On protecting integrity and confidentiality of cryptographic file system for outsourced storage

Aaram Yun, Chunhui Shi, Yongdae Kim

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

56 Scopus citations

Abstract

A cryptographic network file system has to guarantee confidentiality and integrity of its files, and also it has to support random access. For this purpose, existing designs mainly rely on(often ad-hoc) combination of Merkle hash tree with a block cipher mode of encryption. In this paper, we propose a new design based on a MAC tree construction which uses a universal-hash based stateful MAC. This new design enables standard model security proof and also better performance compared with Merkle hash tree. We formally define the security notions for file encryption and prove that our scheme provides both confidentiality and integrity. We implement our scheme in coreFS, a user-level network file system, and evaluate the performance in comparison with the standard design. Experimental results confirm that our construction provides integrity protection at a smaller cost.

Original languageEnglish
Title of host publicationProceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Pages67-75
Number of pages9
DOIs
StatePublished - 2009
Event2009 ACM Workshop on Cloud Computing Security, CCSW '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 - Chicago, IL, United States
Duration: 9 Nov 200913 Nov 2009

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2009 ACM Workshop on Cloud Computing Security, CCSW '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Country/TerritoryUnited States
CityChicago, IL
Period9/11/0913/11/09

Keywords

  • Cryptographic file system
  • File encryption scheme
  • MAC tree
  • Merkle hash tree
  • Provable security
  • Universal-hash based MAC

Fingerprint

Dive into the research topics of 'On protecting integrity and confidentiality of cryptographic file system for outsourced storage'. Together they form a unique fingerprint.

Cite this