Secure File Storage
-
Upload
donna-albert -
Category
Documents
-
view
41 -
download
1
description
Transcript of Secure File Storage
![Page 1: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/1.jpg)
Secure File Storage
Nathanael Paul
CRyptography Applications Bistro
March 25, 2004
![Page 2: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/2.jpg)
Choosing an Encrypted File System (EFS)
• Require kernel patch?
– root needed
• How much control is root given?
– Swap space
• Key management
• Backups and recovery options
• Very few files need encryption or entire file system?
• Sharing options?
![Page 3: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/3.jpg)
Multitude of solutions
• Linux Crypto API
• Windows EFS
• CFS
– Early UNIX implementation
• SiRiUS
• Steganographic file systems
– not ready for use
• ppdd
– Encrypts root partition, and swap space?
![Page 4: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/4.jpg)
CFS
• Early implementation by Matt Blaze
– First free UNIX EFS
– Client NFS server listening on localhost interface
• Key for each directory
– Uses passphrases
• Implemented in user-level
![Page 5: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/5.jpg)
Accessing filesmain() {
…
read();
…
}VFS
NFS
LocalFileSys
Network
![Page 6: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/6.jpg)
CFS (a.k.a. /crypt)
VFS
CFS
LocalFileSys
…Mount points
![Page 7: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/7.jpg)
CFS
NFS Encrypt/Decrypt
VFS call (e.g., read())
call VFS again, but go to file on storage media
![Page 8: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/8.jpg)
Accessing filesmain() {
…
read();
…
}VFS
CFS
EncryptedLocalFileSys
…
![Page 9: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/9.jpg)
CFS Advantages/Drawbacks
• Key for each directory
– Usability?
• Implemented in user-level (slow)
– Makes it simpler
– RPC calls
– But most EFSs are slow
• Not possible to have different files under different groups in same directory
– IV is stored in group id field in inode
![Page 10: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/10.jpg)
Stackable v-nodes: CryptFS
![Page 11: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/11.jpg)
Linux CryptoAPI
• File system mounted on loopback device which is mounted on directory mount point
• Loopback device intercepts kernel commands
![Page 12: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/12.jpg)
So why SiRiUS?• Assumes file server untrusted
– No change to file server
• Distinguishes read/write access
– Sharing
• Only a few keys needed
• Like CFS, users run user-level daemon
• Good for sharing among small groups
• Timely revocation
– Rollback attacks
![Page 13: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/13.jpg)
main() {
…
read();
…
}VFS
SiRiUS
LocalFileSys
Network
![Page 14: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/14.jpg)
SiRiUS Overview• Intercepts NFS requests
– Process requests and send to NFS server
• Could mimic CFS
– Process requests and send to VFS of local file system
• SiRiUS faster with NFS (compared to CFS), since requests go straight to NFS server and not through VFS to regular NFS client on machine
![Page 15: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/15.jpg)
Files in SiRiUS• Files stored in 2 parts
– md-file: file metadata• Access control
– d-file: file itself• Encrypted with unique symmetric File Encryption Key
(FEK)
• Signed with a unique File Signature Key (FSK)
– To read, user needs FEK
– To write, user needs FSK
![Page 16: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/16.jpg)
md-files
Encrypted Key Block (Owner)
Encrypted Key Block (User 1)
Encrypted Key Block (User n)
… FSK
Metdata last modified timestamp
filenameOwner’s hash of metadata
MSK used
MEK
![Page 17: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/17.jpg)
Encrypted Key Blocks
Username
(or keyID)
FEK
FSK public key
Plaintext
Encrypted with MEK of user
read/write
read
Username
(or keyID)
FEK
Plaintext
Encrypted with MEK of user
![Page 18: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/18.jpg)
Freshness Guarantees• Prevent rollback attacks
– Alice replaces new md-file with an older saved md-file
• mdf-file: metadata freshness file
– One in each directory of user’s file system
– Stamped with unique Master Signing Key (MSK) of user
– Contains root of hash tree of all md-files in current directory and mdf-files in immediate subdirectories
![Page 19: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/19.jpg)
Creating mdf-files1. Apply SHA-1 hash on each md-file in current
directory (verifying md-file signatures as you go)
2. Concatenate resulting hashes together with mdf-files of immediate subdirectories and apply SHA-1 hash to concatenation
3. Place final hash and directory name in mdf-file
Note: Timestamp used before final hash of concatenated hashes on root mdf-file
![Page 20: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/20.jpg)
Verifying a file• Files are guaranteed up to timestamp on root mdf-
file
• Verifying a file in root directory
– Compute mdf-file hash and check timestamps
• Verifying a file not in the root directory
– Apply first 2 steps of creation of mdf-file recursively up to root directory comparing each mdf-file in its subdirectories
• Requires checking many hashes
– What happens if a file in a non-related subtree’s hash doesn’t match up?
![Page 21: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/21.jpg)
File swapping attack• Bob wants access to Alice’s /home/alice/secret.txt,
but Bob only has read access to /home/alice/readme.txt
• Bob switches filenames with secret.txt and readme.txt
• Would work if filename not included in md-file
• Directory included in mdf-file to prevent directory swapping
![Page 22: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/22.jpg)
Creating a file• Generate random DSA signature FSK
• Generate random AES FEK
• Generate encrypted key block
• Owner’s hash of metadata
• Create md-file
• Encrypt file data
– Use FEK
– Apply SHA-1 to encrypted data and sign with private key of FSK. Append hash to data.
• Update root mdf-file
![Page 23: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/23.jpg)
File Sharing, Reading, Writing• Use IBE (or other PKI)
– Will need public key of those that will have shared access to create their encrypted key blocks
– Will need public key of owner to verify signature and freshness of md-file
![Page 24: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/24.jpg)
User keys• MSK, MEK
– Can be used without SiRiUS
• Revocation
– Read: change FEK, remove user’s key block, update other key blocks with new FEK, reencrypt and sign d-file, update md-file signature, update root mdf-file
– Write: same as read except create new FSK, and sign with new key (write implies read access)
![Page 25: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/25.jpg)
Performance (ms)Test File Size Kernel NFS DumbFS SiRiUS
File Creation
0 0.4 3.4 14.5
File Deletion
0 0.3 0.4 1.1
Sequential Read
8 kb 0.9 1.4 18.0
Sequential Write
8 kb 1.1 2.0 21.9
Sequential Read
1 Mb 96.7 97.8 223.8
Sequential Write
1 Mb 100.0 102.7 632.9
![Page 26: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/26.jpg)
Performance• Caching and optimizations pay off on larger files
• If working on smaller files, it’s much slower
• Read/Write
– Encrypt data (decrypt for read), verify 3 signatures (2 for file integrity, one for freshness), generate a signature (not for a read)
![Page 27: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/27.jpg)
Conclusions• Encrypted file systems throw normal performance
out the window
• Read/write capabilities of SiRiUS are nice
• Single user with just a few critical files
– Program to manually perform encryption is probably sufficient
![Page 28: Secure File Storage](https://reader035.fdocuments.net/reader035/viewer/2022062314/56812a46550346895d8d802c/html5/thumbnails/28.jpg)
How to really protect your data…• Burn it at 3,000 degrees...