Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.

Slides:



Advertisements
Similar presentations
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Advertisements

E NHANCING F ILE D ATA S ECURITY IN L INUX O PERATING S YSTEM BY I NTEGRATING S ECURE F ILE S YSTEM PTD By, Ravikumar Madam Rajesh Kumar Pal, Indranil.
Database Administration and Security Transparencies 1.
The Zebra Striped Network Filesystem. Approach Increase throughput, reliability by striping file data across multiple servers Data from each client is.
CS-550: Distributed File Systems [SiS]1 Resource Management in Distributed Systems: Distributed File Systems.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Secure Off Site Backup at CERN Katrine Aam Svendsen.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
NFS. The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs. The implementation.
File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.
Operating Systems.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
EFS: Encrypted File system An Introduction & Final Project For CSE785: Computer Security Syracuse University Spring 2005.
EFS: encrypted File system Project by: Andrew Grossman Gaurav Gupta CMSC 691X-Summer 2002 University of Maryland Baltimore County.
File Systems (2). Readings r Silbershatz et al: 11.8.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Frangipani: A Scalable Distributed File System C. A. Thekkath, T. Mann, and E. K. Lee Systems Research Center Digital Equipment Corporation.
Presented by: Alvaro Llanos E.  Motivation and Overview  Frangipani Architecture overview  Similar DFS  PETAL: Distributed virtual disks ◦ Overview.
Distributed File Systems Concepts & Overview. Goals and Criteria Goal: present to a user a coherent, efficient, and manageable system for long-term data.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Networked File System CS Introduction to Operating Systems.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
SODA Archiving October 2013
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
What is a Distributed File System?? Allows transparent access to remote files over a network. Examples: Network File System (NFS) by Sun Microsystems.
Types of Electronic Infection
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
Summary of Distributed Computing Security Yifeng Zou Georgia State University
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
ITEC 502 컴퓨터 시스템 및 실습 Chapter 11-2: File System Implementation Mi-Jung Choi DPNM Lab. Dept. of CSE, POSTECH.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Unit 9: Distributing Computing & Networking Kaplan University 1.
Lecture 18 Windows – NT File System (NTFS)
Security Vulnerabilities in A Virtual Environment
MINIX Presented by: Clinton Morse, Joseph Paetz, Theresa Sullivan, and Angela Volk.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Major OS Components CS 416: Operating Systems Design, Spring 2001 Department of Computer Science Rutgers University
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Computer Security Sample security policy Dr Alexei Vernitski.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Outline What does the OS protect? Authentication for operating systems
File System Implementation
Operating System Structure
Outline What does the OS protect? Authentication for operating systems
Chapter 2: System Structures
Firewalls Routers, Switches, Hubs VPNs
Distributed File Systems
Distributed File Systems
Outline Announcements Lab2 Distributed File Systems 1/17/2019 COP5611.
Chapter 2: Operating-System Structures
Distributed File Systems
Outline Chapter 2 (cont) OS Design OS structure
Chapter 15: File System Internals
ONLINE SECURE DATA SERVICE
Outline Review of Quiz #1 Distributed File Systems 4/20/2019 COP5611.
Distributed File Systems
Chapter 2: Operating-System Structures
Distributed File Systems
Presentation transcript:

Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004

What will be covered!!! refer inline comments EFS– What is this? A user’s Perspective. Objective Motivation Related Work and Papers Top Notch Encryption Algorithms Design and Implementation Ideas Proposed Design Issues – An Area to be really looked on Sample EFS Demo Sites.

EFS—A users perspective. Encrypted File System (EFS) provides the core file encryption technology used to store encrypted files on the File System. Corporate world is very competitive, so any code, system specifications, often needs to be controlled. We have to share data among many users or groups, the potential risk for a computer security from a users perspective. Password Security – Does nothing to preventing a disk being mounted on a different system and reading the contents.

Why EFS– User’s Perspective..Continued… The need for Encryption Technology arises from the perspective of an user. Now many universities and organizations have an EFS design for this reason. WELCOME TO THE WORLD OF EFS.

Objectives.. The Disk Encryption reduce risk of data exposure in a specific, if uncommon, scenario. To avoid system risks such as:  Computer is bodily stolen.  Someone inside the company is trying to compromise information.  The system is cracked while attached to a network or with some malicious software. The primary benefit of the encrypted disk system is defense against device theft, and making your system a more secured one. Though, the risks are partially mitigated.

