Cryptographic File Systems Performance: What You Don’t Know Can Hurt You

Securing data is more important than ever, yet cryptographic file systems still have not received wide use. One barrier to the adoption of cryptographic file systems is that the performance impact is assumed to be too high, but in fact is largely unknown. In this paper we first survey available cryptographic file systems. Second, we perform a performance comparison of a representative set of the systems, emphasizing multiprogrammed workloads. Third, we discuss interesting and counterintuitive results. We show the overhead of cryptographic file systems can be minimal for many real-world workloads, and suggest potential improvements to existing systems. We have observed not only general trends with each of the cryptographic file systems we compared but also anomalies based on complex interactions with the operating system, disks, CPUs, and ciphers.

[1]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[2]  Brian D. Noble,et al.  Zero-interaction authentication , 2002, MobiCom '02.

[3]  Andrea C. Arpaci-Dusseau,et al.  Controlling Your PLACE in the File System with Gray-box Techniques , 2003, USENIX Annual Technical Conference, General Track.

[4]  David Robinson,et al.  NFS version 4 Protocol , 2000, RFC.

[5]  Erez Zadok Linux NFS and Automounter Administration (Craig Hunt Linux Library Series) , 2001 .

[6]  Erez Zadok,et al.  Fast Indexing: Support for Size-Changing Algorithms in Stackable File Systems , 2001, USENIX Annual Technical Conference, General Track.

[7]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[8]  Erez Zadok,et al.  Cryptfs: A Stackable Vnode Level Encryption File System , 1998 .

[9]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[10]  Rajeev Nagar,et al.  Windows NT file system internals - a developer's guide: building NT file system drivers , 1997 .

[11]  Ray Bryant,et al.  PenguinOMeter: A New File-I/O Benchmark for Linux , 2001, Annual Linux Showcase & Conference.

[12]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[13]  Elaine B. Barker,et al.  Report on the Development of the Advanced Encryption Standard (AES) , 2001, Journal of research of the National Institute of Standards and Technology.

[14]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[15]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[16]  Erez Zadok Linux NFS and Automounter Administration , 2001 .

[17]  Markus G. Kuhn,et al.  StegFS: A Steganographic File System for Linux , 1999, Information Hiding.

[18]  Jianyi Lin,et al.  Computer crime and security survey , 2002 .

[19]  Angelos D. Keromytis,et al.  The Design of the {OpenBSD} Cryptographic Framework , 2003, USENIX Annual Technical Conference, General Track.

[20]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[21]  Mark Russinovich,et al.  Inside Microsoft Windows 2000 , 2000 .

[22]  Margo I. Seltzer,et al.  NFS Tricks and Benchmarking Traps , 2003, USENIX Annual Technical Conference, FREENIX Track.

[23]  Erez Zadok,et al.  FIST: a language for stackable file systems , 2000, OPSR.

[24]  John Ioannidis,et al.  The CryptoGraphic Disk Driver , 2003, USENIX Annual Technical Conference, FREENIX Track.