With data storage and processing snowballing into a necessity from being an efficient part of any business process or organization, the need for securing storage at various degrees of granularity is gaining considerable interest. The challenge in designing an encrypted filesystem stems from balancing performance, security perception, ease of usage and enterprise level deployability. Often, the most secure solutions may not even be the best solution either due to hit on performance or due to decreased usability. Further, narrowing the trust circle to exclude even hitherto trusted system administrators makes creating an encrypted filesystem a huge engineering exercise.
In this thesis, we talk about key management issues in TransCrypt, an encrypted filesystem design with smallest trust circle to the best of our knowledge. We provide an entire architecture with utilities like secure key stores, and their management through libraries inside and outside the kernel space. We provide enhancement of kernel CryptoAPI to include asymmetric cryptography, filesystem and file metadata management tools, and a communication framework to authenticate genuine users through user-space key stores. We present a design that incorporates modularity, flexibility while providing a transparently operational encrypted filesystem.
Back to the list of MTech theses
Abhijit Bagri can be reached at abagri[AT]gmail.com.