Motivation—Why EFS? Security—First and Foremost  Secures Data from being accessed by any malicious user / hacker. Privacy  Ensure that private data is not accessed by other users ( may not be malicious). Reliability – An integral component  Only responsible people are provided access to important data Resource Sharing  Many users can use the same system and still can work independently.

Related Work and Papers StegFS: A Steganographic File System for Linux, University of Cambridge. CFS: Cryptographic File System, Temple University. SFS: Secure File system, University of Minnesota and StorageTek. TCFS: Transparent Cryptographic File System, University of Salerno (Italy). Cryptfs: A Stackable Vnode Level Encryption File system, University of Columbia.

CFS: Cryptographic File system refer inline comments CFS File System is implemented on the Debian Distribution. Completely implemented at the user level. CFS runs a daemon “cfsd”which uses the system calls to read and write the file contents. Encrypted before reading and decrypted before writing. Simple and Easy to understand.

TCFS: Transparent Cryptographic File System. TCFS (Transparent Cryptographic File System) has been developed at the University of Salerno (Italy) and is currently available for Linux. TCFS is like an extended NFS. It acts just like NFS, but allows a user to protect his/her files using encryption. TCFS works as a layer under the VFS (Virtual File system Switch) layer, making it completely transparent to the applications.

TCFS: Continued… refer inline comments The security is guaranteed by means of the DES (data encryption standard) algorithm. A TCFS user trust only the kernel and the super user of the client machine accessing the data. Application areas where TCFS is used: a network of workstations with limited disk space, each used almost exclusively by a limited number of users (you can even think of each user as the super user of his/her own workstation) and a remote file server sharing files with all the workstations

TCFS: Continued… refer inline comments The security mechanism must guarantee that secure files are not readable:  by any user other than the legitimate owner.  by tapping the communication lines between the user and the remote file system server.  by the super user of the file system server. In TCFS, security acts in a transparent way. Secure files can be accessed in the same way as local files- -the user has only to authenticate himself to TCFS before starting to work.

Working of TCFS Files stored on Encrypted form in server Each user has a different Encryption key to access TCFS Login Utility – Provides Encryption key Read a block of data from Server – NFS Protocol Requested block is decrypted first and then passed to application Data block written by application is first encrypted with user’s key and then passed to server

StegFS: Steganographic File System First, like any file system, it is able to manage the storage of files on a disk. Second, it provides a mechanism for hiding files. This allows a user to plausibly deny the number of files stored on disk. Third, it provides a mechanism for accessing files that have been hidden.

Continued..StegFS The file system implementation is installed along side the normal Ext2fs, Minix etc drivers between the VFS interface and blockbuffer cache. StegFS contains the full functionality for Ext2fs driver for compatible access to non-hidden files. StegFS distinguishes regular files and directory files. StegFS also has a block allocation table (same as block allocation bitmap) for storing encrypted checksums for each block.( for detecting overwritten blocks).

Functionality of StegFS The confidentiality of all hidden files are guaranteed. Deletion of hidden or non-hidden leads automatically to their secure destruction. Users can plausibly deny the number of files stored on the disk. Lower layers can be voluntarily compromised without revealing the higher layers.

Top Notch Encryption Algorithms… AES – Advanced Encryption Standard (Rijndael). DES - Data Encryption Standard (DES) algorithm, adopted by the U.S. government in DES – Triple DES. Blowfish

General Kernel Architecture. open(), read(), write(), etc User Process System Call Interface VFS Ext2fs Minix FS Buffer Cache Device Driver Kernel Disk Controller Hardware

Design and Implementation Ideas.. Many of the Implementation that we have seen here, has a kernel level implementation of the file system. Certain implementations have also user level daemons running that call the kernel level programs ( e.g.: NFS) I am just describing one system architecture, each of the project team has to come up with their own creative designs.

Example -- General System Architecture KeyID Each Blocks max Data size Block Size This blocks data size Encrypted Data Area User Accessible Memory read() write() Key DB Key Encryption and Decryption Process

Design Issues..An area to be looked on... The file pointer issues. Buffer overflow problems – how are you going to deal with this. Key Management – An area worth thinking about how you will manage your keys. What effect does the process like read and write have on the files? How are you going to define your system policy? Problems related with revocation, change ownership etc.

Sample EFS Demo Sites. You can run and see how the EFS works, I am listing some sample sites:  

Conclusion. Thank You.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.