CryptosFS: Fast Cryptographic Secure NFS
TCD-CS-2000-52.pdf (PDF) 647.4Kb
The issue of security in file-systems is as relevant today as when the first file system was developed. Current file system implementations rely heavily on centralised security mechanisms such as access control lists. The problem of security in file systems was made more complicated by the introduction of remote access to files. Storing information on a remote server has the potential to introduce additional security weaknesses into the file system model. The client, the communication links and the server make up the file system model. The Network File System (NFS) is a widely used and oft maligned file system. Developed by Sun Microsystems in the 1980s it introduced a means to access files remotely. It is by no means the only distributed file systems but it is one of the most widely used. Serious security limitations were identified in the NFS protocol, as the original design did not include a security aspect. Security was added to the NFS protocol by the introduction of secure RPC. The security added was in the form of authentication of users. The distributed file system model that NFS uses is susceptible to attack in the following ways. 1. An attacker who can gain control of the NFS client has the ability to read data and can compromise the confidentiality of the data. If the NFS client has write access, an attacker can also compromise the integrity of the data stored on the server. 2. An attacker who can gain access to the NFS server can compromise the confidentiality of the data stored on the server. The attacker can also compromise the integrity of the data by modifying the data stored on the server. 3. An attacker who can gain access to the network can compromise the confidentiality of data passing over the network. If a client is performing a write operation, the attacker VI can modify the data associated with the write operation and affect the integrity of the operation. The authenticity of information passing between a client and a server is not guaranteed as an attacker who can compromise the integrity of the information can also compromise the authenticity of the information by modifying the data on the fly. CryptosFS is a distributed file system prototype that uses a combination of cryptographic techniques to provide confidentiality, integrity and authenticity of information. Blowfish symmetric-key cryptography is used to encrypt file system data and meta-data. The symmetric-key cryptography provides information confidentiality. Asymmetric-key cryptography and MD5 message digests are used to create digital signatures. Validation of the digital signatures provides authentication and integrity. Authenticity and integrity are ensured by the validation of digital signatures by the NFS server. The NFS server possesses the public-key for each file allowing it to verify read and write requests received from clients. Integrity of the information on the remote server is preserved by not storing the symmetric-keys to encrypt the file data on the server.
Author: O'Shanahan, Declan
Availability:Full text available