Introduction

Today's networking makes it feasible to share resources over a network. Filesystems have been historically one of the first services to be distributed over a network (see Sun's NFS [13]). Nowaday this services are even more necessary. In facts the wide spread of mobile equipments (such as PDA or lap top computers) strongly require the availability of a common file repository accessible from any place allover the world with different network strategies. Distributing applications and services over a network offers obvious advantages but creates several security problems: unauthorized users might gain access to restricted services.

Within the context of distributed filesystems this phenomenon is easily seen. In a distributed filesystem, we have two types of actors: servers which have direct access to a local filesystem and clients that wish to access files on filesystems local to the server. Servers and clients are connected through a communication network. Let us take NFS as an example. NFS is very naive in its approach to security. Roughly speaking, the server receives requests for block of data from client and sends the data block in clear over the network. It is a simple task to eavesdrop over the conversation and thus read the data [9]. Moreover, the access to the data is granted by the server on the basis of the uid (and gid) communicated by the client. Thus nothing prevents a pirate client from giving the server ``the right'' information and thus gaining access to the whole file system.

Users who wish to protect their files should adopt measures to prevent exposure of sensible data. This problem can be addressed at several levels: user, application and system level. In this paper we present the Transparent Cryptographic FileSystem (TCFS, in short) that addresses the problem of securing data in a distributed filesystem at the system level. The TCFS project started in 1995 but only in the last 12 months the experimental analysis have demonstrated its efficiency and its robustness.

Before describing the features of TCFS, let us present arguments in favor of a solution at the system level as opposed to solutions at the user or application level.

Several tools exist to encrypt the content of files and directories. However, we point out that this approach suffers of two main drawbacks:

1. Ease of use. Data reside in encrypted form on the filesystem. Before accessing the data, the user needs to decrypt it before and, after he has finished, he needs to re-encrypt the data. This is very cumbersome and users would tend to avoid this step. In general, a well-know security practice principle states that security has to come to little or no operative cost to the user.
2. Network. Encrypting and decrypting data in a distributed filesystem does not guarantee that the data is not exposed to an unauthorized party. Indeed, once the user has decrypted the data, it is stored unencrypted on the server. Thus data is leaked to the filesystem server. Moreover, data is transferred between the server and client in clear and thus can be read by eavesdroppers.

Several widely used applications offer an encrypting service: when data is saved to disk, the user can choose whether to encrypt it or not. This approach addresses the usability problem but data is still vulnerable when it travels on the network.