Friday, October 19, 2018

Cryptographic file system


Abstract
The security of data is more essential nowadays than ever due to the increase in the interconnection of networks and the communication using multiple media and interconnected devices. The evolution of data threats and the issue of cyber security is also another thing that is making the protection of data and secure communications to be more important nowadays than ever. Despite the fact that the cryptographic file systems have been around for quite long, they have not received the desired attention and application.  One of the hindrances to the adoption of the file cryptographic file systems is that their performance is effect is assumed to be very high and unknown.  The article is intended to discus about the types of cryptographic file systems, performance comparisons, counterintuitive results and other areas regarding the improvements of the available cryptographic file systems.


Introduction
The security of data is more important because it is the data that determines the business continuity of organizations. Data loss can have a negative implication to the operations of companies.  As the Web is becoming more pervasive, the security attacks have also grown.  There are many available studies that show that the many organizations have lost their revenues via the security breaches.  Many systems n methods have also been developed to address the issue of data confidentiality. Three factors are key when analyzing the security systems, and that factor secludes the security, performance, and the ease-of-use. Those concerns seem to compete; for instance, if a security system is too difficult to use, it is likely that the users will circumvent it.  Furthermore, when an encryption system seems to slow down the work of the users, they simply turn it off.  Even though the analysis of cryptographic file systems is of paramount importance, a real-world performance comparison has not yet been made.
Cryptographic File Systems
Several cryptographic file systems exist.  They vary from the bloc-based to native disk fie systems, stackable file systems, and native disk systems through to encryption applications.  Each of those cryptographic approaches has its merits and demerits, and that is discussed in more detail below.
Block-Based Encryption Systems
The block-based file systems do operate below the level of file systems, and they are useful in encrypting a single disk block at a time. The advantage of that is that they do not require knowing the file system residing on the top of them, and they can be useful in swapping the partitions that may need to gain access to raw partitions. Furthermore, they do not show the information of individual files or the directory structure.  The cryptoloop is a Linux loopback device that serves as an example of the block device that is used for data transformation before being written and it is read from native file to offer encryption (Wright, Martino & Zadok, 2003).  The Linux kernels also have incorporated a cryptographic framework known as CryptoAPI used to export uniform interfaces for all the hashes and ciphers.  The Cryptoloop driver and the IPSec use the facilities.
Three backing stores for the loopback driver do exist including the preallocated file, raw device, and a sparse backing.   The usage of files rather than devices adds performance consequences such as cutting down the cache by half as the blocks are stored in the memory in the form of encrypted and unencrypted data.  The methods mentioned above have each its advantages and drawbacks associated with ease-of-use and security. The usage of preallocated file has been found to be more secure as compared to the use of sparse files because an attacker may not have the ability to differentiate the random data stored in the file from the encrypted data (Yun, Shi & Kim, 2009). The use of the preallocated file, however, requires the spaces to be set aside to store the encrypted files before encryption.  The usage of the sparse backing store al omens that there is no need to ensure the preallocation of space for the encrypted data although it unravels more about the file system structure.
Disk-Based cryptographic file systems
The disk-based systems used for data encryption are placed in a higher encryption level as compared to the block-based systems (Blaze, 1993).  Those file systems can access all per directory and per file data thereby making it possible for them to carry out complex authentication and authorization of access apart from controlling the layout of data. That mean that these types of cryptographic file systems limit the amount of information an attacker can access concerning the file size and its owner although those attributes are often revealed so as to preserve the disk structure of the file systems. Another thing with these types of cryptographic file systems is that there is no layer of indirection, meaning that these types of cryptographic file systems have a better performance than the techniques discussed in this article including the loop devices.
Microsoft uses an Encryption File System that has a basis son the NT kernel. The EFS is n extension of NTFS, and it leverages the Windows authentication techniques and the Windows ACLs. The EFS is tightly coupled to the DLLs for the purpose of performing the encryption as well as the Local Security Authentication Server used to accomplish authentication (Wright, Martino & Zadok, 2003).  The SegFS is also another system that uses steganography and encryption. If the attackers investigate the system, they can only know that there is data that is hidden although they cannot access that data. They do not have the knowledge of the contents of the hidden data as well as the extent of hidden data. In this case, an Ext2 kernel driver is used to store a separate block-allocation table for each level of security. One cannot know the number of security levels unless one has a key to each level of security.  Although the StegFS does ensure the deniability of knowing the existence of data, it has performance degradation by a factor of 6-196 that consequently makes this method impractical for many applications.
Networked Loopback Cryptographic File Systems
The networked file systems abbreviated as NBFS work at a higher level of abstraction as compared to the disk-based cryptographic file systems. Therefore, BNFSs have the capacity of controlling the on-disk file layout. These types of encryption systems have two main advantages including the ability to operate on top of the file systems, and the fact that they are more portable when compared to the disk-based cryptographic file systems (Wright, Martino & Zadok, 2003). The main disadvantage of these file systems is that their performance and security is low. The fact that each request needs to travel over a network stack, these type of cryptographic file systems require more data companies hence making performance top suffer.  These types of file encryption systems are less secure as they are vulnerable to all weaknesses of the network protocols underlying them.
