Research And Implementation Of Bidirectional Transparent File Encryption System Based On IBE And FUSE

With the development of the times,people use computers to improve their work efficiency,and the harm caused by the data leakage is becoming more and more serious.Transparent file encryption technology has become one of the important means to protect the security of file data.The technology can ensure the security of local files.With this technology,files are encrypted and decrypted automatically while they are being used,without affecting the users' file using habits.Many companies use transparent file encryption technology to protect file data security.In transparent file encryption systems,processes are divided into trusted processes and non-trusted processes.When a trusted process and a non-trusted process operate the same file alternately,the cache of the file is cleaned correspondingly,so as to ensure the right data is in the cache,which greatly reduces the efficiency of file operations.At the same time,most of the file encryption systems only protect the files in a specific directory,it does not meet the requirements of the new file encryption,i.e.,the users hope that files in the disk are always plaintext,and some special applications read the encrypted data.To address the problems with the current transparent file encryption technology and solve the new requirements of file encryption,this thesis propose a bidirectional transparent file encryption system which is based on IBE and FUSE(File System in User Space).The bidirectional transparent file encryption system is divided into two modules,the file redirection filter module,and the FUSE file system module.The file redirection driver redirects the operation of the target file to the virtual disk of FUSE,and the FUSE will operate the original file on the local disk.The file data encryption and decryption are implemented in the FUSE user space component.At the same time,files are encrypted by randomly generated key(AES symmetric key).In order to protect the key,the symmetric key is encrypted by an asymmetric key based on identity(IBE).To improve the efficiency of reading and writing encrypted files,this thesis designs two different cache mechanisms in the FUSE.The main innovations of this thesis include:(1)To avoid cleaning the system file cache frequently,file redirection is adopted to transfer file operations to FUSE.All processes no matter trusted or non-trusted processes share the same Windows file system cache with ciphertext or plaintext in it,when they access the same file at the same time.As a result,constant cache cleaning is avoided when trusted processes and non-trusted processes operate the same file at the same time.(2)According to the new requirement,the thesis designs and implements a new way of bidirectional encryption,and it can protect all the files on the disk.Bidirectional encryption can not only protect the files in the security directory,but can also achieve a reverse encryption protection for those plaintext files in the non-security directory.