Presentation is loading. Please wait.

Presentation is loading. Please wait.

Charles P. Wright, Michael C. Martino, and Erez Zadok Stony Brook University NCryptfs A Secure and Convenient Cryptographic.

Published byLeonard Newton Modified over 9 years ago

Similar presentations

Presentation on theme: "Charles P. Wright, Michael C. Martino, and Erez Zadok Stony Brook University NCryptfs A Secure and Convenient Cryptographic."— Presentation transcript:

1 Charles P. Wright, Michael C. Martino, and Erez Zadok Stony Brook University http://www.fsl.cs.sunysb.edu/ NCryptfs A Secure and Convenient Cryptographic File System

2 6/13/2003NCryptfs - USENIX 20032 Motivation Securing data is crucial  Millions of dollars lost due to breaches  Data is irreplaceable and sensitive Software to secure data not in wide use  Inconvenient and Unintuitive  Conflicts with other software Our primary goals  Ensure data confidentiality  Security, Convenience, and Performance

3 6/13/2003NCryptfs - USENIX 20033 Threat Model (Laptop) Hard Disk File System Application Cleartext Application NCryptfs File System Hard Disk Ciphertext

4 6/13/2003NCryptfs - USENIX 20034 Threat Model (NFS) Disk Based File System NFS Server Network Application CLIENT SERVER NFS Client Cleartext Application NCryptfs NFS Client Network NFS Server Disk Based File System Ciphertext

5 6/13/2003NCryptfs - USENIX 20035 Related Work CFS  User-level NFS server Very portable  Network/Data Copy Overhead TCFS  Kernel-mode NFS client Works with any NFS Server  Network Overhead BestCrypt  Kernel-mode loop back device Simple interface, good performance  Loses per-file information

6 6/13/2003NCryptfs - USENIX 20036 Related Work (cont’d) EFS  Windows NT extension to NTFS driver Well integrated into kernel and GUI  Only one file system and OS StegFS Not only ensures confidentiality, but also employs steganography  Poor performance (up to factor of 200) Cryptfs  Precursor to NCryptfs Portable kernel-mode stackable file system  Simple proof-of-concept file system

7 6/13/2003NCryptfs - USENIX 20037 Design Goals Security  Use strong encryption to keep data confidential Convenience  Three groups:  Users  System Administrators  Programmers Performance  Designed as a kernel-space file system Portability  Using stackable file systems as a basis

8 6/13/2003NCryptfs - USENIX 20038 The Players System Administrator  Trusted to install NCryptfs  Not trusted with encryption keys Owners  Control the encryption key Readers and Writers  Do not have the encryption key  Can delegate permissions  The owner is implicitly a reader or writer

9 6/13/2003NCryptfs - USENIX 20039 Basic Usage /home/mike/secrets/mnt/ncryptfs/mike This is a secret. Please don't tell. foo.txt ZJ8HxPh+K6Nx9bCqUJ-q9gMl g©2`è°¦N,ÚÂíá¼ ±f´ |×É`¹m Encrypting Decrypting

10 6/13/2003NCryptfs - USENIX 200310 System Architecture Stackable file system implementation  Based on Cryptfs from FiST  Works with any low-level file system  Transparent to applications  Cipher agnostic Kernel changes for security  Process on-exit callbacks  Cache cleaning Linux 2.4 prototype (2.4.18 – 2.4.20)

11 6/13/2003NCryptfs - USENIX 200311 How Stacking Works EXT2FS USER KERNEL User process data & error codes read() System Call Interface File System Interface ext2fs_read() ncryptfs_read() data & error codes NCryptfs

12 6/13/2003NCryptfs - USENIX 200312 Name Space Conflicts Ciphertext ACiphertext B K1K1 K2K2 foobar K3K3

13 6/13/2003NCryptfs - USENIX 200313 Attaches Associates a lower-level directory to a name within NCryptfs  Ex: /mnt/ncryptfs/mike attaches to /home/mike/secrets Like a user-mode mount Separates name space (no dentry conflicts) Scalable, doesn’t require root privileges Each attach has private data  Encryption Key  Authorizations  Permissions, Scope, and Authentication Criteria  Active Sessions

14 6/13/2003NCryptfs - USENIX 200314 Permissions Authorizations and Active Sessions  Read, Write, and Execute  Detach  Add an Authorization  List Authorizations  Delete an Authorization  Revoke an Active Session  List Active Sessions  Bypass VFS Permissions Mount points have two additional permissions  Attach  Authenticate

15 6/13/2003NCryptfs - USENIX 200315 Timeouts Keys, Authorizations, and Active Sessions Options on timeout:  All operations fail  Opening a file fails  All operations block (sleep)  Opening a file blocks A user-space helper program can be called to execute on timeout  e.g., integrate into graphical file browser

16 6/13/2003NCryptfs - USENIX 200316 Groups Standard UNIX Groups  Supported as a first class entity, like a user Ad-hoc Groups  Add multiple authorizations for each entity  No system administrator intervention required  But: by default NCryptfs respects the lower-level file system’s permissions

17 6/13/2003NCryptfs - USENIX 200317 Bypass VFS Permissions EXT2FS USER KERNEL User process data & error codes unlink() ext2fs_unlink() ncryptfs_unlink() data & error codes NCryptfs Permission Check nc_preop()nc_fixup() UID=CPW User CPW Permitted? UID==Owner?

