| In order to provide secure file sharing in network, we have designed and implemented a secure network file system KD-SNFS. We adopted the vnode stacking technique to design the KD-SNFS, it adds security functions on NFS. The prototype of KD-SNFS was implemented in Linux, its implementation used the FiST file system code generator. In order to facility the users using the file system, the prototype also contains a user tool program.In Unix environment, KD-SNFS is the only available secure network file system that meets the following requirements: file data is encrypted in storage and transmission, the integrality of the storage and transmission of data are protected, the file system is a kernel module and easy to use, not required authentication server and authentication protocol, high performance.KD-SNFS combines the symmetric-key encryption algorithm and the public-key encryption algorithm to ensure the security of files. The Blowfish symmetric-key encryption algorithm protects the confidentiality of the files, the key and the initialization vector of a file are auto generated by the file system after the file being created. The key and the initialization vector are encrypted with the public key of the user to protect its confidentiality. And the digest of the file is generated with MD5 algorithm, the digest is encrypted with the private key of the user to protect its integrality. These entire information stores in a user key file. The private key of the user stores in a smart card. When using the file system, user only need to provide the right private key, the encryption and the decryption of the files are completely transparent to user.KD-SNFS does not affect the use of normal NFS. KD-SNFS is a kernel module, and is easy to mount. It does not need to modify and compile the kernel. It can be ported to other Unix operating system with only small changes. KD-SNFS has relatively high performance. |
PDF Full Text Request