| With the development of computer science and the development of communication technology, Information Security was becoming more and more important. Keeping information in secret is an important means to guarantee information security by prohibiting invalid person from achieving secrete data. Cryptography is an important method to achieve information secrecy. By using encryption, peoples can store their important data in insecure computers, or can transfer these data in insecure network environment. But, introducing cryptography can inevitably impair the system's efficiency. It is an important issue to study how to reduce the negative influence on the system made by cryptography. A very secure system cannot be widely used if it's efficiency is too low.In this paper, I introduced an encrypted file system(EncFS) which be developmented on linux operating system. In EncFS, there are four most important entities: file storage server, client, authentication server and key escrow server. The file storage server only saves the file's encrypted data; the authentication server takes charge in the authenticating of user's identity; the key ecsrow server retain user's key which is dropped by user but perhaps should be used to access file, only when the keys are never used to access files, they can be removed by the key escrow server form the system; users use clients to access their files. All the data transferred between the client and the file storage server are encrypted data, and one cannot get the clear data if he donot have a key. In order to guarantee the system's efficiency, the file storage server only behave as a storage device, all the encryption and decryption operations are performed in the client. By this means, the storage server can work more efficiently and the system performed very well. The four entities of EncFS cooperate to help users to access their files.During the designing of EncFS, I paid more attention to four aspects. Firstly, none of the entities except the client can see file's clear data; Secondly, the file storage server was attached to the network. The client access files directly by network, not by any mid-entity. All the data transferred by net are encrypted dada, eavesdrop can not harm the system's security; Thirdly, each file has its own key. This key is protected by users secret key and stored with the file. One user can get the file's key using his own secret key. Finally, the client and the file storage server should verify the integrity of the data gotten from the opposing entity. Any tamper or resending of the data will be detected and rejected.At the end of this paper, I fully analyzed the security and the efficiency of the system. Proved that EncFS's architecture can greatly improve the system's security and also has a good performance.
|
PDF Full Text Request