Nizomiddin Ochilov

DOI: https://doi.org/10.37394/23202.2022.21.24

2022-11-24

WSEAS TRANSACTIONS ON SYSTEMS

Abstract:The relevance of this study is determined by insecure data storage on personal computers, as it is the main operating system that performs authentication and file access control. Bypassing these security rules is possible in case of using another open-source operating system on the same personal computer. The aim of this work is the research and development of file encryptors, disk encryptors and file system encryptors. Each of them has its shortcomings which manifest themselves during development. Combining the advantages of file encryptors and file system encryptors helped to overcome those shortcomings. The userspace filesystem library was used for this purpose. The study involved the methods aimed at designing and developing the Udev daemon file system for Linux using the OpenSSL library. The file system design was mathematically modelled and formally verified through a test parser. The file system also has its own authentication and authorization procedures to provide uniform access across multiple operating systems. The Udev daemon file system is the result of this work. Each file is encrypted with a separate key to protect against cryptanalysis. This key is encrypted with the owner’s private key, thereby enabling him/her to change the ownership. The passphrase is used to decrypt the user’s private key. The developed file system has passed authentication and access control testing successfully. The file system shows best performance with file sizes 1 KB to 256 MB. Encryption-caused performance degradation was also measured and found to be within acceptable limits. This Udev daemon stackable file system is available for all Unix clones with OpenSSL libraries. The prospects for further work are the development of a file system using several combined methods from a list of existing design and development methods for file systems.

顾正义,黄皓

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.14.050

2009-01-01

Abstract:To solve the problem of file encryption storage in Windows system, the system's lack of Windows EFS is analyzed. In-depth studied key technologies used on development of a file system filter driver, including data processing of I/O request packet in the filter driver, tracing file statues, avoid the system re-entry. Using the teelmology of file system filter driver, a new enerypting file system is designed and implemented. The system is completely transparent to the users. It encrypt specified files, folders or a certain type of files according to the policy placed flexibly by the users. It supports different kinds of file system such as NTFS and FAT. It can also select the encryption algorithm according to the policy. Experiments show that the system has good performance and extend the Windows EFS in both features and applications.

LIN Hao-xiang,DONG Yuan,ZHANG Wei,ZHANG Su-qin,HU Chang-jun

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.01.026

2007-01-01

Abstract:Recently it has been a focus to protect personal sensitive information. Using cryptographic technique is a promising way. This paper describes the design and implementation of Waycryptic, a versatile cryptographic file system for Linux. By integrating cryptographic technique into file system level, users obtain transparent, dynamic, efficient and secure encryption function without modifying their applications. Encrypted files could be saved on any physical file system which supports extended attributes (XATTR). Waycryptic also permits encrypted files to be shared among multi users and to be easily recovered by designating an account in advance. The results of Iozone and Bonnie benchmarks show that Waycryptic is comparatively efficient and is suitable for personal or multi-user systems which require enhanced security.

LIU Wei-peng,HU Jun,LIU Yi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2008.11.026

2008-01-01

Computer Science

Abstract:Encrypted file system is an effective method to protect sensitive data of system and user from disclosing on operating system level.This paper first investigates several famous encrypted file system and points out their limits,such as use method,key protection,management and performance,then discusses a scheme of transparent encrypted and decrypted file system based on UsbKey from design objective,architecture,and implementation.This scheme is based on Linux operating system,at the same time,uses UsbKey to storage and protect key.Using LSM framework and redirecting the "read" and "write" operation of inode implement transparent encrypted and decrypted function.This paper gives some lights on the research and implementation of transparent encrypted and decrypted file system in Linux.

Xu Guodong,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1007-757X.2006.05.020

2006-01-01

Abstract:In this paper, we firstly introduce a symmetric algorithm Crypto system and Public Key Cryptosystem with the Key Management. Then we propose an Encrypted File System under Windows, and analyze its availability and security.

Brijender Kahanwal,Dr. Tejinder Pal Singh,Dr. R. K. Tuteja

DOI: https://doi.org/10.48550/arXiv.1311.3686

2013-11-13

Operating Systems

Abstract:Security is a critical issue of the modern file and storage systems, it is imperative to protect the stored data from unauthorized access. We have developed a file security system named as Java File Security System (JFSS) [1] that guarantee the security to files on the demand of all users. It has been developed on Java platform. Java has been used as programming language in order to provide portability, but it enforces some performance limitations. It is developed in FUSE (File System in User space) [3]. Many efforts have been done over the years for developing file systems in user space (FUSE). All have their own merits and demerits. In this paper we have evaluated the performance of Java File Security System (JFSS). Over and over again, the increased security comes at the expense of user convenience, performance or compatibility with other systems. JFSS system performance evaluations show that encryption overheads are modest as compared to security.