18 6/13/2003NCryptfs - USENIX 200318 On-Exit Callbacks Expunge private user info on process exit. Advantages over alternatives:  Efficiency: no periodic scans of lists  Security: no gap between process death and cleanup NCryptfs uses on-exit callbacks to  purge active sessions and authorizations  challenge-response authentication  the task-private data creates a session between a user process and the kernel

19 6/13/2003NCryptfs - USENIX 200319 Cache Cleaning Cleartext information is left in page, inode, and dentry caches  Improves performance  But: leaves cleartext information available to an attacker Periodically expunge private information  Pages  All pages are evicted  Inodes and Directory entries  Unused inodes and dentries are evicted

20 6/13/2003NCryptfs - USENIX 200320 Evaluation Compare CFS, TCFS, BestCrypt, and NCryptfs Null mode and 128 bit Blowfish Encryption Test Platform  Linux 2.4.18 for CFS, BestCrypt, and NCryptfs  Linux 2.2.17 for TCFS (latest available)  1.7Ghz Pentium IV  128 MB of RAM  Western Digital Caviar 30 GB 7200RPM IDE Disk Each test was run 10 times with an observed standard deviation of less than 5%

21 6/13/2003NCryptfs - USENIX 200321 Performance – General Purpose Am-Utils Compile: Model User Behavior

22 6/13/2003NCryptfs - USENIX 200322 Performance – I/O Intensive Postmark: Simulates Busy Mail Server

23 6/13/2003NCryptfs - USENIX 200323 Current Status Data integrity assurance GUI Management Tool

24 6/13/2003NCryptfs - USENIX 200324 Future Work Key management  Lockbox Mode  Centralized Key Servers  Threshold secret sharing Protecting metadata Expand kernel event mechanisms  e.g., trap setuid changes Centralized stacking-aware cache manager

25 Charles P. Wright, Michael C. Martino, and Erez Zadok Stony Brook University http://www.fsl.cs.sunysb.edu/ Questions? NCryptfs: A Secure and Convenient Cryptographic File System

26 6/13/2003NCryptfs - USENIX 200326 System Components EXT2FS Application NCryptfs VFS NFS Application Caches On-Exit Callback Linux Kernel Blowfish AES 3DES …

27 6/13/2003NCryptfs - USENIX 200327 Scope of Kernel Changes Task on-exit callback  New Kernel Source File:165 Lines  Kernel Patch: 164 Lines Cache Cleaning  Kernel Patch: 141 Lines

28 6/13/2003NCryptfs - USENIX 200328 Filename Encryption MD5-32TypeFilename 4 Bytes1 ByteN Bytes Encrypted Filename 5+N Bytes Key Cipher Base64 Encoded Filename ceil((4/3)*(5+N)) Bytes Base64 Encoding

29 6/13/2003NCryptfs - USENIX 200329 NCryptfs vs. LSM LSM provides authorization and accounting hooks before and after operations (VFS, networking, etc.) LSM Modules implement an access control policy using a subset of these hooks  SELinux, LIDS, etc. LSM does not deal with caches Requires intercepting all operations

30 6/13/2003NCryptfs - USENIX 200330 Bypass VFS Permissions EXT2FS USER KERNEL User process data & error codes unlink() ext2fs_unlink() ncryptfs_unlink() data & error codes NCryptfs Permission Check nc_preop()nc_fixup()

Download ppt "Charles P. Wright, Michael C. Martino, and Erez Zadok Stony Brook University NCryptfs A Secure and Convenient Cryptographic."

Similar presentations

14 Macintosh OS X Internals. © 2005 Pearson Addison-Wesley. All rights reserved The Macintosh Platform 1984 – first affordable GUI Based on Motorola 32-bit.

14 Macintosh OS X Internals. © 2005 Pearson Addison-Wesley. All rights reserved The Macintosh Platform 1984 – first affordable GUI Based on Motorola 32-bit.
E NHANCING F ILE D ATA S ECURITY IN L INUX O PERATING S YSTEM BY I NTEGRATING S ECURE F ILE S YSTEM PTD By, Ravikumar Madam Rajesh Kumar Pal, Indranil.

E NHANCING F ILE D ATA S ECURITY IN L INUX O PERATING S YSTEM BY I NTEGRATING S ECURE F ILE S YSTEM PTD By, Ravikumar Madam Rajesh Kumar Pal, Indranil.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Secure Off Site Backup at CERN Katrine Aam Svendsen.

Secure Off Site Backup at CERN Katrine Aam Svendsen.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Accurate and Efficient Replaying of File System Traces Nikolai Joukov, TimothyWong, and Erez Zadok Stony Brook University (FAST 2005) USENIX Conference.

Accurate and Efficient Replaying of File System Traces Nikolai Joukov, TimothyWong, and Erez Zadok Stony Brook University (FAST 2005) USENIX Conference.
Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.

Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.
Embedded Real-time Systems The Linux kernel. The Operating System Kernel Resident in memory, privileged mode System calls offer general purpose services.

Embedded Real-time Systems The Linux kernel. The Operating System Kernel Resident in memory, privileged mode System calls offer general purpose services.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
Operating Systems.

Operating Systems.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Linux Security.

Linux Security.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.

Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

Similar presentations

Ads by Google