Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of a System Call Interface for Supporting File Partial Encryption

파일 부분 암호화 지원을 위한 시스템 호출의 설계 및 구현에 관한 연구

  • Seo, Hye-In (Department of Information and Communication Engineering, Hanbat National University) ;
  • Kim, Eun-Gi (Department of Information and Communication Engineering, Hanbat National University)
  • Received : 2017.10.11
  • Accepted : 2017.11.15
  • Published : 2018.03.28
Download PDF
⟨ Previous Next ⟩

Abstract

There are currently various file encryption solutions for encrypting and storing files on disk. However, the existing file encryption solutions handle encryption and decryption all at once by file or directory. In this paper, we propose a system call supporting partial encryption function of the file. The user sets the encryption information with the system call interface at a portion where encryption of the file data is desired. And then the user writes file data, the data is encrypted and stored. Also if the user sets decryption information and reads the file data, the necessary part is decrypted by applying the set information. For the proposed system call, It consists of inspection module, management module, encryption module, decryption module, and HMAC module as per required system call. And it was implemented on the Linux environment. Also the operation of implemented system call was verified on the development board, and the performance was analyzed by measuring performance speed.

현재 디스크에 파일을 암호화하여 저장하기 위한 다양한 파일 암호화 솔루션이 존재한다. 하지만 기존의 파일 암호화 솔루션은 암호화 및 복호화를 파일 혹은 디렉터리 단위로 일괄되게 처리한다. 본 논문에서는 파일의 부분 암호화를 지원하는 시스템 호출을 제안한다. 파일 데이터의 암호화를 원하는 부분에서 사용자는 시스템 호출 인터페이스로 암호화 정보를 설정한다. 그다음 파일 데이터를 쓰면 설정된 내용으로 데이터가 암호화되어 저장된다. 또한 복호화 정보를 설정한 뒤 파일 데이터를 읽어오면, 설정된 정보가 적용되어 필요한 부분만을 복호화 한다. 제안된 시스템 호출을 위해 검사, 관리, 암호화, 복호화, HMAC 모듈이 필요한 시스템 호출에 따라 구성되며, 이는 리눅스 환경에서 구현되었다. 또한 구현된 시스템 호출의 동작을 개발 보드에서 검증하였으며, 그 수행 속도를 측정하여 성능을 분석하였다.

Keywords

References

  1. J. H. Kim, T. K. Part, and G. H. Cho, "User Transparent File Encryption Mechanisms at Kernel Level," The Journal of Korea Institute of Information Security And Cryptology, vol. 16, no. 3, pp. 3-16, June 2006.
  2. J. Y. Heo, J. M. Park, and Y. K. Cho, "An Efficient Encryption/Decryption Approach to Improve the Performance of Cryptographic File System in Embedded System," The Journal of Korean Institute of Information Scientists and Engineers, vol. 35, no. 2, pp. 66-74, Feb. 2008.
  3. TLDP(The Linux Documentation Project). Cryptographic File System under Linux HOW-TO LINUX SECURITY FAQ [Internet]. Available: http://www.tldp.org/pub/Linux/docs/faqs-archived/security/Cryptographic-File-System.
  4. J. H. Hwangbo, and D. W. Seo, "Crystal : Cryptographic File System Based On Clustering Environment," in Proceedings of the 28th Korean Information Science Society Fall Conference, Republic of Korea, vol. 28, no. 2 (1), pp. 802-804, Oct. 2001.
  5. FiST: Stackable File System Language and Templates. NCryptfs: A Secure and Convenient Cryptographic File System [Internet]. Available: https://www.filesystems.org/docs/ncryptfs/ncryptfs.pdf.
  6. Linux Journal. Using CFS, the Cryptographic Filesystem [Internet]. Available: http://www.linuxjournal.com/article/6381.
  7. Linux Journal. TCFS: Transparent Cryptographic File System [Internet]. Available: http://www.linuxjournal.com/article/2174.
  8. FiST: Stackable File System Language and Templates. Subsections 1.1 The Stackable Vnode Interface from Cryptfs: A Stackable Vnode Level Encryption File System [Internet]. Available: http://filesystems.org/docs/cryptfs/node1.html#SECTION00011000000000000000
  9. S. J. Baek and J. M. Choi, Linux Kernel Internal, Republic of Korea, 2015.
  10. Wikipedia(The Free Encyclopedia). Interrupt [Internet]. Available: https://en.wikipedia.org/wiki/Interrupt.
  11. The Linux Kernel Archives. Linux Kernel Crypto API [Internet]. Available: https://www.kernel.org/doc/html/v4.12/crypto/intro.html.
  12. Chronox. Kernel Crypto API Architecture [Internet]. Available: http://www.chronox.de/crypto-API/crypto/architecture.html.
  13. IETF Std. RFC 2104, HMAC: Keyed-Hashing for Message Authentication, IETF, 1997.
  14. FIPS Std. FIPS PUB 197, Advanced Encryption Standard (AES), FIPS, NIST, 2001.
  15. Wikipedia(The Free Encyclopedia). Hex dump [Internet]. Available: https://en.wikipedia.org/wiki/Hex_dump.