With the wide-spread adoption of digital information storage, the problem of data theft has come to be of utmost importance to both individuals and organizations. While several encrypting file systems have been developed to address this problem, only a few are scalable enough to be deemed ready for enterprise use, and even these suffer from a variety of issues, ranging from poor performance to inadequate trust models. The TransCrypt encrypting file system was developed to address these problems, and provide a secure, scalable and efficient enterprise-class solution to the data security problem. It uses a flexible, yet secure, key management scheme that simplifies sharing of files without compromising on security. One of TransCrypt's distinguishing features is that the super user is not considered a trusted entity in its threat model.
A prototype of TransCrypt, based on the ext3 file system, had been implemented on the Linux 2.6 kernel. In this prototype, the code was tightly coupled with the ext3 file system and modified its on-disk structures to store some additional meta-data. This implied that Transcrypt could not be used with other, more advanced, file systems without modifying their code as well. Moreover, modifications were made to existing code, both in the Linux kernel as well as in user-space utilities, introducing the additional overhead of code maintenance. In this work, we have addressed this limitation of the TransCrypt design. Transcrypt has now been re-designed to employ a layered architecture, with its layers being file-system independent. This was made possible by the use of the extended attribute mechanism for meta-data storage, which is provided by several modern file systems. As a result of this work. Transcrypt can now be used as a cryptographic layer over any of these file systems.
Back to the list of MTech theses
Arun Raghavan can be reached at arunsraghavan[AT]yahoo.com.