ImgFS: a transparent cryptography for stored images using a filesystem in userspace

Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.

[1]  Shaobo Li,et al.  Research and Application of Transparent Encrypting File System Based on Windows Kernel , 2010, 2010 International Conference on Computational Intelligence and Software Engineering.

[2]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[3]  Zhoujun Li,et al.  A novel secure virtual storage device scheme , 2010, 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems.

[4]  Ritu Agarwal,et al.  Peformance analysis of data encryption algorithms , 2011, 2011 3rd International Conference on Electronics Computer Technology.

[5]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[6]  Elankovan A. Sundararajan,et al.  Performance study of selective encryption in comparison to full encryption for still visual images , 2014, Journal of Zhejiang University SCIENCE C.

[7]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[8]  Ljupco Kocarev,et al.  Theory and practice of chaotic cryptography , 2007 .

[9]  Ashish Gehani,et al.  Performance and extension of user space file systems , 2010, SAC '10.

[10]  Hong Tat Ewe,et al.  Multiple hashes of single key with passcode for multiple accounts , 2007 .

[11]  Michael Austin Halcrow eCryptfs: An Enterprise-class Encrypted Filesystem for Linux , 2010 .

[12]  Daniel Mellado,et al.  A systematic review of security requirements engineering , 2010, Comput. Stand. Interfaces.

[13]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[14]  Trent Jaeger,et al.  Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification , 2011, Comput. Secur..

[15]  Abdullah Mohd Zin,et al.  An Efficient Adaptive of Transparent Spatial Digital Image Encryption , 2013 .

[16]  Bart Preneel,et al.  Modes of Operation of a Block Cipher , 2005, Encyclopedia of Cryptography and Security.

[17]  Stefan Ludwig,et al.  File system encryption with integrated user management , 2001, OPSR.

[18]  Vartika Singh,et al.  An Implementation and Evaluation of Online Disk Encryption for Windows Systems , 2006, ICISS.

[19]  Hua Li,et al.  Research and Application of the Transparent Data Encpryption in Intranet Data Leakage Prevention , 2009, 2009 International Conference on Computational Intelligence and Security.

[20]  David Mazières,et al.  A Toolkit for User-Level File Systems , 2001, USENIX Annual Technical Conference, General Track.

[21]  John Ioannidis,et al.  The CryptoGraphic Disk Driver , 2003, USENIX Annual Technical Conference, FREENIX Track.