DOI QR코드

DOI QR Code

Design and Implementation of a System Call Interface for Supporting File Partial Encryption

파일 부분 암호화 지원을 위한 시스템 호출의 설계 및 구현에 관한 연구

  • Seo, Hye-In (Department of Information and Communication Engineering, Hanbat National University) ;
  • Kim, Eun-Gi (Department of Information and Communication Engineering, Hanbat National University)
  • Received : 2017.10.11
  • Accepted : 2017.11.15
  • Published : 2018.03.28

Abstract

There are currently various file encryption solutions for encrypting and storing files on disk. However, the existing file encryption solutions handle encryption and decryption all at once by file or directory. In this paper, we propose a system call supporting partial encryption function of the file. The user sets the encryption information with the system call interface at a portion where encryption of the file data is desired. And then the user writes file data, the data is encrypted and stored. Also if the user sets decryption information and reads the file data, the necessary part is decrypted by applying the set information. For the proposed system call, It consists of inspection module, management module, encryption module, decryption module, and HMAC module as per required system call. And it was implemented on the Linux environment. Also the operation of implemented system call was verified on the development board, and the performance was analyzed by measuring performance speed.

Acknowledgement

Supported by : Hanbat National University

References

  1. J. H. Kim, T. K. Part, and G. H. Cho, "User Transparent File Encryption Mechanisms at Kernel Level," The Journal of Korea Institute of Information Security And Cryptology, vol. 16, no. 3, pp. 3-16, June 2006.
  2. J. Y. Heo, J. M. Park, and Y. K. Cho, "An Efficient Encryption/Decryption Approach to Improve the Performance of Cryptographic File System in Embedded System," The Journal of Korean Institute of Information Scientists and Engineers, vol. 35, no. 2, pp. 66-74, Feb. 2008.
  3. TLDP(The Linux Documentation Project). Cryptographic File System under Linux HOW-TO LINUX SECURITY FAQ [Internet]. Available: http://www.tldp.org/pub/Linux/docs/faqs-archived/security/Cryptographic-File-System.
  4. J. H. Hwangbo, and D. W. Seo, "Crystal : Cryptographic File System Based On Clustering Environment," in Proceedings of the 28th Korean Information Science Society Fall Conference, Republic of Korea, vol. 28, no. 2 (1), pp. 802-804, Oct. 2001.
  5. FiST: Stackable File System Language and Templates. NCryptfs: A Secure and Convenient Cryptographic File System [Internet]. Available: https://www.filesystems.org/docs/ncryptfs/ncryptfs.pdf.
  6. Linux Journal. Using CFS, the Cryptographic Filesystem [Internet]. Available: http://www.linuxjournal.com/article/6381.
  7. Linux Journal. TCFS: Transparent Cryptographic File System [Internet]. Available: http://www.linuxjournal.com/article/2174.
  8. FiST: Stackable File System Language and Templates. Subsections 1.1 The Stackable Vnode Interface from Cryptfs: A Stackable Vnode Level Encryption File System [Internet]. Available: http://filesystems.org/docs/cryptfs/node1.html#SECTION00011000000000000000
  9. S. J. Baek and J. M. Choi, Linux Kernel Internal, Republic of Korea, 2015.
  10. Wikipedia(The Free Encyclopedia). Interrupt [Internet]. Available: https://en.wikipedia.org/wiki/Interrupt.
  11. The Linux Kernel Archives. Linux Kernel Crypto API [Internet]. Available: https://www.kernel.org/doc/html/v4.12/crypto/intro.html.
  12. Chronox. Kernel Crypto API Architecture [Internet]. Available: http://www.chronox.de/crypto-API/crypto/architecture.html.
  13. IETF Std. RFC 2104, HMAC: Keyed-Hashing for Message Authentication, IETF, 1997.
  14. FIPS Std. FIPS PUB 197, Advanced Encryption Standard (AES), FIPS, NIST, 2001.
  15. Wikipedia(The Free Encyclopedia). Hex dump [Internet]. Available: https://en.wikipedia.org/wiki/Hex_dump.