANAGEMENT SAME AS OTHER FILES
•BACKUP/RETSORE WITHOUT THE KNOWLEDGE OF KEY
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 31
DESIGN GOALS:-
•PORTABILITY•EXPLOITATION OF EXISTING INTERFACES
•SCALE•NO UNUSUAL LOAD ON SHARED COMPONENTS
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 32
DESIGN GOALS:-
•CONCURRENT ACCESS•POSSIBILITY OF SIMULTANEOUS ACCESS
•LIMITED TRUST•TRUST COMPONENTS ONLY UNDER DIRECT CONTROL
CRYPTOGRAPHIC FILE SYSTEM – UNDERLYING PRINCIPLECRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALS
UNIX FILE SYSTEM – A QUICK LOOK
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 33
UNIX FILE SYSTEM
A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 34
UNIX FILE SYSTEM
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 35
UNIX FILE SYSTEM
•ORGANISATION•TREE STRUCTURED NAMESPACE
•FILES IN LEAVES
•ROOT DIRECTORY - /
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 36
UNIX FILE SYSTEM
•LINKS•HARD LINK – FILENAME IN A DIRECTORY
•SYMBOLIC LINKS – FILE CONTAINER FOR A PATHNAME
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 37
UNIX FILE SYSTEM
•VIRTUAL FILE SYSTEM•MOUNT DIFFERENT FILE SYSTEMS
•KERNEL SOFTWARE LAYER TO HANDLE ALL SYSTEM CALLS FOR FILE SYSTEMS
•PROVIDES A COMMON INTERFACE TO FILE SYSTEMS
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 38
UNIX FILE SYSTEM
•VIRTUAL FILE SYSTEM
•/floppy :– MS-DOS
•/temp :- Ext2
$ cp /floppy/TEST /tmp/test
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 39
UNIX FILE SYSTEM
•TYPES OF FILE SYSTEMS:-•DISK-BASED FILE SYSTEMS eg Ext3, Ext4, ISO 9660, NTFS etc
•NETWORK FILE SYSTEMS eg NFS, Coda, AFS etc
•SPECIAL FILE SYSTEMS eg /proc
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 40
INTRODUCTIONBRIEF RESUME OF ALTERNATE SOLUTIONS
CRYPTOGRAPHIC SERVICES IN A FILE SYSTEM
UNIX FILE SYSTEM
•ROOT FILE SYSTEM:-•TREE WITH ‘/’ AS ROOT
•ALL OTHER FS MOUNTED ON ROOT
•VFS HANDLES VIRTUAL BLOCK DEVICES - /dev/loop0
•FS MAY BE STORED AS A SINGLE ENCRYPTED FILE
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 41
UNIX FILE SYSTEM
MULTIPLE FILE SYSTEMS MOUNTED UNDER ROOT
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 42
UNIX FILE SYSTEM
•COMMON FILE MODEL•SUPERBLOCK OBJECT
o STORES INFO ABOUT MOUNTED FS
o FOR DISK BASED SYSTEMS, CORRESPONDS TO A FS CONTROL BLOCK ON DISK
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 43
UNIX FILE SYSTEM
•COMMON FILE MODEL•INODE OBJECT
o GENERAL INFO ABOUT A SPECIFIC FILE
o FOR DISK BASED SYSTEMS, CORRESPONDS TO A FILE CONTROL BLOCK ON DISK
oASSOCIATED WITH AN UNIQUE INODE NUMBER
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 44
UNIX FILE SYSTEM
•COMMON FILE MODEL•FILE OBJECT
o STORES INFO ABOUT INTERACTION B/W AN OPEN FILE AND A PROCESS
o INFO EXISTS ONLY IN THE KERNEL MEMORY DURING THE INTERACTION
