Cryptree: A Folder Tree Structure for Cryptographic File Systems

We present Cryptree, a cryptographic tree structure which facilitates access control in file systems operating on untrusted storage. Cryptree leverages the file system's folder hierarchy to achieve efficient and intuitive, yet simple, access control. The highlights are its ability to recursively grant access to a folder and all its subfolders in constant time, the dynamic inheritance of access rights which inherently prevents scattering of access rights, and the possibility to grant someone access to a file or folder without revealing the identities of other accessors. To reason about and to visualize Cryptree, we introduce the notion of cryptographic links. We describe the Cryptrees we have used to enforce read and write access in our own file system. Finally, we measure the performance of the Cryptree and compare it to other approaches

[1]  Ricardo Dahab,et al.  Performance of Elliptic Curve Cryptosystems , 2000 .

[2]  Kevin Fu,et al.  Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage , 2006, NDSS.

[3]  Hung-Yu Chien,et al.  New hierarchical assignment without Public Key cryptography , 2003, Comput. Secur..

[4]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[5]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[6]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[7]  Michael K. Reiter,et al.  Lazy verification in fault-tolerant distributed storage systems , 2005, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05).

[8]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[9]  Dennis Shasha,et al.  Don't trust your file server , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[10]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[11]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[12]  Michael Backes,et al.  Secure Key-Updating for Lazy Revocation , 2006, ESORICS.

[13]  Yu-Fang Chung,et al.  A novel key management scheme for dynamic access control in a user hierarchy , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[14]  William Yurcik,et al.  Protecting multimedia data in storage: a survey of techniques emphasizing encryption , 2005, IS&T/SPIE Electronic Imaging.

[15]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[16]  Rodney Van Meter,et al.  Network attached storage architecture , 2000, CACM.

[17]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[18]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[19]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[20]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[21]  Antony I. T. Rowstron,et al.  PAST: a large-scale, persistent peer-to-peer storage utility , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.