Cryptology ePrint Archive: Report 2017/773

A Novel Cryptographic Framework for Cloud File Systems and CryFS, a Provably-Secure Construction

Sebastian Messmer and Jochen Rill and Dirk Achenbach and Jörn Müller-Quade

Abstract: Using the cloud to store data offers many advantages for businesses and individuals alike. The cloud storage provider, however, has to be trusted not to inspect or even modify the data they are entrusted with. Encrypting the data offers a remedy, but current solutions have various drawbacks. Providers which offer encrypted storage themselves cannot necessarily be trusted, since they have no open implementation. Existing encrypted file systems are not designed for usage in the cloud and do not hide metadata like file sizes or directory structure, do not provide integrity, or are prohibitively inefficient. Most have no formal proof of security. Our contribution is twofold. We first introduce a comprehensive formal model for the security and integrity of cloud file systems. Second, we present CryFS, a novel encrypted file system specifically designed for usage in the cloud. Our file system protects confidentiality and integrity (including metadata), even in presence of an actively malicious cloud provider. We give a proof of security for these properties. Our implementation is easy and transparent to use and offers performance comparable to other state-of-the-art file systems.

Category / Keywords: foundations, applications, implementation, cloud security, formal security models, file systems, secure data outsourcing, secure cloud storage, encrypted file system, integrity, game based security models

Original Publication (in the same form): DBSec 2017

Date: received 13 Aug 2017, last revised 13 Aug 2017

Contact author: messmer at cryfs org

Available format(s): PDF | BibTeX Citation

Version: 20170814:111940 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]