Research And Implementation For Cryptographic File System Based On Kylin Operating System

With the development of computer science and the development of communication technology, Information Security was becoming more and more important. Keeping information in secret is an important means to guarantee information security by prohibiting invalid person from achieving secrecy. By encrypting, peoples can store their important data in insecure computers, or can transfer these data in insecure network environment. But, it is important issue to study how to enhance the security and to reduce the negative influence on the system made by cryptography.Traditional cryptographic file systems are low security, bad convenience and usability. The inconvenience of current cryptographic systems contributes to their lack of widespread adoption. In this paper, I analysed core technology and implementation mechanism of traditional cryptographic file system. Afterward, I introduced a new encrypted file system-Virtual Secure File System (VSFS) which be developmented on Kylin operating system. In VSFS, there are three most important entities: file storage server, client, and SSH server. The file storage server only saves the file's encrypted data and executes encrypting or decrypting operation. The SSH server takes charge in the authenticating of user's identity. Users use clients to access their files on Internet. All the data transferred between the client and the file storate server is encrypted data, and one cannot get the clear data if he doesn't have a key.VSFS secures system security, convenience and usability from several aspects: Firstly, three layers encrypting/decrypting structure, together with smardcard secure file data. Secondly, all the data transferred by net are encrypted data and verified intergrity. Thirdly, each file has its own key. This key is protected by user's secret key or safe box key and stored with the file. Fourthly, VSFS implements as stackable vnode level structure, and not modify any structure on kernel file system. Fifthly VSFS makes encryption or decryption transparent to the users. Security model completes encrypting or decrypting automatically.At the end of this paper, I deeply analyzed and tested the security, feature and the efficiency of the system, which proved that VSFS's architecture can greatly improve the system's security, convenience and also have a better performance.