Improving data integrity and performance of cryptographic structured log file systems

Modern File systems like CLFS (Cryptographic Log Structured File System) are aimed to provide security and confidentiality. Current deployments of such File Systems do not ensure integrity of the encrypted data that is stored on disk. Due to Kernel bugs, racing conditions and arbitrary dead-locks, CLFS data on the disc can be damaged and also there is always the possibility that system users can modify the encrypted data. That´s why, we considered essential to modify the way keys are stored in the system, as their safe storage is a clue point to the whole protection this system assures. Implementing a Trusted Platform Module is our suggestion to the case. So in this secure environment, our aims lies towards ensuring data integrity on CLFS without compromising the overall performance. This paper considers the standard data verification methods, with the main goal to overcome one of its major limitations, low performance of File System check-summing. CLFS matches our performance expectations, as it performs close enough to non-cryptographic file systems. To improve the performance of the check-summing process we try to study and examine various design choices and propose metadata check-summing. Several tests are made to prove that this added functionality does not significantly affect performance.