具透明化及高效率機制之加密檔案系統

Abstract

在本篇論文中，我們提出了一個保護檔案系統的加密架構，這個具透 明化機制之加密檔案系統(TCFS)提供使用者存取透明化且能夠保護檔案內 容及目錄結構。我們提出的架構包含一個管理使用者密碼的函式庫及一個 虛擬驅動程式階層，藉由這個虛擬驅動程式階層，TCFS可以有效率的將檔 案內容予以加密、隱藏檔案系統的架構以及提供使用者透明化的存取。在 TCFS中，所有的檔案區段皆由不同的亂數密碼予以加密保護，而且所有的 加密單位是檔案區段而不是整個檔案，如此只有需要被存取的資料需要被 更動，這樣的機制大幅度的提高系統效率。在系統正常的狀態之下，未經 授權的使用者(包含系統管理者)無法存取不屬於他們的檔案，一旦檔案系 統出現問題，系統管理者可以透過授權的管道將檔案系統修復。 In this paper, we propose a cryptographic scheme for file system protection. The transparent cryptographic file system protection scheme (TCFS) provides transparent user accesses, and can protect bothfile contents and file system structure. The proposed scheme consists of a cryptographic key management library and a virtual device driver layer. With the virtual device driver layer, TCFS effectively encrypts file contents; hides the structure of a file system; provides transparent user accesses. In TCFS, All file blocks are encrypted with different random keys, and file contents decryption is performed on each data block rather than the entire file. In this way, only the intended file block need be decrypted and file access speed is improved. In system normal state, unauthorized users including the system manager cannot access a file. Upon file system failure, the system manager can be authorized to recover the file system through a key-escrow procedure.