KVEFS: Encrypted File System Based on Distributed Key-Value Stores and FUSE

Giau Ho Kim,Ta Minh Thanh,Thanh Nguyen Kim,Nguyen Van Cuong,Vu Thi Ly,Trung Manh Nguyen,Son Hai Le,Thanh Nguyen Trung

doi:10.5121/ijnsa.2019.11204

Abstract

File System is an important component of a secure operating system. The need to build data protection systems is extremely important in open source operating systems, high mobility hardware systems, and miniaturization of storage devices that make systems available. It is clear that the value of the data is much larger than the value of the storage device. Computers access protection mechanism does not work if the thief retrieves the hard drive from the computer and reads data from it on another computer. Encrypted File System (EFS) is a secure level of operating system kernel. EFS uses cryptography to encrypt or decrypt files and folders when they are being saved or retrieved from a hard disk. EFS is often integrated transparently in operating system There are many encrypted filesystems commonly used in Linux operating systems. However, they have some limitations, which are the inability to hide the structure of the file system. This is a shortcoming targeted by the attacker, who will try to decrypt a file to find the key and then decrypt the entire file system. In this paper, we propose a new architecture of EFS called KVEFS which is based on cryptographic algorithms, FUSE library and key-value store. Our method makes EFS portable and flexible; Kernel size will not increase in Operating System.

Highlights

Security of the stored data on disk is an important area
– In this research, we propose a new architecture of encrypted file system based on a high performance distributed key-value store and Advanced Encryption Standard (AES)
We propose a method for building an encrypted file system using the libfuse, openssl, and openstars libraries, called KVEFS

Summary

Introduction

Security of the stored data on disk is an important area. The theft of the stored data may cause losing of personal information. Imagine for a day, you lose a computer, if you think the access control methods to prevent the thief from getting the data in the computer you are wrong They only need to get the hard disk from your computer and put it into another one, so all data is readable. For systems like encfs, the fact that the user opens the encrypted folder will see the number of files, directories, subdirectories (even if they are encrypted), and the time last modification, date of creation of the directory, file, the disclosure of the directory structure is a certain limitation of the existing file encryption system It provides several important informations for the hacker to attack our file system.

Objectives

Methods

Results

Conclusion