Springer papers

Authors

Genti Daci and Megi Shyle

Abstract

Modern File systems like CLFS (Cryptographic Log Structured File System) are aimed to provide security and confidentiality. Current deployments of such File Systems do not ensure data integrity of the encrypted data that is stored on disk. Due to Kernel bugs, racing conditions and arbitrary dead-locks, CLFS data on the disc can be damaged and also there is always the possibility that system users can modify the encrypted data. That’s why, we considered essential to modify the way keys are stored in the system, as their safe storage is a clue point to the whole protection this system assures. Implementing a Trusted Platform Module is our suggestion to the case. So in this secure environment, our aim lies towards ensuring data integrity on CLFS without compromising the overall performance. This paper considers the standard data verification methods, with the main goal to overcome one of its major limitations, low performance of File System check-summing. CLFS matches our performance expectations, as it performs close enough to non-cryptographic file systems. To improve the performance of the check-summing process we try to study and examine various design choices and propose metadata check-summing. Several tests are made to prove that this added functionality does not significantly affect performance.

Keywords

cryptography data security Log Structured File System metadata check-summing Trusted Platform Module