Cryptographic File System

Matt Blaze's Cryptographic File System (CFS)[2] is probably the most widely used secure filesystem and it is the closest to TCFS in terms of architecture. CFS encrypts the data before it passes across untrusted components, and decrypts it upon entering trusted components. CFS users create directories associated with keys and each file created in a protected directory is automatically encrypted.

CFS simulates a remote NFS server which exports on demand encrypted directories. All operations performed in clear by the user on a protected resource are mapped by CFS to the source directory (created by cmkdir) encrypted. During (and after) the user session, an intruder could not obtain clear data from the source directory.

CFS, that was the primary motivation of the work presented in this paper, presents the following characteristics.

• CFS is not transparent to the user. Encrypted directories have to be explictly attached to a specific directory by the user before they can be accessed.
• Cryptography granularity is at the level of the directory. This implies that the user must remember a password for each encrypted directory she owns. Moreover, all files in an encrypted directory are encrypted as opposed to TCFS where the user can choose which files to keep in encrypted form and which to keep in clear.

• CFS has been implemented as a user application. On the positive side, this approach makes it very easy to port CFS to different operating systems. On the negative side, this increases its vulnerability to attacks to the client machine and reduces its performance.

• CFS does not allow group sharing of protected resources nor it offers data authentication.