1 / 23

EFS: Encrypted File system

EFS: Encrypted File system. An Introduction & Final Project For CSE785: Computer Security Syracuse University Spring 2005. Overview:. EFS: What? Why? Related Work Project Introduction Background: Encryption/Decryption algorithms Mounting file system Minix System Call

johnbruce
Download Presentation

EFS: Encrypted File system

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EFS: Encrypted File system An Introduction & Final Project For CSE785: Computer Security Syracuse University Spring 2005

  2. Overview: • EFS: What? Why? • Related Work • Project Introduction • Background: • Encryption/Decryption algorithms • Mounting file system • Minix System Call • Project Requirement • Some design & implementation ideas • My help session topics • Conclusion

  3. EFS: what is it? • Encrypted File System (EFS) provides the core file encryption technology used to store encrypted files on the File System. • Corporate world is very competitive, so any code, system specifications, often needs to be controlled. • We have to share data among many users or groups, the potential risk for a computer security from a users perspective. • Password Security – Does nothing to preventing a disk being mounted on a different system and reading the contents.

  4. EFS: why do we need it? • Security—First and Foremost • Secures Data from being accessed by any malicious user / hacker. • Privacy • Ensure that private data is not accessed by other users ( may not be malicious). • Reliability – An integral component • Only responsible people are provided access to important data • Resource Sharing • Many users can use the same system and still can work independently.

  5. EFS: benefits • The Disk Encryption reduce risk of data exposure in a specific, if uncommon, scenario. • To avoid system risks such as: • Computer is bodily stolen. • Someone inside the company is trying to compromise information. • The system is cracked while attached to a network or with some malicious software. • The primary benefit of the encrypted disk system is defense against device theft, and making your system a more secured one. Though, the risks are partially mitigated.

  6. EFS: a definition from whatis.com • The Encrypting File System (EFS) is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. EFS is especially useful for mobile computer users, whose computer (and files) are subject to physical theft, and for storing highly sensitive data. EFS simply makes encryption an attribute of any file or folder. To store and retrieve a file or folder, a user must request a key from a program that is built into Windows 2000. • Although an encrypting file system has existed in or been an add-on to other operating systems, its inclusion in Windows 2000 is expected to bring the idea to a larger audience.

  7. Related work • StegFS: A Steganographic File System for Linux, University of Cambridge. • CFS: Cryptographic File System , Temple University. • SFS: Secure File system, University of Minnesota and StorageTek. • TCFS :Transparent Cryptographic File System) University of Salerno (Italy).

  8. Project Introduction In this project, we would like you to • Design a scheme to add security features to the existing file system and • Devise ways to encrypt / decrypt files using the encryption algorithms

  9. Background Knowledge Encryption/Decryption Algorithms Two types of Encryption/Decryption Schemes • Symmetric Key (Secret-key) Scheme • DES: Data Encryption Standard • AES: Advanced Encryption Standard • Asymmetric Key (public-key) Scheme • RSA: reinvented by Rivest, Shamir, and Adleman • ECC: Elliptic Curve Cryptography

  10. Symmetric Key Algorithms • A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. (Actually, it is sufficient for it to be easy to compute the decryption key from the encryption key and vice versa.) • Other terms for symmetric-key encryption are single-key and private-key encryption

  11. AES Algorithm • Advanced Encryption Standard, a symmetric 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. • AES works at multiple network layers simultaneously. • The U.S government adopted the algorithm as its encryption technique in October 2000, replacing the DES encryption it used. • The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce selected the algorithm, called Rijndael, out of a group of five algorithms under consideration, including one called MARS from a large research team at IBM.

  12. Asymmetric Key Algorithms • An encryption method that uses a two-part key: a public key and a private key. • To send an encrypted message to someone, you use the recipient's public key, which can be sent to you via regular e-mail or made available on any public Web site or venue. • To decrypt the message, the recipient uses the private key, which he or she keeps secret. Contrast with "secret key cryptography," which uses the same key to encrypt and decrypt • Usually we call it Public Key algorithms

  13. Background Knowledge Mounting File System • All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. • The mount command serves to attach the file system found on some device to the big file tree. • Conversely, the umount command will detach it again.

  14. Background Knowledge System Call Implementation • We expect the implementation in kernel level, so you should make use of system calls • On how to implement system calls, please refer to materials in help session 3: system call creation & implementation

  15. Project Requirements We expect you to design and implement a working encrypted file system for the Minix operating system, which includes: • Individual users should have their keys for encrypting and decrypting files • Key management in the system • File management • Authenticate the user trying to login to the system

  16. General Kernel Architecture. User Process open(), read(), write(), etc System Call Interface VFS Kernel Ext2fs Minix FS Buffer Cache Device Driver Disk Controller Hardware

  17. Design and Implementation Ideas.. • Many of the Implementation that we have seen here, has a kernel level implementation of the file system. • Certain implementations have also user level daemons running that call the kernel level programs ( e.g.: NFS) • I am just describing one system architecture, each of the project team has to come up with their own creative designs.

  18. Example -- General System Architecture This blocks data size Encrypted Data Area KeyID Each Blocks max Data size Block Size User Accessible Memory read() write() Key DB Key Encryption and Decryption Process

  19. Design Issues..areas to be looked on... • The file pointer issues. • Buffer overflow problems – how are you going to deal with this. • Key Management – An area worth thinking about how you will manage your keys. • What effect does the process like read and write have on the files? • How are you going to define your system policy? • Problems related with revocation, change ownership etc.

  20. Refer to some other EFS systems • As mentioned in the related work slide • StegFS: A Steganographic File System for Linux, University of Cambridge. • CFS: Cryptographic File System, Temple University. • SFS: Secure File system, University of Minnesota and StorageTek. • TCFS :Transparent Cryptographic File System University of Salerno (Italy).

  21. Sample EFS demo sites • You can run and see how the EFS works, I am listing some sample sites: • http://www.geocities.com/openpgp/linux_en.html • http://www.linux.se/doc/lasg-www/encryption/

  22. My help session topics • Temporarily, I have the following schedule for the help session before project due: • Location: Star Lab in CST 1-120 • Time: The following afternoons 1:00~4:00pm • Schedule*: • 04/14: AES algorithms • 04/21: Mounting your file system • 04/28: File system management • 05/05: Last minute rush * May change according to your feedback

  23. Thank you & Good luck!

More Related