Browse > Article
http://dx.doi.org/10.6109/jkiice.2018.22.3.557

Design and Implementation of a System Call Interface for Supporting File Partial Encryption  

Seo, Hye-In (Department of Information and Communication Engineering, Hanbat National University)
Kim, Eun-Gi (Department of Information and Communication Engineering, Hanbat National University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.22, no.3, 2018 , pp. 557-567 More about this Journal
Abstract
There are currently various file encryption solutions for encrypting and storing files on disk. However, the existing file encryption solutions handle encryption and decryption all at once by file or directory. In this paper, we propose a system call supporting partial encryption function of the file. The user sets the encryption information with the system call interface at a portion where encryption of the file data is desired. And then the user writes file data, the data is encrypted and stored. Also if the user sets decryption information and reads the file data, the necessary part is decrypted by applying the set information. For the proposed system call, It consists of inspection module, management module, encryption module, decryption module, and HMAC module as per required system call. And it was implemented on the Linux environment. Also the operation of implemented system call was verified on the development board, and the performance was analyzed by measuring performance speed.
Keywords
System call; File encryption solution; File system; Linux kernel;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chronox. Kernel Crypto API Architecture [Internet]. Available: http://www.chronox.de/crypto-API/crypto/architecture.html.
2 IETF Std. RFC 2104, HMAC: Keyed-Hashing for Message Authentication, IETF, 1997.
3 FIPS Std. FIPS PUB 197, Advanced Encryption Standard (AES), FIPS, NIST, 2001.
4 Wikipedia(The Free Encyclopedia). Hex dump [Internet]. Available: https://en.wikipedia.org/wiki/Hex_dump.
5 The Linux Kernel Archives. Linux Kernel Crypto API [Internet]. Available: https://www.kernel.org/doc/html/v4.12/crypto/intro.html.
6 J. H. Kim, T. K. Part, and G. H. Cho, "User Transparent File Encryption Mechanisms at Kernel Level," The Journal of Korea Institute of Information Security And Cryptology, vol. 16, no. 3, pp. 3-16, June 2006.
7 J. Y. Heo, J. M. Park, and Y. K. Cho, "An Efficient Encryption/Decryption Approach to Improve the Performance of Cryptographic File System in Embedded System," The Journal of Korean Institute of Information Scientists and Engineers, vol. 35, no. 2, pp. 66-74, Feb. 2008.
8 TLDP(The Linux Documentation Project). Cryptographic File System under Linux HOW-TO LINUX SECURITY FAQ [Internet]. Available: http://www.tldp.org/pub/Linux/docs/faqs-archived/security/Cryptographic-File-System.
9 J. H. Hwangbo, and D. W. Seo, "Crystal : Cryptographic File System Based On Clustering Environment," in Proceedings of the 28th Korean Information Science Society Fall Conference, Republic of Korea, vol. 28, no. 2 (1), pp. 802-804, Oct. 2001.
10 FiST: Stackable File System Language and Templates. NCryptfs: A Secure and Convenient Cryptographic File System [Internet]. Available: https://www.filesystems.org/docs/ncryptfs/ncryptfs.pdf.
11 Linux Journal. Using CFS, the Cryptographic Filesystem [Internet]. Available: http://www.linuxjournal.com/article/6381.
12 Linux Journal. TCFS: Transparent Cryptographic File System [Internet]. Available: http://www.linuxjournal.com/article/2174.
13 FiST: Stackable File System Language and Templates. Subsections 1.1 The Stackable Vnode Interface from Cryptfs: A Stackable Vnode Level Encryption File System [Internet]. Available: http://filesystems.org/docs/cryptfs/node1.html#SECTION00011000000000000000
14 S. J. Baek and J. M. Choi, Linux Kernel Internal, Republic of Korea, 2015.
15 Wikipedia(The Free Encyclopedia). Interrupt [Internet]. Available: https://en.wikipedia.org/wiki/Interrupt.