Paper 2017/773

A Novel Cryptographic Framework for Cloud File Systems and CryFS, a Provably-Secure Construction

Sebastian Messmer, Jochen Rill, Dirk Achenbach, and Jörn Müller-Quade


Using the cloud to store data offers many advantages for businesses and individuals alike. The cloud storage provider, however, has to be trusted not to inspect or even modify the data they are entrusted with. Encrypting the data offers a remedy, but current solutions have various drawbacks. Providers which offer encrypted storage themselves cannot necessarily be trusted, since they have no open implementation. Existing encrypted file systems are not designed for usage in the cloud and do not hide metadata like file sizes or directory structure, do not provide integrity, or are prohibitively inefficient. Most have no formal proof of security. Our contribution is twofold. We first introduce a comprehensive formal model for the security and integrity of cloud file systems. Second, we present CryFS, a novel encrypted file system specifically designed for usage in the cloud. Our file system protects confidentiality and integrity (including metadata), even in presence of an actively malicious cloud provider. We give a proof of security for these properties. Our implementation is easy and transparent to use and offers performance comparable to other state-of-the-art file systems.

Available format(s)
Publication info
Published elsewhere. DBSec 2017
foundationsapplicationsimplementationcloud securityformal security modelsfile systemssecure data outsourcingsecure cloud storageencrypted file systemintegritygame based security models
Contact author(s)
messmer @ cryfs org
2017-08-14: received
Short URL
Creative Commons Attribution


      author = {Sebastian Messmer and Jochen Rill and Dirk Achenbach and Jörn Müller-Quade},
      title = {A Novel Cryptographic Framework for Cloud File Systems and {CryFS}, a Provably-Secure Construction},
      howpublished = {Cryptology ePrint Archive, Paper 2017/773},
      year = {2017},
      doi = {10.1007/978-3-319-61176-1_23},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.