Title :
CRUST: Cryptographic Remote Untrusted Storage without Public Keys
Author :
Geron, Erel ; Wool, Avishai
Author_Institution :
Tel Aviv Univ., Tel Aviv
Abstract :
This paper presents CRUST, a stackablefile system layer designed to provide secure file sharing over remote untrusted storage systems. CRUST is intended to be layered over insecure network file systems without changing the existing systems. In our approach, data at rest is kept encrypted, and data integrity and access control are provided by cryptographic means. Our design completely avoids public-key cryptography operations and uses more efficient symmetric-key alternatives to achieve improved performance. As a generic and self-contained system, CRUST includes its own in-band key distribution mechanism and does not rely on any special capabilities of the server or the clients. We have implemented CRUST as a Linux file system and shown that it performs comparably with typical underlying file systems, while providing significantly stronger security.
Keywords :
Linux; authorisation; cryptography; peer-to-peer computing; CRUST; Linux file system; access control; cryptographic remote untrusted storage; data integrity; insecure network file systems; public-key cryptography operations; secure file sharing; stackablefile system layer; Access control; Data security; File servers; File systems; Linux; Network servers; Peer to peer computing; Public key; Public key cryptography; Secure storage;
Conference_Titel :
Security in Storage Workshop, 2007. SISW '07. Fourth International IEEE
Conference_Location :
San Diego, CA
Print_ISBN :
978-0-7695-3052-9
DOI :
10.1109/SISW.2007.9
