| The traditional way of encryption in Linux is to use "crypt" command, or to apply encryption utility. These two ways are complicated and easy to be invaded. Contrary to these, an encryption file system (EFS—Encryption File System) can be designed through combining encryption techniques and file systems in order that EFS can automatically encrypt and decrypt the files or the directories in the system. The process of encryption and decryption is transparent to a user. A legal user can read the contents of files conveniently, but an unauthorized user will not be able to read the contents of files. Thus, the high security of the file system is ensured and sensitive data are protected. Once EFS is conducted, only the authorized user can open and use encrypted files with a key. This is more significant with laptops, portable equipments or network transmission because the encrypted files cannot be opened in case of the portable equipments being stolen or network files being intercepted. Therefore EFS will be able to avoid unauthorized access and letting out secret information with portable equipments being stolen or plain data of network transmission being intercepted.In the traditional development way, some programers usually choose an available file system as the starting point, modify its source code and its bottom device driver, and add wanted functions to the system in order that a file system with special functions is implemented in Linux. However, this approach of development brings about many problems such as long development period, complicated debug, and poor portability. Other programers may choose to develop a file system in user' s mode which is located in user' s space and is easy to be developed and transplanted. However, the biggest problem for this way is that its performance is poor and the loss of the performance can not be tolerated under certain circumstances. Stackable file systems is a way to solve these problems. They are used to insert the file system being developed into the space between VFS(Virtual File System) and the present file system, and at the same time the bottom file system is not involved. This will make development of the file systems much easier and improve the portabililty of the file systems. And high performance of the file systems is acquired since a mode of kernel loadable module is helped to implement stackablefile systems.In this thesis, the author discusses topics mainly including the designing conceptions, the implementing key points and the perfornance evaluation of BEFS (Blowf ish Encryption File System) based on Linux kernel version 2.4. Firstly, the author defines basic concepts of cryptology, encryption file systems and stackable file systems. Secondly, the author introduces FiST(File System Translator)—a file system development tool and how to work with it. Thirdly, the author makes much comparison between several commonly used symmetric encryption algorithms, and selects "Blowfish" as the encryption algorithm for BEFS. Forthly, the author expounds thoroughly the designing conceptions of BEFS, and the key points and details in the implementation of BEFS. Lastly, the author does comparison between BEFS and other relative file systems after making perfornance evaluation of these file systems.Through analysis thoroughly into designing conceptions and implementing methods of BEFS, the author explicates a new way to develop encryption file system with the help of the stackable file system. With this thesis, the author hopes to do his part to the research and development of file systems based on Linux. |
PDF Full Text Request