Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.5.849

Efficient File System Level Encryption Mechanism Using HSM  

Kang, Cheol-Oh (The Attatched Institute of ETRI)
Won, Jong-Jin (The Attatched Institute of ETRI)
Park, Sung-Jin (The Attatched Institute of ETRI)
Ryou, Jea-Cheol (Choongnam University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.5, 2013 , pp. 849-858 More about this Journal
Abstract
In today's mobile computing environment, there are many threats, such as device loss or theft, malware, to the sensitive information stored on end user device. To prevent disclosure of information, encryption and authentication method are properly adjusted to the device. In cryptographic file systems, CBC mode of operation has been commonly used. It requires an IV need not be secret, but must be unpredictable and protect integrity of the IV. In this paper, we propose file system-level encryption mechanism with HSM that satisfy the requirement of the IV and improve the performance. Moreover, Design and experimental results prove the efficiency of our proposed method.
Keywords
CBC Mode; IV; File System-Level Encryption; HSM;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K. Scarfone, M. Souppaya, and M. Sexton, "Guide to Storage Encryption Technologies for End User Devices," SP 800-111, NIST, Nov. 2007.
2 S. Bruce, Applied Cryptography 2nd edition : protocols, algorithms, and source code in C, John Wiley & Sons, 2007.
3 Cryptsetup Project, [OnLine]. Available: http://code.google.com/p/cryptsetup
4 N. Ferguson, "AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista," Microsoft White Paper, Aug. 2006.
5 J. S. Heidemann, G. J. Popek, "File system development with stackable layers," ACM Transactions on computer systems, vol 12, no. 1, pp. 58-89, Feb. 1994.   DOI   ScienceOn
6 E. Zadok, I. Badulescu, and A. Shender, "Cryptfs: A stackable vnode level encryption file system," Technical Report CUCS-021-98, Computer Science Department, Columbia University, Jun. 1998.
7 C. P. Wright, M. C. Martino, and E. Zadok, "NCryptfs:A Secure and Convenient Cryptographic File System," Proceedings of the General Track: 2003 USENIX Annual Technical Conferance, pp. 197-210, Jun. 2003.
8 J. Alex Halderman, S.D. Scheon, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Applebaum, and E. W. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys," Proc. 17th USENIX Security Symposium, Jul. 2008.
9 M. Dworkin, "Recommendation for Block Cipher Modes of Operation : Methods and Techniques," SP 800-38A, NIST, Dec. 2001.
10 G. V. Bard, "The Vulnerability of SSL to chosen-plaintext attack," Cryptology ePrint Archive, Report 2004/111, 2004.
11 RSA Laboratories, "PKCS#11:Cryptographic Token Interface Standard," [OnLine]. Available: ftp://ftp.rsasecurity. com/pub/pkcs/pkcs-11/v2-20/pkcs- 11v2-20.pdf