论文信息 - A Novel Cryptographic Framework for Cloud File Systems and CryFS, a Provably-Secure Construction

A Novel Cryptographic Framework for Cloud File Systems and CryFS, a Provably-Secure Construction

Using the cloud to store data offers many advantages for businesses and individuals alike. The cloud storage provider, however, has to be trusted not to inspect or even modify the data they are entrusted with. Encrypting the data offers a remedy, but current solutions have various drawbacks. Providers which offer encrypted storage themselves cannot necessarily be trusted, since they have no open implementation. Existing encrypted file systems are not designed for usage in the cloud and do not hide metadata like file sizes or directory structure, do not provide integrity, or are prohibitively inefficient. Most have no formal proof of security. Our contribution is twofold. We first introduce a comprehensive formal model for the security and integrity of cloud file systems. Second, we present \(\mathsf {CryFS}\), a novel encrypted file system specifically designed for usage in the cloud. Our file system protects confidentiality and integrity (including metadata), even in presence of an actively malicious cloud provider. We give a proof of security for these properties. Our implementation is easy and transparent to use and offers performance comparable to other state-of-the-art file systems.

[1] Erez Zadok,et al. Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[2] Dieter Gollmann,et al. Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[3] Chanathip Namprempre,et al. Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[4] Yehuda Lindell,et al. Introduction to Modern Cryptography , 2004 .

[5] David Cash,et al. Dynamic Proofs of Retrievability Via Oblivious RAM , 2013, Journal of Cryptology.

[6] Anne Kaldewaij,et al. A Simple, Efficient, and Flexible Implementation of Flexible Arrays , 1995, MPC.

[7] Melissa Chase,et al. Substring-Searchable Symmetric Encryption , 2015, Proc. Priv. Enhancing Technol..

[8] Louiza Khati,et al. Full Disk Encryption: Bridging Theory and Practice , 2017, CT-RSA.

[9] Yihua Zhang,et al. Efficient Dynamic Provable Possession of Remote Data via Update Trees , 2016, TOS.

[10] Matthias Huber,et al. Closing the Gap: A Universal Privacy Framework for Outsourced Data , 2015, BalkanCryptSec.

[11] Ivan Damgård,et al. Universally Composable Disk Encryption Schemes , 2005, IACR Cryptol. ePrint Arch..

[12] Kristian Gjøsteen. Security Notions for Disk Encryption , 2005, ESORICS.