CSFS: A New Encrypted File System with Group Sharing and Integrity Protection

Talk abstract:

Traditional cryptographic storage uses encryption to ensure confidentiality of file data. However, encryption can prevent efficient random access to file data. Moreover, no cryptographic storage file system allows file sharing with similar semantics to UNIX group sharing. The Cryptographic Storage File System (CSFS) provides confidentiality and integrity of data while enabling efficient random access and file sharing using mechanisms similar to UNIX groups. CSFS uses a delayed-write-encryption policy for caching, delayed re-encryption for distributed re-encryption, and a hash tree structure beneath the inode for integrity. While maintaining confidentiality and integrity, the cost of reading a block is O(1) amortized over a sequential read of the entire file of n blocks. Writes execute in worst-case O(lg n) time. CSFS also implements user authentication on the file server to overcome a serious loophole in the NFS security architecture.

Thesis title: Group Sharing and Random Access in Cryptographic Storage File Systems
Bellcore Company Supervisor: S. Rajagopalan
On-Campus Supervisor: Ron Rivest

Maintained by Kevin Fu