Abstract
One of the few quantitative metrics used to evaluate the security of a cryptographic file system is the key length of the encryption algorithm; larger key lengths correspond to higher resistance to brute force and other types of attacks. Since accepted cryptographic design principles dictate that larger key lengths also impose higher processing costs, increasing the security of a cryptographic file system also increases the overhead of the underlying cipher.
We present a general approach to effectively extend the key length without imposing the concomitant processing overhead. Our scheme is to spread the ciphertext inside an artificially large file that is seemingly filled with random bits according to a key-driven spreading sequence. Our prototype implementation, CamouflageFS, offers improved performance relative to a cipher with a larger key-schedule, while providing the same security properties. We discuss our implementation (based on the Linux Ext2 file system) and present some preliminary performance results. While CamouflageFS is implemented as a stand-alone file system, its primary mechanisms can easily be integrated into existing cryptographic file systems.
Chapter PDF
References
Anderson, R., Needham, R., Shamir, A.: The Steganographic File System. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 73–82. Springer, Heidelberg (1998)
Anderson, R.J.: Stretching The Limits of Steganography. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 39–48. Springer, Heidelberg (1996)
Blaze, M.: A Cryptographic File System for Unix. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (November 1993)
Bovet, D.P., Cesati, M.: Understanding the Linux Kernel: From I/O Ports to Process Management, 2nd edn. O’Reilly, Sebastopol (2003)
Cattaneo, G., Persiano, G.: Design and Implementation of a Transparent Cryptographic File System For Unix. Technical report (July 1997)
Dabek, F., Kaashoek, F., Morris, R., Karger, D., Stoica, I.: Wide-Area Cooperative Storage with CFS. In: Proceedings of ACM SOSP, Banff, Canada (October 2001)
Hand, S., Roscoe, T.: Mnemosyne: Peer-to-Peer Steganographic Storage. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems (March 2002)
Jaeger, A.: Large File Support in Linux (July 2003)
Kamp, P.-H.: GBDE - GEOM Based Disk Encryption. In: BSDCon 2003 (September 2003)
Keromytis, A.D., Wright, J.L., de Raadt, T.: The Design of the OpenBSD Cryptographic Framework. In: Proceedings of the USENIX Annual Technical Conference (June 2003)
Lehmer, D.: Mathematical Methods in Large-scale Computing Units. In: Proc. 2nd Sympos. on Large-Scale Digital Calculating Machinery, pp. 141–146. Harvard University Press, Cambridge (1949)
Ludwig, S., Kalfa, W.: File System Encryption with Integrated User Management. Operating Systems Review 35 (October 2001)
McDonald, A.D., Kuhn, M.G.: Stegfs: A Stegonographic File System for Linux. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 463–477. Springer, Heidelberg (2000)
Petitcolas, F.A., Anderson, R., Kuhn, M.G.: Information Hiding–ASurvey. Proceedings of the IEEE, special issue on protection of multimedia content 87, 1062–1078 (1999)
Schneier, B.: Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish). In: Fast Software Encryption, Cambridge Security Workshop Proceedings, December 1993, pp. 191–204. Springer, Heidelberg (1993)
Stein, C., Tucker, M., Seltzer, M.: Building a Reliable Mutable File System on Peer-to-peer Storage
Stephenson, N.: Cryptonomicon. Avon Books (1999)
Zadok, E., Badulescu, I., Shender, A.: Cryptfs: A Stackable Vnode Level Encryption File System. In: Proceedings of the USENIX Annual Technical Conference (June 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Locasto, M.E., Keromytis, A.D. (2004). CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap. In: Jakobsson, M., Yung, M., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol 3089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24852-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-24852-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22217-0
Online ISBN: 978-3-540-24852-1
eBook Packages: Springer Book Archive