Paper 2007/267
CRUST: Cryptographic Remote Untrusted Storage without Public Keys
Erel Geron and Avishai Wool
Abstract
This paper presents CRUST, a stackable file system layer designed to provide secure file sharing over remote untrusted storage systems. CRUST is intended to be layered over insecure network file systems without changing the existing systems. In our approach, data at rest is kept encrypted, and data integrity and access control are provided by cryptographic means. Our design completely avoids public-key cryptography operations and uses more efficient symmetric-key alternatives to achieve improved performance. As a generic and self-contained system, CRUST includes its own in-band key distribution mechanism and does not rely on any special capabilities of the server or the clients. We have implemented CRUST as a Linux file system and shown that it performs comparably with typical underlying file systems, while providing significantly stronger security.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- file systemskey management
- Contact author(s)
- yash @ eng tau ac il
- History
- 2007-07-10: received
- Short URL
- https://ia.cr/2007/267
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/267,
author = {Erel Geron and Avishai Wool},
title = {{CRUST}: Cryptographic Remote Untrusted Storage without Public Keys},
howpublished = {Cryptology {ePrint} Archive, Paper 2007/267},
year = {2007},
url = {https://eprint.iacr.org/2007/267}
}