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 45
UNIX FILE SYSTEM
•COMMON FILE MODEL•DENTRY OBJECT
o STORES INFO ABOUT LINKING OF A DIRECTORY ENTRY WITH A PARTICULAR FILE
o DENTRY OBJECT IS UNIQUE FOR EACH FS
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 46
UNIX FILE SYSTEM
•FILESYSTEM HANDLING•ROOT FILESYSTEM – MOUNTED BY KERNEL DURING BOOTING
•OTHER FILESYSTEMS MOUNTED ON DIRECTORIES OF ALREADY MOUNTED FILE SYSTEMS – MOUNT POINTS
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 47
UNIX FILE SYSTEM
•IMPLEMENTATION OF SYSTEM CALLS THROUGH VFS
•PATHNAME LOOKUP – DERIVE INODE
•FILENAME – MAY BE THE MOUNT POINT OF ANOTHER FS
•PERFORM LOOKUP INSIDE THE NAMESPACE OF PROCESS
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 48
UNIX FILE SYSTEM
•IMPLEMENTATION OF SYSTEM CALLS THROUGH VFS
•PARENT PATHNAME LOOKUP –DERIVE DENTRY OBJECT
•LOOKUP OF SYMBOLIC LINKS
•IMPLEMENT THE OPERATION
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 49
UNIX FILE SYSTEM
•IMPLEMENTATION OF SYSTEM CALLS THROUGH VFS
write(f, &buf, len); Writes len bytes pointed to by &buf in the file represented by File Descriptor f
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 50
UNIX FILE SYSTEM
•IMPLEMENTATION OF SYSTEM CALLS THROUGH VFS
•VFS(PART OF KERNEL) PROVIDES GENERIC INTERFACE TO USER APPLICATIONS
•FILESYSTEM – SPECIFIC INTERFACE
•ALL OPERATIONS HAPPEN ON cleartext
CRYPTOGRAPHIC FILE SYSTEM – DESIGN GOALSUNIX FILE SYSTEM – A QUICK LOOK
CRYPTOGRAPHIC FILE SYSTEM
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 51
CRYPTOGRAPHIC FILE SYSTEM
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 52
CRYPTOGRAPHIC FILE SYSTEM
•CFS FUNCTIONALITY•PROVIDE SECURE FILE SERVICE
•NO NOTION OF SPECIALITY IN SECURE FILES
•INTERACTION THROUGH STANDARD SYSTEM CALLS
•TRANSPARENT FILE SYSTEM INTERFACE TO DIRECT
•USERS “attach” CRYPTO KEY TO A DIRECTORY
•SUCH ATTACHED DIRECTORIES AVAILABLE TO USERS WITH NORMAL SYSTEM CALLS
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 53
CRYPTOGRAPHIC FILE SYSTEM
•FUNCTIONALITY•FILES AUTOMATICALLY ENCRYPTED DURING READ AND WRITE
•NO MODIFICATION REQUIRED IN THE FILESYSTEM
•BACKUP, RESTORE, ARCHIVAL FUNCTION NORMALLY
•cleartext FILE CONTENTS NEITHER STORED NOR TRANSMITTED OVER NETWORK
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 54
CRYPTOGRAPHIC FILE SYSTEM
•FILE SYSTEM IMPLEMENTATION•PRESENTS A VIRTUAL FILE SYSTEM
•cmkdir - CREATES ENCRYPTED DIRECTORIES
•cattach - CREATES ENTRIES CFS ASSOCIATING DIRECTORIES WITH KEYS
/(root)
/usr
/abc /def
/xyz
/etc /crypt
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 55
CRYPTOGRAPHIC FILE SYSTEM
•FILE SYSTEM IMPLEMENTATION /(root)
/usr
/abc /def
/secrets /xyz
/etc /crypt
$ cmkdir /usr/abc/secretsKey: (user enters passphrase which does not echo)Again: (used to prevent errors)$
