In our approach, data at rest is kept encrypted, and data integrity and access control are provided by cryptographic means. Our design completely avoids public-key cryptography operations and uses more efficient symmetric-key alternatives to achieve improved performance. As a generic and self-contained system, CRUST includes its own in-band key distribution mechanism and does not rely on any special capabilities of the server or the clients.
We have implemented CRUST as a Linux file system and shown that it performs comparably with typical underlying file systems, while providing significantly stronger security.
Category / Keywords: applications / file systems, key management Date: received 10 Jul 2007 Contact author: yash at eng tau ac il Available format(s): PDF | BibTeX Citation Version: 20070710:142056 (All versions of this report) Short URL: ia.cr/2007/267 Discussion forum: Show discussion | Start new discussion