Abstract
Proposed is a secure and efficient approach for designing and implementing an enterprise-class cryptographic file system for Linux (ECFS) in kernel-space. It uses stackable file system interface to introduce a layer for encrypting files using symmetric keys, and public-key cryptography for user authentication and file sharing, like other existing enterprise-class cryptographic file systems. It differs itself from existing systems by including all public-key cryptographic operations and public-key infrastructure (PKI) support in kernel-space that protects it from attacks that may take place with a user-space PKI support. It has a narrower domain of trust than existing systems. It uses XTS mode of AES algorithm for file encryption for providing better protection and performance. It also uses kernel-keyring service for improving performance. It stores the cryptographic metadata in file’s access control list (ACL) as extended attributes to ease the task of file sharing. A secure protocol has also been designed and implemented to guard against various possible attacks, when its files are accessed remotely over an untrusted network.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