Yuxiang Chen,Guishan Dong,Chunxiang Xu,Yao Hao,Yue Zhao

DOI: https://doi.org/10.3390/s23208526

IF: 3.9

2023-10-18

Sensors

Abstract:In this paper, we propose a user-friendly encrypted storage scheme named EStore, which is based on the Hadoop distributed file system. Users can make use of cloud-based distributed file systems to collaborate with each other. However, most data are processed and stored in plaintext, which is out of the owner's control after it has been uploaded and shared. Meanwhile, simple encryption guarantees the confidentiality of uploaded data but reduces availability. Furthermore, it is difficult to deal with complex key management as there is the problem whereby a single key encrypts different files, thus increasing the risk of leakage. In order to solve the issues above, we put forward an encrypted storage model and a threat model, designed with corresponding system architecture to cope with these requirements. Further, we designed and implemented six sets of protocols to meet users' requirements for security and use. EStore manages users and their keys through registration and authentication, and we developed a searchable encryption module and encryption/decryption module to support ciphertext retrieval and secure data outsourcing, which will only minimally increase the calculation overhead of the client and storage redundancy. Users are invulnerable compared to the original file system. Finally, we conducted a security analysis of the protocols to demonstrate that EStore is feasible and secure.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yang Jianxin

DOI: https://doi.org/10.3969/j.issn.2095-2783.2011.04.003

2011-01-01

Abstract:Many access control mechanisms are employed in modern operating system to safeguard confidentiality and integrity of data.However,if malicious users can get around these mechanisms,then these mechanisms will be useless.Cryptographic technology should be applied to add a last line of defense.Encrypted file system is one of the important methods,and the storage of file key has top priority in encrypted file system.However,current storage methods of file key cannot satisfy the need of expansibility.A storage method of file key based on extended file attribute is proposed.By implementing this method in ext2 file system we can see that it can be easily integrated into current file systems and satisfy the efficiency requirement of data encryption.

ZHENG Lei,MA Zhao-feng,GU Ming

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.07.006

2007-01-01

Abstract:User-mode encryption systems require users manually do encryption or decryption when they want to access a file,in some of those systems the file may reside in cleartext on disk while the user is actively working on it.Encryption file systems decrease the user interaction and guarantee the files in disk is in cipher-text,but those systems are complex in design and realization.In this paper the encryption system is based on Windows NT driver model and file system filter driver to deal with data on the fly.It overcomes the disadvantages of both usermode encryption systems and encryption file systems.Additionally,through storing the encryption key in the smart card the system security is enhanced.

Fangyong Hou,Dawu Gu,Nong Xiao,Yuhua Tang

DOI: https://doi.org/10.1109/NAS.2008.48

2008-01-01

Abstract:Storage systems are more distributed and more subject to attacks. Cryptographic file system gives a promising way to mitigate the danger of exposing data by using encryption and integrity protection methods and guarantee end-to-end security to clients. This paper describes SRSAE, a generic approach to cryptographic file system, as well as its realization in a distributed data storage environment. SRSAE applies authenticated encryption to each data block transferred between clients and the remote block devices. It provides strong data confidentiality and integrity protections through trusted IV (Initialization Vector) and MAC (Message Authentication Code) comparison. Performance is optimized by buffering IV and MAC locally. Integration into original file system is presented with specific implementation. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to build secure network storage system.

Khairul Muttaqin,J. Rahmadoni

DOI: https://doi.org/10.37385/JAETS.V1I2.78

2020-05-26

Journal of Applied Engineering and Technological Science (JAETS)

Abstract:The times has made human needs are increasing, including information needs. Therefore, sending and storing data through electronic media requires a process that is able to guarantee the security and integrity of the data that requires an encoding process. Encryption is the process of changing an original data into confidential data that cannot be read. Meanwhile, the decryption process is a process where the confidential data received will be converted back into the original data. In this case the Advanced Encryption Standard (AES) algorithm is used as the latest cryptographic algorithm standard. The previous algorithm was considered unable to answer the challenges of the development of communication technology very quickly. AES is a cryptographic algorithm using the Rijndael algorithm that can encrypt and decrypt blocks of data over 128 bits with a key length of 128 bits. In this study the application of AES as a file security system is carried out, where the encryption and decryption process is carried out on the file. In testing the system a trial is performed on all files with different file sizes and for the results of the encryption process (ciphertext) in the form of files with the file format with the *.encrypted extension.

