Research And Implementation For Cryptographic File System Based On Linux Operating System

With the development of computer science and the development of communication technology, Information Security was becoming more and more important. Keeping information in secret is an important means to guarantee information security by prohibiting invalid person from achieving secrecy. By encrypting, peoples can store their important data in insecure computers, or can transfer these data in insecure network environment.Thus,in order to protect the files,cryptographic technology must beintroduced.Files are encrypted and stored as cipher text on the disk.Onlythose who have the keys can get the plain text of the files.This thesis discusses the design and implementation of an encryption file system.This encryption file system can protect files in several aspects,including the confidentiality,the integration,user authentication andcontrolling access to files according to the identity of the user.Files areencrypted by symmetric cryptographic technology to protect the confidentiality. The encryption file system uses message digest technology,digital signature technology and HMAC to protect the integration of the data.It uses public key cryptographic technology to protect symmetric keys and HMAC keys.Users are authenticated by smart cards,and put their privatekeys in the smart cards,which makes it secure.This encryption file system employs the stackable file systemtechnology,which makes it a component between VFS and lower specificfile systems.So it can be used universally. Furthermore,as it locates in theoperating system kernel,applications still access files through system calls,and they aren't aware of any encrypting operations.Therefore, thisencryption file system is transparent to applications and easy to use.The implementation of the encryption file system is under Linux,withthe help of FiST,a stackable file system development platform.FiST lowersthe difficulty of developing the encryption file system.And the generatedsource code can be migrated to other Unix operating systems with just alittle modifications.The major part of the encryption file system is build as akernel module,which can be loaded dynamically when needed.Nomodification or recompilation of Linux kernel is needed.So it's veryconvenient and flexible.At the end of this thesis,the performance of the encryption file systemis tested.The result indicates that the encryption file system not onlyprotects the files but also has good performance.