Paper 2007/267

CRUST: Cryptographic Remote Untrusted Storage without Public Keys

Erel Geron and Avishai Wool

Abstract

This paper presents CRUST, a stackable file system layer designed to provide secure file sharing over remote untrusted storage systems. CRUST is intended to be layered over insecure network file systems without changing the existing systems. In our approach, data at rest is kept encrypted, and data integrity and access control are provided by cryptographic means. Our design completely avoids public-key cryptography operations and uses more efficient symmetric-key alternatives to achieve improved performance. As a generic and self-contained system, CRUST includes its own in-band key distribution mechanism and does not rely on any special capabilities of the server or the clients. We have implemented CRUST as a Linux file system and shown that it performs comparably with typical underlying file systems, while providing significantly stronger security.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
file systemskey management
Contact author(s)
yash @ eng tau ac il
History
2007-07-10: received
Short URL
https://ia.cr/2007/267
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/267,
      author = {Erel Geron and Avishai Wool},
      title = {{CRUST}: Cryptographic Remote Untrusted Storage without Public Keys},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/267},
      year = {2007},
      url = {https://eprint.iacr.org/2007/267}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.