ImgFS: a transparent cryptography for stored images using a filesystem in userspace

Osama A. KHASHAN; Abdullah M. ZIN; Elankovan A. SUNDARARAJAN

doi:10.1631/FITEE.1400133

PDF(617 KB)

Front. Inform. Technol. Electron. Eng ›› 2015, Vol. 16 ›› Issue (1) : 28-42. DOI: 10.1631/FITEE.1400133

FITEE

ImgFS: a transparent cryptography for stored images using a filesystem in userspace

Author information +

History +

Abstract

Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.

Keywords

Storage image security / Cryptographic file system / Filesystem in userspace (FUSE) / Transparent encryption

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Osama A. KHASHAN, Abdullah M. ZIN, Elankovan A. SUNDARARAJAN. ImgFS: a transparent cryptography for stored images using a filesystem in userspace. Front. Inform. Technol. Electron. Eng, 2015, 16(1): 28‒42 https://doi.org/10.1631/FITEE.1400133

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Amigó, J.M., Kocarev, L., Szczepanski, J., 2007. Theory and practice of chaotic cryptography. Phys. Lett. A, 366(3): 211−216. CrossRef Google scholar

[2]	Bellare, M., Canetti, R., Krawczyk, H., 1996. Message authentication using hash functions—the HMAC construction. RSA Lab. CryptoBytes, 2(1): 1−5.

[3]	Blaze, M., 1993. A cryptographic file system for UNIX. Proc. 1st ACM Conf. on Computer and Communications Security, p. 9−16. CrossRef Google scholar

[4]	Cattaneo, G., Catuogno, L., Sorbo, A.D., , 2001. The design and implementation of a transparent cryptographic filesystem for UNIX. Proc. USENIX Annual Technical Conf., p.199−212.

[5]	Dowdeswell, R.C., Ioannidis, J., 2003. The CryptoGraphic disk driver. Proc. USENIX Annual Technical Conf., p.179−186.

[6]	Gough, V., 2008. EncFS Encrypted Filesystem. Available from https://www.researchgate.net/publication/246060966_EncFS_Encrypted_file_system [Accessed on 2014-Jan.-12].

[7]	Halcrow, M.A., 2005. eCryptfs: an enterprise-class encrypted filesystem for Linux. Proc. Linux Symp., p.201−218.

[8]	Hohmann, C., 2006. CryptoFS. Available from https://github.com/reboot/cryptofs [Accessed on 2014-Jan.-26].

[9]	Jaeger, T., van Oorschot, P.C., Wurster, G., 2011. Countering unauthorized code execution on commodity kernels: a survey of common interfaces allowing kernel code modification. Comput. Secur., 30(8): 571−579. CrossRef Google scholar

[10]	Kerrisk, M., 2013. Linux Programmer’s Manual: Kernel Random Number Source Devices. Available from http://man7.org/linux/man-pages/man4/random.4.html [Accessed on 2014-Feb.-7].

[11]	Kessler, G., 2014. File Signatures Table. Available from http://www.garykessler.net/library/file_sigs.html [Accessed on 2014-Feb.-16].

[12]	Khashan, O.A., Zin, A.M., 2013. An efficient adaptive of transparent spatial digital image encryption. Proc. 4th Int. Conf. on Electrical Engineering and Informatics, p.288−297. CrossRef Google scholar

[13]	Khashan, O.A., Zin, A.M., Sundararajan, E.A., 2014. Performance study of selective encryption in comparison to full encryption for still visual images. J. Zhejiang Univ.-Sci. C (Comput. & Electron.), 15(6): 435−444. CrossRef Google scholar

[14]	Lee, K., Ewe, H., 2007. Multiple hashes of single key with passcode for multiple accounts. J. Zhejiang Univ.-Sci. A, 8(8): 1183−1190. CrossRef Google scholar

[15]	Li, S.B., Jia, X., 2010. Research and application of transparent encrypting file system based on windows kernel. Proc. Int. Conf. on Computational Intelligence and Software Engineering, p.1−4. CrossRef Google scholar

[16]	Ludwig, S., Kalfa, W., 2001. File system encryption with integrated user management. ACM SIGOPS Oper. Syst. Rev., 35(4): 88−93. CrossRef Google scholar

[17]	Ma, J., Li, Z., Li, J., 2010. A novel secure virtual storage device scheme. Proc. IEEE Int. Conf. on Intelligent Computing and Intelligent Systems, p.271−275. CrossRef Google scholar

[18]	Mazières, D., 2001. A toolkit for user-level file systems. Proc. USENIX Annual Technical Conf., p.261−274.

[19]	Mellado, D., Blanco, C., Sánchez, L., , 2010. A systematic review of security requirements engineering. Comput. Stand. Interface, 32(4): 153−165. CrossRef Google scholar

[20]	OpenSSL Project, 2014. OpenSSL Project. Available from https://www.openssl.org/ [Accessed on 2014-Mar.-15].

[21]	Preneel, B., 2011. Modes of operation of a block cipher. In: van Tilborg, H.C.A., Jajodia, S. (Eds.), Encyclopaedia of Cryptography and Security. Springer US, p.789−794. CrossRef Google scholar

[22]	Rajgarhia, A., Gehani, A., 2010. Performance and extension of user space file systems. Proc. ACM Symp. on Applied Computing, p.206−213. CrossRef Google scholar

[23]	Rivest, R., 1992. The MD5 Message-Digest Algorithm. Technical Report No. RFC-1321, MIT Laboratory for Computer Science and RSA Data Security, Inc.

[24]	Schiesser, M., 2005. Complete hard disk encryption using FreeBSD’s GEOM framework. Proc. 4th European BSD Conf. Available from http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf [Accessed on 2014-Feb.-9].

[25]	Shukela, V., 2013. Chaoticfs Project. Available from https://github.com/vi/chaoticfs [Accessed on 2014-3-Mar.].

[26]	Singh, V., Lakshminarasimhaiah, D., Mishra, Y., , 2006. An implementation and evaluation of online disk encryption for windows systems. Proc. 2nd Int. Conf. on Information Systems Security, p.337−348. CrossRef Google scholar

[27]	Sunsoft, 2014. Linux-PAM.

[28]	Szeredi, M., 2010. FUSE: Filesystem in Userspace. Available from http://fuse.sourceforge.net/ [Accessed on 2014-Jan.-13].

[29]	Trusted Computing Group, 2011. TPM Main Part 1: Design Principles. Specification Version 1.2, Revision 116.

[30]	Verma, O.P., Agarwal, R., Dafouti, D., , 2011. Performance analysis of data encryption algorithms. Proc. 3rd Int. Conf. on Electronics Computer Technology, p.399−403. CrossRef Google scholar

[31]	Wright, C.P., Martino, M.C., Zadok, E., 2003. NCryptfs: a secure and convenient cryptographic file system. Proc. USENIX Annual Technical Conf., p.197−210.

[32]	Zhang, X., Liu, F., Chen, T., , 2009. Research and application of the transparent data encryption in intranet data leakage prevention. Proc. Int. Conf. on Computational Intelligence and Security, p.376−379. CrossRef Google scholar