Cepheus: A New Encrypted File System with Group Sharing and - - PowerPoint PPT Presentation

cepheus a new encrypted file system with group sharing
SMART_READER_LITE
LIVE PREVIEW

Cepheus: A New Encrypted File System with Group Sharing and - - PowerPoint PPT Presentation

Aug 19, 2022 468 likes •596 views

Cepheus: A New Encrypted File System with Group Sharing and Integrity Protection Kevin Fu Course VI-3A April 26, 1999 On-Campus Thesis Advisor: Ron Rivest Bellcore Company Supervisor: S. Rajagopalan 4/26/99 Cepheus: The Cryptographic

slide-1
SLIDE 1

4/26/99 Cepheus: The Cryptographic Storage File System 1

Cepheus: A New Encrypted File System with Group Sharing and Integrity Protection

Kevin Fu

Course VI-3A April 26, 1999

On-Campus Thesis Advisor: Ron Rivest Bellcore Company Supervisor: S. Rajagopalan

slide-2
SLIDE 2

4/26/99 Cepheus: The Cryptographic Storage File System 2

What is Cepheus?

  • Confidentiality and integrity protection of

data stored on a network file system

  • Securely maintain UNIX semantics (file

sharing, random access)

  • NFS drop-in replacement
slide-3
SLIDE 3

4/26/99 Cepheus: The Cryptographic Storage File System 3

Key Problems for Secure Storage

  • Problems:

– Manual encryption cumbersome – Protection against malicious system administrators

  • Solution: Encrypt stored data
  • Side effects:

– Loss of random access to data – No guarantee of integrity

slide-4
SLIDE 4

4/26/99 Cepheus: The Cryptographic Storage File System 4

Client-Side

User Agent

  • Encryption/decryption
  • Integrity check

Client Daemon

  • Cache per user agent
  • Delayed-write-encryption

policy for caching

  • Delayed re-encryption for

distributed re-encryption

slide-5
SLIDE 5

4/26/99 Cepheus: The Cryptographic Storage File System 5

Server-Side

File Server

  • Encrypted storage
  • Hash tree structure

beneath the inode for integrity Authentication Server

  • Key distribution
  • Key recovery
slide-6
SLIDE 6

4/26/99 Cepheus: The Cryptographic Storage File System 6

File Structures

slide-7
SLIDE 7

4/26/99 Cepheus: The Cryptographic Storage File System 7

O(1) Sequential Read of a Block

  • If block not cached,

CD obtains ciphertext block from SD

  • If block not decrypted,

request UA to decrypt

  • If hash path

unauthenticated, compute hashes and AICF

slide-8
SLIDE 8

4/26/99 Cepheus: The Cryptographic Storage File System 8

Writes O(log n)

  • CD writes plaintext

block to cache, not SD

  • When cache flushed:

– Compute hash paths of dirty blocks. – Compute AICF – Write changed hash paths and AICF to SD – Encrypt, send to SD.

slide-9
SLIDE 9

4/26/99 Cepheus: The Cryptographic Storage File System 9

Integrity Failures

  • When an integrity check fails, the client

daemon refuses to serve the file (returns NFS_ERR_IO)

  • User agent notified of integrity check

failure

  • Can attempt recovery of file via user agent
slide-10
SLIDE 10

4/26/99 Cepheus: The Cryptographic Storage File System 10

Performance Results

50 100 Write Read Time (ms) NFS Integrity Confidentiality

slide-11
SLIDE 11

4/26/99 Cepheus: The Cryptographic Storage File System 11

Conclusions

  • Provides efficient random access to

confidential, integrity-protected data

  • Enables secure group sharing
  • Uses a well-understood file system interface
  • Surveys a wide range of cryptographic

storage file systems

slide-12
SLIDE 12

4/26/99 Cepheus: The Cryptographic Storage File System 12

Anticipated Q/A