ImgFS: a transparent cryptography for stored images using a filesystem in userspace

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.

Original languageEnglish
Pages (from-to)28-42
Number of pages15
JournalFrontiers of Information Technology and Electronic Engineering
Volume16
Issue number1
DOIs
Publication statusPublished - 1 Jan 2015

Fingerprint

Cryptography
Transparency
Data structures
Experiments

Keywords

  • Cryptographic file system
  • Filesystem in userspace (FUSE)
  • Storage image security
  • Transparent encryption

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Hardware and Architecture
  • Signal Processing

Cite this

@article{bacdd1829ab6404baa94c84f9dc40261,
title = "ImgFS: a transparent cryptography for stored images using a filesystem in userspace",
abstract = "Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.",
keywords = "Cryptographic file system, Filesystem in userspace (FUSE), Storage image security, Transparent encryption",
author = "Khashan, {Osama A.} and {Mohd. Zin}, Abdullah and {A Sundararajan}, Elankovan",
year = "2015",
month = "1",
day = "1",
doi = "10.1631/FITEE.1400133",
language = "English",
volume = "16",
pages = "28--42",
journal = "Frontiers of Information Technology and Electronic Engineering",
issn = "2095-9184",
publisher = "Springer Science + Business Media",
number = "1",

}

TY - JOUR

T1 - ImgFS

T2 - a transparent cryptography for stored images using a filesystem in userspace

AU - Khashan, Osama A.

AU - Mohd. Zin, Abdullah

AU - A Sundararajan, Elankovan

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.

AB - Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.

KW - Cryptographic file system

KW - Filesystem in userspace (FUSE)

KW - Storage image security

KW - Transparent encryption

UR - http://www.scopus.com/inward/record.url?scp=84962419907&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962419907&partnerID=8YFLogxK

U2 - 10.1631/FITEE.1400133

DO - 10.1631/FITEE.1400133

M3 - Article

AN - SCOPUS:84962419907

VL - 16

SP - 28

EP - 42

JO - Frontiers of Information Technology and Electronic Engineering

JF - Frontiers of Information Technology and Electronic Engineering

SN - 2095-9184

IS - 1

ER -