Data security has come to be of utmost importance in the recent times. Several encrypting file systems have been designed to solve the problem of providing data security in a secure and transparent manner. TransCrypt is such an encrypting file system, which is implemented in kernel space, has an advanced key management scheme and is designed to be deployable in an enterprise scenario. It uses per-file cryptographic keys for flexible sharing and does not include even the superuser in its trust model.
Earlier, TransCrypt was implemented on the Linux kernel (version 2.6). In the implementation, several modifications were made to the existing kernel to embed the TransCrypt functionality. Such modifications also changed the file I/O behaviour in the kernel, in order to add a cryptographic layer to perform encryption and decryption on the file data. The kernel thus modified had several limitations with respect to functionality, maintainability and performance.
In this thesis, we propose a new cryptographic layer for the TransCrypt file system. This layer is implemented as a kernel module and does not modify any existing kernel code. The module uses the device-mapper infrastructure provided by the Linux kernel. The new layer addresses several limitations of the earlier implementation, and is robust and stable. Performance gains of over 90 percent were observed in read and write operations on large files with the new implementation. The design and implementation details of the new cryptographic layer and performance measurements are discussed in this work.
Back to the list of MTech theses
Sainath S Vellal can be reached at svellal[AT]gmail.com.