Encrypted File System (EFS) - PowerPoint PPT Presentation

1 / 22
About This Presentation

Encrypted File System (EFS)


Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 2004 What will be covered!!!refer inline comments ... – PowerPoint PPT presentation

Number of Views:155
Avg rating:3.0/5.0
Slides: 23
Provided by: JimFa2
Learn more at: https://web.ecs.syr.edu
Tags: efs | encrypted | file | system


Transcript and Presenter's Notes

Title: Encrypted File System (EFS)

Encrypted File System (EFS)
  • Sankara Narayanan.
  • CSE 785 Computer Security,
  • Syracuse University, NY
  • Spring 2003 2004

What will be covered!!!refer inline comments
  • EFS What is this? A users Perspective.
  • Objective
  • Motivation
  • Related Work and Papers
  • Top Notch Encryption Algorithms
  • Design and Implementation Ideas Proposed
  • Design Issues An Area to be really looked on
  • Sample EFS Demo Sites.

EFSA users perspective.
  • Encrypted File System (EFS) provides the core
    file encryption technology used to store
    encrypted files on the File System.
  • Corporate world is very competitive, so any code,
    system specifications, often needs to be
  • We have to share data among many users or groups,
    the potential risk for a computer security from a
    users perspective.
  • Password Security Does nothing to preventing a
    disk being mounted on a different system and
    reading the contents.

Why EFS Users Perspective..Continued
  • The need for Encryption Technology arises from
    the perspective of an user.
  • Now many universities and organizations have an
    EFS design for this reason.

  • The Disk Encryption reduce risk of data exposure
    in a specific, if uncommon, scenario.
  • To avoid system risks such as
  • Computer is bodily stolen.
  • Someone inside the company is trying to
    compromise information.
  • The system is cracked while attached to a network
    or with some malicious software.
  • The primary benefit of the encrypted disk system
    is defense against device theft, and making your
    system a more secured one. Though, the risks are
    partially mitigated.

MotivationWhy EFS?
  • SecurityFirst and Foremost
  • Secures Data from being accessed by any malicious
    user / hacker.
  • Privacy
  • Ensure that private data is not accessed by other
    users ( may not be malicious).
  • Reliability An integral component
  • Only responsible people are provided access to
    important data
  • Resource Sharing
  • Many users can use the same system and still can
    work independently.

Related Work and Papers
  • StegFS A Steganographic File System for Linux,
    University of Cambridge.
  • CFS Cryptographic File System, Temple
  • SFS Secure File system, University of Minnesota
    and StorageTek.
  • TCFS Transparent Cryptographic File System,
    University of Salerno (Italy).
  • Cryptfs A Stackable Vnode Level Encryption File
    system, University of Columbia.

CFS Cryptographic File system refer inline
  • CFS File System is implemented on the Debian
  • Completely implemented at the user level.
  • CFS runs a daemon cfsdwhich uses the system
    calls to read and write the file contents.
  • Encrypted before reading and decrypted before
  • Simple and Easy to understand.

TCFS Transparent Cryptographic File System.
  • TCFS (Transparent Cryptographic File System) has
    been developed at the University of Salerno
    (Italy) and is currently available for Linux.
  • TCFS is like an extended NFS. It acts just like
    NFS, but allows a user to protect his/her files
    using encryption.
  • TCFS works as a layer under the VFS (Virtual File
    system Switch) layer, making it completely
    transparent to the applications.

TCFS Continuedrefer inline comments
  • The security is guaranteed by means of the DES
    (data encryption standard) algorithm.
  • A TCFS user trust only the kernel and the super
    user of the client machine accessing the data.
  • Application areas where TCFS is used a network
    of workstations with limited disk space, each
    used almost exclusively by a limited number of
    users (you can even think of each user as the
    super user of his/her own workstation) and a
    remote file server sharing files with all the

TCFS Continuedrefer inline comments
  • The security mechanism must guarantee that secure
    files are not readable
  • by any user other than the legitimate owner.
  • by tapping the communication lines between the
    user and the remote file system server.
  • by the super user of the file system server.
  • In TCFS, security acts in a transparent way.
    Secure files can be accessed in the same way as
    local files--the user has only to authenticate
    himself to TCFS before starting to work.

Working of TCFS
Files stored on Encrypted form in server
Each user has a different Encryption key to
TCFS Login Utility Provides Encryption key
Read a block of data from Server NFS Protocol
Requested block is decrypted first and then
passed to application
Data block written by application is first
encrypted with users key and then passed to
StegFS Steganographic File System
  • First, like any file system, it is able to manage
    the storage of files on a disk.
  • Second, it provides a mechanism for hiding files.
    This allows a user to plausibly deny the number
    of files stored on disk.
  • Third, it provides a mechanism for accessing
    files that have been hidden.

  • The file system implementation is installed along
    side the normal Ext2fs, Minix etc drivers between
    the VFS interface and blockbuffer cache.
  • StegFS contains the full functionality for Ext2fs
    driver for compatible access to non-hidden files.
  • StegFS distinguishes regular files and directory
  • StegFS also has a block allocation table (same as
    block allocation bitmap) for storing encrypted
    checksums for each block.( for detecting
    overwritten blocks).

Functionality of StegFS
  • The confidentiality of all hidden files are
  • Deletion of hidden or non-hidden leads
    automatically to their secure destruction.
  • Users can plausibly deny the number of files
    stored on the disk.
  • Lower layers can be voluntarily compromised
    without revealing the higher layers.

Top Notch Encryption Algorithms
  • AES Advanced Encryption Standard (Rijndael).
  • DES - Data Encryption Standard (DES) algorithm,
    adopted by the U.S. government in 1977.
  • 3DES Triple DES.
  • Blowfish

General Kernel Architecture.
User Process
open(), read(), write(), etc
System Call Interface
Minix FS
Buffer Cache
Device Driver
Disk Controller
Design and Implementation Ideas..
  • Many of the Implementation that we have seen
    here, has a kernel level implementation of the
    file system.
  • Certain implementations have also user level
    daemons running that call the kernel level
    programs ( e.g. NFS)
  • I am just describing one system architecture,
    each of the project team has to come up with
    their own creative designs.

Example -- General System Architecture
This blocks data size Encrypted
Data Area
KeyID Each Blocks max Data size Block Size
User Accessible Memory read() write()
Key DB
Key Encryption and
Design Issues..An area to be looked on...
  • The file pointer issues.
  • Buffer overflow problems how are you going to
    deal with this.
  • Key Management An area worth thinking about how
    you will manage your keys.
  • What effect does the process like read and write
    have on the files?
  • How are you going to define your system policy?
  • Problems related with revocation, change
    ownership etc.

Sample EFS Demo Sites.
  • You can run and see how the EFS works, I am
    listing some sample sites
  • http//www.geocities.com/openpgp/linux_en.html
  • http//www.linux.se/doc/lasg-www/encryption/

  • Thank You.
Write a Comment
User Comments (0)
About PowerShow.com