The Design of a Cryptography Based Secure File System

By Kirthi Reddy Mamidi

EHUD GUDES

ContentsAbstractIntroductionGeneral System StructureCompartmentalized,Data Independent Protection SpecificationsHierarchical Protection SpecificationsData Dependent Protection SpecificationsSecurity Problems ConclusionReferences.

Abstract• Based on user controlled cryptographic(UCC) transformations secure file system is designed.• These UCC transformations not only complement other

protection mechanisms but also enforce protection specifications.

• Files with different access permissions are enciphered by different cryptographic keys supplied by authorized users at access time.

Introduction• The use of cryptography for data protection has received considerable attention in recent years.• Two major classes of cryptographic transformations were introduced: system control cryptographic(SCC) and user control cryptographic(UCC) transformations.• The main goal of using UCC is to enforce a given set of protection specifications. These are enforced by withholding keys from unauthorized users.• But due to the data sharing between users several problems are derived and further investigation is required.

General System StructureA. Protection Specification for a simple file system. Assume a set of files:{F1,F2,F3…FN} and a set of users:{U1,U2,U3…Un}The different protection specifications are as follows: 1. Compartmentalized: Each user has to access to a group of files.All users and files are on the same level. 2. Hierarchical: There is a partial ordering of files,users or both. For eg: F1>F2 means that if user Ui has access to F1,then he also have access to F2. 3. Data Independent:This protection specifications means that access to a file is independent of its changing content or value of some of its fields. 4. Data Dependent: This protection specifications means that access to records in the file depends on their content.Changing the content might change access to it.

General Structure of the file system General description of the access mechanism

B. Basic Design Principles

Cont…The following are the main design guidelines and “worst case” assumptions to secure file system design:

• Protection is not solely dependent on the process of authentication.• All cipher algorithms are assumed known to all users.• The cryptographic schemes described below are designed to protect against READ access.

These guidelines assure the security of the system under ”worst case” conditions that may cause failure of many other protection mechanisms.

Security is further enhanced if these conditions do not occur.

Compartmentalized,Data Independent Protection Specifications

Assume a set of files:{F1,F2,F3…FN} and a set of users:{U1,U2,U3…Un},these specifications can be represented as a Boolean access matrix A.

F1 F2 F3U1 1 0 1

U2 0 0 1

U3 0 1 1

Access Matrix

Assumptions without essential loss in generality

• No two rows are equal.• No two columns are equal.• No zero rows or zero columns are allowed.• We have to encipher the whole file as a complete unit.

With these assumptions several schemes are suggested.All schemes must have the following objectives.Objective 1: Scheme must be “Complete.” A(I,j)=1,then user Ui should be able to access file Fj.

Objective 2: Scheme must be “secure.” A(I,j)=0,then user Ui should not be allowed to access file Fj.

The different schemes to implement these CDI protection specifications as mentioned below:: A. Scheme 1= The “Simple” Scheme B. Scheme 2= The “User Profile” Scheme C. Scheme 3= The “Keys Record” Scheme

A. Scheme 1= The “Simple” Scheme

Each user is given keys to all the files he is allowed to access.ie., User Ui when he wants to access file Fj will have to supply the key Kj.

Advantage:: This does not require an authentication process since it is independent of the concept of user-id and dependent of cryptographic keys.

Disadvantages:: • The first problem is that a single user Ui has to store AUi keys• We claim that the “user convenience” decreases when AUi

increases.• The second problem is that there is a nonzero probability for a user

to “lose” a key.• The “loss probability” increases with AUi.

number of keys

System Risk= ∑ PL(kj)*DKj/n j=1Where PL(Kj) is the probability of losing key Kj.

B. Scheme 2= The “User Profile” Scheme

• In this scheme each user has a user profile which contains a list of the AUi keys and enciphered using a special user key KUi.• We use a cipher C which is parameterized by a user key.• For example K’

j=C(KUi,Kj) means K’j is the ciphered form of Kj

using the parameter KUi.• The deciphering transformation is denoted as C-1(Kui,Kj’).ID of File 1 K’i1

….

