Full Text:   <1556>

Summary:  <1787>

CLC number: TP309.7

On-line Access: 2014-12-23

Received: 2014-04-08

Revision Accepted: 2014-10-09

Crosschecked: 2014-12-11

Cited: 0

Clicked: 3994

Citations:  Bibtex RefMan EndNote GB/T7714

 ORCID:

Osama A. KHASHAN

http://orcid.org/0000-0003-1965-1869

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2015 Vol.16 No.1 P.28-42

http://doi.org/10.1631/FITEE.1400133


ImgFS: a transparent cryptography for stored images using a filesystem in userspace


Author(s):  Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan

Affiliation(s):  Centre for Software Technology and Management, Faculty of Information Science and Technology, National University of Malaysia (UKM), Bangi 43600, Selangor, Malaysia

Corresponding email(s):   o_khashan@yahoo.com, amz@ftsm.ukm.my, elan@ftsm.ukm.my

Key Words:  Storage image security, Cryptographic file system, Filesystem in userspace (FUSE), Transparent encryption


Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan. ImgFS: a transparent cryptography for stored images using a filesystem in userspace[J]. Frontiers of Information Technology & Electronic Engineering, 2015, 16(1): 28-42.

@article{title="ImgFS: a transparent cryptography for stored images using a filesystem in userspace",
author="Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="16",
number="1",
pages="28-42",
year="2015",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1400133"
}

%0 Journal Article
%T ImgFS: a transparent cryptography for stored images using a filesystem in userspace
%A Osama A. Khashan
%A Abdullah M. Zin
%A Elankovan A. Sundararajan
%J Frontiers of Information Technology & Electronic Engineering
%V 16
%N 1
%P 28-42
%@ 2095-9184
%D 2015
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1400133

TY - JOUR
T1 - ImgFS: a transparent cryptography for stored images using a filesystem in userspace
A1 - Osama A. Khashan
A1 - Abdullah M. Zin
A1 - Elankovan A. Sundararajan
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 16
IS - 1
SP - 28
EP - 42
%@ 2095-9184
Y1 - 2015
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1400133


Abstract: 
Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.

This manuscript describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. It seems that ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The topic of the manuscript is interesting.

ImgFS:一种利用用户空间文件系统的图片存储透明加密技术

目的:透明加密技术克服了传统加密技术中面临的使用方便性、运行效率、安全等级等缺陷。然而已有的透明加密技术依赖于对核数据空间的深度理解。本文提出一种基于用户空间的全透明加密文件系统,有效克服已有的基于用户空间的加密文件系统运行中的不足之处。
创新:提出的ImgFS全透明加密文件系统平衡了图像存储文件的安全等级要求和使用方便性,并且能够克服现有的基于用户空间的加密文件系统的缺陷。
方法:设计ImgFS结构,并在不同规格图像文件下测试其读写性能。将读写时间与标准Ext4下的读写时间进行比较(图5-8);对读写进程中主程序执行时间做进一步分析(图9-11);并将ImgFS的性能与相关工作中的结论进行比较(图12)。
结论:实验结果表明当ImgFS提供更高等级安全性与透明度时,其性能可与已有的基于加密用户空间文件系统的高性能机制相比拟。

关键词:图像存储安全性;加密文件系统;用户空间文件系统;透明加密

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]Amigó, J.M., Kocarev, L., Szczepanski, J., 2007. Theory and practice of chaotic cryptography. Phys. Lett. A, 366(3):211-216.

[2]Bellare, M., Canetti, R., Krawczyk, H., 1996. Message authentication using hash functions—the HMAC construction. RSA Lab. CryptoBytes, 2(1):1-5.

[3]Blaze, M., 1993. A cryptographic file system for UNIX. Proc. 1st ACM Conf. on Computer and Communications Security, p.9-16.

[4]Cattaneo, G., Catuogno, L., Sorbo, A.D., et al., 2001. The design and implementation of a transparent cryptographic filesystem for UNIX. Proc. USENIX Annual Technical Conf., p.199-212.

[5]Dowdeswell, R.C., Ioannidis, J., 2003. The CryptoGraphic disk driver. Proc. USENIX Annual Technical Conf., p.179-186.

[6]Gough, V., 2008. EncFS Encrypted Filesystem. Available from http://www.arg0.net/encfs [Accessed on Jan. 12, 2014].

[7]Halcrow, M.A., 2005. eCryptfs: an enterprise-class encrypted filesystem for Linux. Proc. Linux Symp., p.201-218.

[8]Hohmann, C., 2006. CryptoFS. Available from https://github.com/reboot/cryptofs [Accessed on Jan. 26, 2014].