Computer Science

Tobias J. Bauer,Andreas Aßmuth

2024-05-18

Abstract:Modern software engineering trends towards Cloud-native software development by international teams of developers. Cloud-based version management services, such as GitHub, are used for the source code and other artifacts created during the development process. However, using such a service usually means that every developer has access to all data stored on the platform. Particularly, if the developers belong to different companies or organizations, it would be desirable for sensitive files to be encrypted in such a way that these can only be decrypted again by a group of previously defined people. In this paper, we examine currently available tools that address this problem, but which have certain shortcomings. We then present our own solution, Encrypted Container Files (ECF), for this problem, eliminating the deficiencies found in the other tools.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Software Engineering

Mehmet Hüseyin Temel,Boris Skoric,Idelfonso Tafur Monroy

2024-04-04

Abstract:Entropically Secure Encryption (ESE) offers unconditional security with shorter keys compared to the One-Time Pad. In this paper, we present the first implementation of ESE for bulk encryption. The main computational bottleneck for bulk ESE is a multiplication in a very large finite field. This involves multiplication of polynomials followed by modular reduction. We have implemented polynomial multiplication based on the gf2x library, with some modifications that avoid inputs of vastly different length, thus improving speed. Additionally, we have implemented a recently proposed efficient reduction algorithm that works for any polynomial degree. We investigate two use cases: X-ray images of patients and human genome data. We conduct entropy estimation using compression methods whose results determine the key lengths required for ESE. We report running times for all steps of the encryption. We discuss the potential of ESE to be used in conjunction with Quantum Key Distribution (QKD), in order to achieve full information-theoretic security of QKD-protected links for these use cases.

Cryptography and Security

Yang Liu,Songfeng Lu,Youqiao Zhao,Fang Liu

DOI: https://doi.org/10.1115/1.859902.paper282

2011-01-01

Abstract:Considering the safety and the efficiency to transport files containing of sensitive data through internet, an encryption scheme based on the digital envelope technology and digital signature technology is proposed. The file is encrypted by AES while the symmetric key is encrypted using ECC. To ensure data integrity and encryption efficiency, the file is also processed by SHA-1 to get its digest which is then be encrypted by ECC. Moreover, in order to process large files or massive data effectively, a parallel encryption algorithm is proposed. The experiment result shows it performs well and provides a higher encryption speed.

Debajyoti Mukhopadhyay,Gitesh Sonawane,Parth Sarthi Gupta,Sagar Bhavsar,Vibha Mittal

DOI: https://doi.org/10.48550/arXiv.1303.7075

2013-03-28

Cryptography and Security

Abstract:Cloud computing is a term coined to a network that offers incredible processing power, a wide array of storage space and unbelievable speed of computation. Social media channels, corporate structures and individual consumers are all switching to the magnificent world of cloud computing. The flip side to this coin is that with cloud storage emerges the security issues of confidentiality, data integrity and data availability. Since the cloud is a mere collection of tangible super computers spread across the world, authentication and authorization for data access is more than a necessity. Our work attempts to overcome these security threats. The proposed methodology suggests the encryption of the files to be uploaded on the cloud. The integrity and confidentiality of the data uploaded by the user is ensured doubly by not only encrypting it but also providing access to the data only on successful authentication.

Manting Shen,Yinyan Yu,Zhi Tang,Xiaoyu Cui

DOI: https://doi.org/10.1109/compsac.2016.56

2016-01-01

Abstract:Sensitive information leakage in files is one of the biggest concerns in people's life. Considering this situation, people have designed lots of tools to protect sensitive files. However, these specialized tools are not applicable when the user amount is small. This paper proposes a novel light-weight mechanism that provides efficient and fast cryptographic-based file protection to meet the need of small organizations. The highlights are its ability to provide protection for all types of files, and the usage of an efficient access control approach for file sharing. Operations in the directory are monitored in real time and files are protected automatically. Moreover, encryption keys are generated and well preserved by a hierarchical key generation algorithm. For further estimation, we conducted experiments and analyzed the security and performance of our mechanism as well as other file protection software, and then we made a comparison among them. Experimental results show that our mechanism performs well both in security and performance and outperforms those other file protection software when applied in small organizations.

