| Cryptographic file system is a new kind of data encrypting storage method. Comparing to the traditional data encryption methods, its most significant improvement lies in security and usability. But cryptographic file system can only serve users of OS, it can't protect data of service application users. So this paper creates a new way to protect data of service application users: use cryptographic file system.In this paper, we introduced cryptographic file system space technique to categorize encrypted data according to their users' system. By letting users from different applications to access data in different cryptographic file system space, service application can use cryptographic file system to protect their data. On this basis, we introduced access control technique to protect shared data between users of service application.This paper also focuses on how to guarantee the security and efficiency of key structure. For reducing the numbers of keys needed to decrypt, a four-level key structure is introduced to reduce the overload of network and user's smartcard while decrypting keys. In case of key leaking in network transmission of decrypting, this paper introduced a secure key decrypting technique which use a key substitute to decrypt through network, the key can keep safe even substitute is stolen.The result of this paper is an implementation of centralized file encryption storage platform, which is shown at the last part. The test of the platform shows techniques in this paper caused loss in I/O efficiency is between 3.4% and 6.6%. |
PDF Full Text Request