….

ID of File j K’I,j

…. ….

ID of File Aui Ki,Aui

Ui

Advantage:: “user convenience” is higher and “loss probability” is lower.

Disadvantage:: It requires an authenticatuion process.Another problem is that changes in the protection specifications.Deletion of a file,will requre the reprocessing or reenciphering of several user profiles.

C. Scheme 3= The “Keys Record” Scheme

•This scheme is similar to “access list” mechanism.•The validation record contains a ciphered form of key Kj using a one way cipher g,where Kj’=g(Kj). K’

ji is a new key and it is a ciphered form of key Kj: K’

ji=C(KUi,Kj) and Kj=C-1(KUi,Kji’) where KUi is a unique key for user Ui.

Kj1’ Kj2’ ……. Kjnj’ Validation Record – Kj’

File Fj

The “Keys Record” Scheme

Advantage:: • No need for authentication.•High “user convenience” since user has to remember only one key.

Hierarchical Protection Specifications• In this we refer to any partial ordering,relative to access,either between files or users.

AB2

C4

D2D1

C3C2C1

B1

A Tree Directory. Partial Ordering::C1>B1>A This is a reverse Hierarchy

A. READ Access=“Reverse” Hierarchy

File N is Enciphered by KN.

Suppose we have the following specifications

USER 1 USER 2

Can have access to C1 & not to C3 Must have access to A & B1

Can have access to C3 & not to C1 Must have access to A & B2

• User 1 is given KA,KB1,KC1 And User 2 is given KA,KB2,KC3 which is not convenient because a user has to remember too many keys.• Therefore to generate the keys we use the method called “Collapsing” method.• Suppose we have a “one way” cipher function g, and a set of keys with the following relations (R) :

KB1=g(KC1) KB1=g(KC2) KB2=g(KC3) KB2=g(KC4) KA=g(KB1) KA=g(KB2).

The scheme has the advantage of high “user convenience”.

B. Independent Access Hierarchy

B2

C4C3C2

B1

A

C1

Access Hierarchy.Partial Ordering::A>B1>C1This is same as directory hierarchy

α KAB1’ KAB2’

KA’

FILE A

β KBC1’ KBC2’

KB1’

FILE B1

Key Records for independent access hierarchy

Key records

• User convenience is a complex function of the protection specification and the access hierarchy.• The disadvantage is the overhead involved,in order to access the lower nodes the system must first access higher level nodes.

KAB1’=C(KA,KB1) KB1=C-1 (KA,KAB1’)

Key KN Encipher the file named by node N.

Data Dependent Protection Specifications• These are most commonly used in database systems than in file systems.• Units of data must be enciphered by single key because of the problems of data sharing.• Any user query can be decomposed to its security atoms and checked for valid access.

Example:User 1 User 2

Can view only SALARY< 20,000 Can view only records of DEPARTMENT X

SECURITY ATOM

Contains exactly records with DEPT=X and SALARY <20,000

• This atom idea did not work well in volatile database because of the overhead involved in the reenciphering of the changed atoms.• Further research is needed to solve efficiently the database.

Security Problems• In general,solving a security problems,presents human engineering and organizational problems. • There is a problem of generating and securely distributing the Cryptographic keys.• Another problem is the recovery of clear data if a user’s key is lost.

Conclusion• In this paper we discussed methods of designing a secure file system and protection policies by using user controlled cryptographic transformations.• The Criteria such as:”user convenience” and “system risk” to evaluate their effectiveness has been discussed.• The designer can use these criteria in order to choose the scheme which satisfies his objectives.

References• E.Gudes,”The application of cryptography to data base security,” Ph.D.dissertation,Ohio State Univ. • E.J.McCauley,”A model for data secure systems,”Ph.D. dissertation,Ohio State univ.,1975.• D.E.Knuth,”The Art of Computer Programming,”1973.• “Computer security and the data encryption standard,” NBS Pub.500-27,1978.• W.Diffie and M.E.Hellman,”A critique of the proposed data encryption standard,”Mar.1976.