Cryptology ePrint Archive: Report 2007/267

CRUST: Cryptographic Remote Untrusted Storage without Public Keys

Erel Geron and Avishai Wool

Abstract: This paper presents CRUST, a stackable file system layer designed to provide secure file sharing over remote untrusted storage systems. CRUST is intended to be layered over insecure network file systems without changing the existing systems.

In our approach, data at rest is kept encrypted, and data integrity and access control are provided by cryptographic means. Our design completely avoids public-key cryptography operations and uses more efficient symmetric-key alternatives to achieve improved performance. As a generic and self-contained system, CRUST includes its own in-band key distribution mechanism and does not rely on any special capabilities of the server or the clients.

We have implemented CRUST as a Linux file system and shown that it performs comparably with typical underlying file systems, while providing significantly stronger security.

Category / Keywords: applications / file systems, key management

Date: received 10 Jul 2007

Contact author: yash at eng tau ac il

Available format(s): PDF | BibTeX Citation

Version: 20070710:142056 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]