The examples of these types of cryptographic file systems include the CFS that implements a user-level NFS server and the TCFS that implements a kernel-mode NFS client.  In the case of a CFS, the specification of the key and the cipher takes place during the time when the encrypted directories are being created (Wright, Martino & Zadok, 2003). The usage of the CFS daemon offer the owners of files with access to the encrypted data through an attach command.  After the daemon verifies the key and the user ID, a directory is created in the mount point directory to serve as an unencrypted window through which the user can access the encrypted data (McDonald & Kuhn, 1999). When the directory has been attached, the user can gain access to it just like any directory.   The CFS has a wide choice of in-built ciphers. The main problem with this approach is that the performance is poor.  Because CFS this approach runs in user mode, several context switches, and data copies have to be performed between the user space and the kernel.
The TCFS, on the other hand, is a cryptographic file system implemented as a modified NFS client with some modifications.  Because it is being used together with the NFS server, this type of networked loopback file system works transparently with a remote file system thereby eliminating the need of having particular attach and detach commands (Blaze, 1993).  The encryption of data would require a user to create an encrypted attribute on the directories as well as the files within the network file system mount data.  It integrates with LINUX authentication system instead of requiring a separate passphrase.  TCFS uses the database to store the group keys as well as the encrypted user.  It can limit the group access to the files and directories to a given number of LINUX users, and it also allows some mechanism for reconstructing the group keys in case a member becomes unavailable.  It can work with any network interface as well as remote users.
The Stackable Cryptographic File Systems
The stackable file systems are the combination of the disk-based file systems as well as the loopback network files systems.  These types of cryptographic file systems can operate on top of the file systems, and there is no need to copy the data through the network stack across the user-kernel borders (Wright, Martino & Zadok, 2003). They are also portable thereby making it possible to be used by several operating systems. There are two examples of the stackable files systems including the Crypts and the NCryptFS. The CryptFS are a part of the FiST toolkit, and they were never designed to be secure, but they apply the concept of the FiST.  They can only implement one cipher and a limited scheme for key management.  On the other hand, the NCcryptFS are stackable cryptographic file systems whose design is to balance the security, performance and the convenience (Wright, Martino & Zadok, 2003). They allow the system administrators to customize them according to their specific requirements.
Applications
There are applications that are useful for accomplishing file encryption, and GPG of the crypt are examples of such application residing on the file system.  The applications are however inconvenient to the users because every time a user wants to access a given file, they have to encrypt manually or decrypt the file (McDonald & Kuhn, 1999).  That is to say; the solution requires more user interaction to encrypt if decrypt the file making it possible to make mistakes that in turn result in damaging the files or leaking the sensitive data.  Also, a file may be in storage in the form of a clear text on a disk as the user is working on the same.  The file encryption can also have integration into the applications, although that shifts the task from the users to the application programmers.
Often, the application developers would not want to take the responsibility of extra time and effort implementing features that they know very well that it only a few users are likely to need them (Pletka & Cachin, 2007).  Even though encryption is a crucial feature that needs to have amalgamation into the applications being developed; there are two major disadvantages to that approach.  For one, each extra application on which a user relies to function correctly impacts the performance of the system.  The other disadvantage of the approach is that each application may implement encryption in a different way thereby making the use of file systems in separate programs difficult.
Cryptographic File Systems Design
One of the implementations of cryptographic file systems takes place via the use of a file system that is kernel-resident.  That kind of implementation mode is useful in the CryptFS. The usage of such an implementation model makes it possible to mount any file system to the directory and on top of the file system like the UFS or the NFS.  The model also eliminates the need to have additional daemon processes to exploit so as to gain access to the files or possibly to the system.  The interface being used by the CryptFS is via the virtual node also known as the stackable V-node. Linux-based Oss leverages the V-nodes to represent open files, devices, directory or other objectives.  The virtual nodes do not expose the file systems they implement. They use the concept known as V-stacking to allow the function modularization of the file system whereby one virtual node interface node calls another.  Below is a diagram showing how this takes place (McDonald & Kuhn, 1999).
Conclusion
The contribution of this article has offered the discussion of the available file encryption systems including the comparative analysis of those systems.  The cryptographic file systems are becoming commonplace due to the heightening threat of the cyber braches that has been making organizations to lose many funds through the same.  Data and information are crucial for the operation of the organizations and losing the same can make the organizations to lose their image apart from undergoing huge financial losses in trying to recover from the leakage. The cryptographic file systems are useful in the protection data from being accessed by attackers by encrypting it.  They help to hide the data from being observable by the attackers that leverage loopholes in the information systems.  The paper has discussed the various encryption systems and techniques including the design of the same, particularly the CryptFS.  Through the paper, the most suitable and dependable cryptographic file system can be understood so that the organizations can implement the systems that will help them to have the best file cryptography for their data.