[9]Jaeger, T., van Oorschot, P.C., Wurster, G., 2011. Countering unauthorized code execution on commodity kernels: a survey of common interfaces allowing kernel code modification. Comput. Secur., 30(8):571-579.

[10]Kerrisk, M., 2013. Linux Programmer’s Manual: Kernel Random Number Source Devices. Available from http://man7.org/linux/man-pages/man4/random.4.html [Accessed on Feb. 7, 2014].

[11]Kessler, G., 2014. File Signatures Table. Available from http://www.garykessler.net/library/file_sigs.html [Accessed on Feb. 16, 2014].

[12]Khashan, O.A., Zin, A.M., 2013. An efficient adaptive of transparent spatial digital image encryption. Proc. 4th Int. Conf. on Electrical Engineering and Informatics, p.288-297.

[13]Khashan, O.A., Zin, A.M., Sundararajan, E.A., 2014. Performance study of selective encryption in comparison to full encryption for still visual images. J. Zhejiang Univ.-Sci. C (Comput. & Electron.), 15(6):435-444.

[14]Lee, K., Ewe, H., 2007. Multiple hashes of single key with passcode for multiple accounts. J. Zhejiang Univ.-Sci. A, 8(8):1183-1190.

[15]Li, S.B., Jia, X., 2010. Research and application of transparent encrypting file system based on windows kernel. Proc. Int. Conf. on Computational Intelligence and Software Engineering, p.1-4.

[16]Ludwig, S., Kalfa, W., 2001. File system encryption with integrated user management. ACM SIGOPS Oper. Syst. Rev., 35(4):88-93.

[17]Ma, J., Li, Z., Li, J., 2010. A novel secure virtual storage device scheme. Proc. IEEE Int. Conf. on Intelligent Computing and Intelligent Systems, p.271-275.

[18]Mazières, D., 2001. A toolkit for user-level file systems. Proc. USENIX Annual Technical Conf., p.261-274.

[19]Mellado, D., Blanco, C., Sánchez, L., et al., 2010. A systematic review of security requirements engineering. Comput. Stand. Interface, 32(4):153-165.

[20]OpenSSL Project, 2014. OpenSSL Project. Available from https://www.openssl.org/ [Accessed on Mar. 15, 2014].

[21]Preneel, B., 2011. Modes of operation of a block cipher. In: van Tilborg, H.C.A., Jajodia, S. (Eds.), Encyclopaedia of Cryptography and Security. Springer US, p.789-794.

[22]Rajgarhia, A., Gehani, A., 2010. Performance and extension of user space file systems. Proc. ACM Symp. on Applied Computing, p.206-213.

[23]Rivest, R., 1992. The MD5 Message-Digest Algorithm. Technical Report No. RFC-1321, MIT Laboratory for Computer Science and RSA Data Security, Inc.

[24]Schiesser, M., 2005. Complete hard disk encryption using FreeBSD’s GEOM framework. Proc. 4th European BSD Conf. Available from http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf [Accessed on Feb. 9, 2014].

[25]Shukela, V., 2013. Chaoticfs Project. Available from https://github.com/vi/chaoticfs [Accessed on Mar. 3, 2014].

[26]Singh, V., Lakshminarasimhaiah, D., Mishra, Y., et al., 2006. An implementation and evaluation of online disk encryption for windows systems. Proc. 2nd Int. Conf. on Information Systems Security, p.337-348.

[27]Sunsoft, 2014. Linux-PAM. Available from http://www.linux-pam.org [Accessed on Feb. 9, 2014].

[28]Szeredi, M., 2010. FUSE: Filesystem in Userspace. Available from http://fuse.sourceforge.net/ [Accessed on Jan. 13, 2014].

[29]Trusted Computing Group, 2011. TPM Main Part 1: Design Principles. Specification Version 1.2, Revision 116.

[30]Verma, O.P., Agarwal, R., Dafouti, D., et al., 2011. Performance analysis of data encryption algorithms. Proc. 3rd Int. Conf. on Electronics Computer Technology, p.399-403.

[31]Wright, C.P., Martino, M.C., Zadok, E., 2003. NCryptfs: a secure and convenient cryptographic file system. Proc. USENIX Annual Technical Conf., p.197-210.

[32]Zhang, X., Liu, F., Chen, T., et al., 2009. Research and application of the transparent data encryption in intranet data leakage prevention. Proc. Int. Conf. on Computational Intelligence and Security, p.376-379.

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2022 Journal of Zhejiang University-SCIENCE