Minal Moharir,A. V. Suresh

DOI: https://doi.org/10.48550/arXiv.1109.4565

2011-08-26

Abstract:The main objective of the paper is to study and develop an efficient method for Hard Disk Drive(HDD) Security using Full Disk Encryption (FDE) with Advanced Encryption Standards(AES) for data security specifically for Personal Computers(PCS) and Laptops . The focus of this work is to authenticate and protect the content of HDD from illegal use. The paper proposes an adaptive methods for protecting a HDD based on FDE. The proposed method is labeled as DiskTrust. FDE encrypts entire content or a single volume on your disk. DiskTrust implements Symmetric key cryptography with, Advanced Encryption Standards. Finally, the applicability of these methodologies for HDD security will be evaluated on a set of data files with different key sizes.

Cryptography and Security

Atul Gonsai,Rashmin Tannna,Riddhi Somaiya

DOI: https://doi.org/10.32985/ijeces.14.4.4

2023-04-26

International journal of electrical and computer engineering systems

Abstract:In this era of smartphones, a huge amount of multimedia files like audio, video, images, animation, and plain text are shared. And with this comes the threat of data being stolen and misused. Most people don’t think about the security of data before uploading it to any platform. Most apps used on smartphones upload our data to their server. Not only this, but other third-party apps can also read that data while it is being transmitted. One solution to this problem is encrypting the data before sharing it and decrypting it back at the other end so that even if it is intercepted in between the transmission, it would be impossible to decrypt it. In this paper, a newly designed hybrid encryption algorithm EMAES that includes the efficiency of MAES (Modified Advanced Encryption Standard) and security of ECC (Elliptic Curve Cryptography) was implemented in MATLAB as well as in android studio 4.0. using a mobile messaging application. Also, it was tested for different speeds and security parameters. Further, it was compared with standard algorithms like the RC4, RC6 and Blowfish as well as with other hybrid algorithms like RC4+ECC, RC6+ECC and Blowfish+ECC. The EMAES was found 30% more efficient in terms of encryption and decryption time. The security of EMAES also showed improvement when compared with other hybrid algorithms for parameters like SSIM (structural similarity index measure), SNR (Signal to Noise Ratio), PSNR(Peak Signal to Noise Ratio), MSE (Mean Squared Error) and RMSE (Root Mean Squared Error). And finally, no significant improvement was found in the CPU and RAM usage.

Shen Zhirong,Xue Mao,Xue Wei,Shu Jiwu

2011-01-01

Journal of Computer Research and Development

Abstract:With the development of network storage technology,how to protect the shared data from being intruded continues to grow in importance in the untrusted network storage environment.This paper presents the recently researches of shared secure file system and analyzes the Corslet secure file system proposed by our group.We give the description of the roles that play in Corslet and analyze the key approaches that are used in it.Meanwhile,this paper evaluates the performance of Corslet secure file system and takes some measures to optimize performance.By evaluating the operation of reading/writing big files in Corslet,we draw the conclusion that cryptographic overhead accounts for most of the overhead caused by reading writing operation.According to the conclusion,two optimizations are proposed which are to make improvement on the implementation of cryptographic algorithms and to use the new API of cryptographic functions.With the original Corslet secure file system optimizated by the two optimizations,the performance of reading/writing improve by 16% to 20% and 5% to 12% respectively evaluated by the benchmark of IOzone.

David Galindo,Jia Liu,Chris McMahon Stone,Mihai Ordean

DOI: https://doi.org/10.48550/arXiv.2111.12456

2021-11-24

Abstract:File-based encryption (FBE) schemes have been developed by software vendors to address security concerns related to data storage. While methods of encrypting data-at-rest may seem relatively straightforward, the main proponents of these technologies in mobile devices have nonetheless created seemingly different FBE solutions. As most of the underlying design decisions are described either at a high-level in whitepapers, or are accessible at a low-level by examining the corresponding source code (Android) or through reverse-engineering (iOS), comparisons between schemes and discussions on their relative strengths are scarce. In this paper, we propose a formal framework for the study of file-based encryption systems, focusing on two prominent implementations: the FBE scheme used in Android and Linux operating systems, as well as the FBE scheme used in iOS. Our proposed formal model and our detailed description of the existing algorithms are based on documentation of diverse nature, such as whitepapers, technical reports, presentations and blog posts, among others. Using our framework we validate the security of the existing key derivation chains, as well as the security of the overall designs, under widely-known security assumptions for symmetric ciphers, such as IND-CPA or INT-CTXT security, in the random-oracle model.

Cryptography and Security