References
Blaze, M. (1993, December). A cryptographic file system for UNIX. In Proceedings of the 1st ACM conference on Computer and communications security (pp. 9-16). ACM.
McDonald, A. D., & Kuhn, M. G. (1999, September). StegFS: A steganographic file system for Linux. In Information Hiding (pp. 463-477). Springer Berlin Heidelberg.
Wright, C. P., Martino, M. C., & Zadok, E. (2003, June). NCryptfs: A Secure and Convenient Cryptographic File System. In USENIX Annual Technical Conference, General Track (pp. 197-210).
Wright, C. P., Martino, M. C., & Zadok, E. (2003, June). NCryptfs: A Secure and Convenient Cryptographic File System. In USENIX Annual Technical Conference, General Track (pp. 197-210).
Pletka, R., & Cachin, C. (2007, September). Cryptographic Security for a High-Performance Distributed File System. In MSST (pp. 227-232).
Yun, A., Shi, C., & Kim, Y. (2009, November). On protecting integrity and confidentiality of cryptographic file system for outsourced storage. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 67-76). ACM.

Sherry Roberts is the author of this paper. A senior editor at Melda Research in nursing writing services if you need a similar paper you can place your order for Customized Research Papers.



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Buy thesis Online for Cheap

We are keen on ensuring that, any time students Buy thesis Online papers from our website, they get good grades that align with their expec...

  • Positive relationships
    Teaching positive relationships Age group The lesson is for Middle school students. Standards Students will acquire knowledge on h...
  • The Shocking Truth About Thesis Writing Services
    Our team of thesis writing services writers consists of retired and unemployed professors work tirelessly to ensure that clients acquire im...
  • Buy thesis Online for Cheap
    We are keen on ensuring that, any time students Buy thesis Online papers from our website, they get good grades that align with their expec...