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 56
CRYPTOGRAPHIC FILE SYSTEM
•FILE SYSTEM IMPLEMENTATION /(root)
/usr
/abc /def/normal
/xyz
/etc /crypt
$ cattach usr/abc/secrets /crypt/normalKey: (same key used in cmkdir command)$
/secrets
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 57
CRYPTOGRAPHIC FILE SYSTEM
•FILE SYSTEM IMPLEMENTATION•ALL STANDARD FILE SYSTEM OPERATIONS WORK NORMALLY
•ACTUAL FILES STORED UNDER /usr/abc/secrets IN ciphertext
•APPEAR TO USER IN /crypt/normal IN cleartext
/(root)
/usr
/abc /def
/normal
/xyz
/etc /crypt
/secrets
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 58
CRYPTOGRAPHIC FILE SYSTEM
•FILE SYSTEM IMPLEMENTATION
/abc
/normal/xyz
/crypt
/secrets
$ echo “murder” >/crypt/normal/crimes$
/crimes/8b06e57hj399da81cs91827
murder
M-Z, k^J^BVM-VM-6A~uM-LM-_M-DM-^[
“VISIBLE” TO USERACTUAL
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 59
CRYPTOGRAPHIC FILE SYSTEM
•FILE SYSTEM IMPLEMENTATION /(root)
/usr
/abc /def
/secrets /xyz
/etc /crypt
$ cdetach normal$
/8b06e57hj399da81cs91827
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 60
CRYPTOGRAPHIC FILE SYSTEM
•ARCHITECTURE•IMPLEMENTED ENTIRELY AT USER LEVEL
•COMMUNICATES WITH UNIX KERNEL VIA NFS INTERFACE
•EACH CLIENT MACHINE RUNS A SPECIAL NFS SERVER, cfsd
•CLIENT KERNEL INTERACTS WITH CFS VIA 17 RPCs
•SERVER IS STATELESS
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 61
CRYPTOGRAPHIC FILE SYSTEM
DATA FLOW IN STANDARD FILESYSTEM DATA FLOW IN CFS
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 62
CRYPTOGRAPHIC FILE SYSTEM
DATA FLOW IN CFS / NFS
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 63
CRYPTOGRAPHIC FILE SYSTEM
•CONCLUSION•CFS PROVIDES A SIMPLE MECHANISM FOR DATA PROTECTION
•APPLICATION LEVEL CRYPTO TOO VULNERABLE
•DISK-LEVEL CRYPTO MAY NOT MATCH GRANULARITY
•NETWORK CRYPTO TOO CUMBERSOME
•HENCE, CFS IS IDEALLY PLACED IN THE SYSTEM FOR CRYPTO SERVICES
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR
ADITYA KARAN, 14CS60D05, DEPT OF COMPUTER SCIENCE CRYPTOGRAPHIC FILE SYSTEM SLIDE 64
REFERENCES
UNIX FILE SYSTEM – A QUICK LOOKCRYPTOGRAPHIC FILE SYSTEM
CONCLUSION
[1] BLAZE MATT, ACM CONFERENCE ON COMM AND COMP SECURITY, (MAY), 1993.
[2] HOWARD, J.H., KAZAR, M.L., MENEES, S.G., NICHOLS, D.A., SATYANARYANAN, M. & SIDEBOTHAM, R.N. "SCALE AND PERFORMANEE IN DISTRIBUTED FILE SYSTEMS." ACM TRANS. COMPUTING SYSTEMS, VOL. 6, NO. 1, (FEBRUARY), 1988.
[3] KLEIMAN, S.R., "VNODES: AN ARCHITECTURE FOR MULTIPLE FILE SYSTEM TYPES IN SUN UNIX." PREC. USENIX, 1986.
[4] LACY, J., MITCHELL, D., AND SCHELL, W., "CRYPTOLIB: A C LIBRARY OF ROUTINES FOR CRYPTOSYSTEMS." PREC. FOURTH USENIX SECURITY WORKSHOP, (OCTOBER), 1993.
[5] LAI, X. AND MASSEY, J. "A PROPOSAL FOR A NEW BLOCK ENCRYPTION STANDARD." PREC. EUROCRYPT 90, 389-404,1990.