Browse > Article

An Efficient Encryption/Decryption Approach to Improve the Performance of Cryptographic File System in Embedded System  

Heo, Jun-Young (서울대학교 컴퓨터공학부)
Park, Jae-Min (삼성전자 소프트웨어연구소)
Cho, Yoo-Kun (서울대학교 컴퓨터공학부)
Publication Information
Journal of KIISE:Computer Systems and Theory / v.35, no.2, 2008 , pp. 66-74 More about this Journal
Abstract
Since modem embedded systems need to access, manipulate or store sensitive information, it requires being equipped with cryptographic file systems. However, cryptographic file systems result in poor performance so that they have not been widely adapted to embedded systems. Most cryptographic file systems degrade the performance unnecessarily because of system architecture. This paper proposes ISEA (Indexed and Separated Encryption Approach) that supports for encryption/decryption in system architecture and removes redundant performance loss. ISEA carries out encryption and decryption at different layers according to page cache layer. Encryption is carried out at lower layer than page cache layer while decryption at upper layer. ISEA stores the decrypted data in page cache so that it can be reused in followed I/O request without decryption. ISEA provides page-indexing which divides page cache into cipher blocks and manages it by a block. It decrypts pages partially so that it can eliminate unnecessary decryption. In synthesized experiment of read/write with various cache hit rates, it gives results suggesting that ISEA has improved the performance of encryption file system efficiently.
Keywords
System Performance; Page Cache; Encryption File System; Embedded System; Operating System;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Blaze, "A cryptographic file system for unix," Proceedings of the 1st ACM Conference on Computer and Communications Security. pp. 9-16 1993
2 GNU License, "The GNU/Linux CryptoAPI," August 2003 http://www.kerneli.org
3 ABIT Computer corporation, "Secure IDE," 2003, http://abit-usa.com/products/multimedia/secureide
4 Aleph. One, "Yaffs2," 2002 http://www.aleph1.co.uk
5 C. Wright, M. Martino and E. Zadok, "Ncryptfs: A secure and convenient cryptographic file system," Proceedings of the Annual USENIX Technical Conference 2003, pp. 197-210
6 J. K. Ousterhout and F. Douglis, "Beating the I/O Bottleneck: A Case for Log-Structured File System," Operating Systems Reviews, Vol.23, No.1, pp. 11-28, 1989   DOI
7 Kingston Technology company, "DataTraveler Elite," 2006, http://www.kingston.com/flash/dt_elite.asp
8 S. Ravi, A. Raghunathan, P. Kocher and S. Hattangady, "Security in Embeddes systems: Design Challenges," Trans. on Embedded Computing Sys. Vol.3, No.3 pp. 461-491, 2004   DOI
9 E. Riedel, M. Kallahalla and R. Swaminathan, "A framework for evaluating storage system security," Proceedings of the 1st USENIX Conference on File and Strorate Technologies. pp. 15-30, 2002
10 Jetico Inc. "Bestcrypt corporate edition," 2001 http://www.jetico.com
11 Hybus Corporation, "X-hyper270b," 2005 http://www. hybus.net
12 Microsoft Corporation, "Encryption File System for Windows 2000," Tech. Rep. 2000
13 G. Cattaneo, L. Catuogno, A. D Sorbo and P. Persiano, "The Design and Implementation of a Transparent Cryptographic File System for Unix," Proceedings of the FREENUX Track: 2001 USENIX Anuual Technical Conference, pp. 199-212, 2001
14 D. P. Bovet and M. Cesati, "Understanding the Linux Kernel," O'Reilly, 2006
15 J. S. Heidemann and G. J. Popek, "Performance of cache coherence in stackable filing," Symposium on Operating System Principle, pp. 127-142, 1995
16 GNU License, "Gnu Privacy Guard," 1999 http://www. gnupg.org
17 ARC Advisory Group, "Microsoft Security Overview," 2003
18 P. C. Gutmann, "Secure File System(SFS) for DOS/Windows," 1994. http://www.cs.auckland.ac.nz/~pgut001/sfs/
19 E. Zadok, I. Badulescu and A. Shender, "Cryptfs: A Stackable vnode level encryption file system," Tech. Rep., 1998
20 R. Dowdeswell and J. Ioannidis, "The Cryptographic disk driver," Proceedings of the Annual USENIX Technical Conference, FREENIX Track, 2003