Abstract
Real-time encryption and decryption of digital images stored on end-user devices is a challenging task due to the inherent features of the images. Traditional software encryption applications generally suffered from the expense of user convenience, performance efficiency, and the level of security provided. To overcome these limitations, the concept of transparent encryption has been proposed. This type of encryption mechanism can be implemented most efficiently with kernel file systems. However, this approach has some disadvantages since developing a new file system and attaching it in the kernel level requires a deep understanding of the kernel internal data structure. A filesystem in userspace (FUSE) can be used to bridge the gap. Nevertheless, current implementations of cryptographic FUSE-based file systems suffered from several weaknesses that make them less than ideal for deployment. This paper describes the design and implementation of ImgFS, a fully transparent cryptographic file system that resides on user space. ImgFS can provide a sophisticated way to access, manage, and monitor all encryption and key management operations for image files stored on the local disk without any interaction from the user. The development of ImgFS has managed to solve weaknesses that have been identified on cryptographic FUSE-based implementations. Experiments were carried out to measure the performance of ImgFS over image files’ read and write against the cryptographic service, and the results indicated that while ImgFS has managed to provide higher level of security and transparency, its performance was competitive with other established cryptographic FUSE-based schemes of high performance.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Amigó, J.M., Kocarev, L., Szczepanski, J., 2007. Theory and practice of chaotic cryptography. Phys. Lett. A, 366(3): 211–216. [doi:10.1016/j.physleta.2007.02.021]
Bellare, M., Canetti, R., Krawczyk, H., 1996. Message authentication using hash functions—the HMAC construction. RSA Lab. CryptoBytes, 2(1):1–5.
Blaze, M., 1993. A cryptographic file system for UNIX. Proc. 1st ACM Conf. on Computer and Communications Security, p.9–16. [doi:10.1145/168588.168590]
Cattaneo, G., Catuogno, L., Sorbo, A.D., et al., 2001. The design and implementation of a transparent cryptographic filesystem for UNIX. Proc. USENIX Annual Technical Conf., p.199–212.
Dowdeswell, R.C., Ioannidis, J., 2003. The CryptoGraphic disk driver. Proc. USENIX Annual Technical Conf., p.179–186.
Gough, V., 2008. EncFS Encrypted Filesystem. Available from http://www.arg0.net/encfs [Accessed on Jan. 12, 2014].
Halcrow, M.A., 2005. eCryptfs: an enterprise-class encrypted filesystem for Linux. Proc. Linux Symp., p.201–218.
Hohmann, C., 2006. CryptoFS. Available from https://github.com/reboot/cryptofs [Accessed on Jan. 26, 2014].
Jaeger, T., van Oorschot, P.C., Wurster, G., 2011. Countering unauthorized code execution on commodity kernels: a survey of common interfaces allowing kernel code modification. Comput. Secur., 30(8):571–579. [doi:10.1016/j.cose.2011.09.003]
Kerrisk, M., 2013. Linux Programmer’s Manual: Kernel Random Number Source Devices. Available from http://man7.org/linux/man-pages/man4/random.4.html [Accessed on Feb. 7, 2014].
Kessler, G., 2014. File Signatures Table. Available from http://www.garykessler.net/library/file_sigs.html [Accessed on Feb. 16, 2014].
Khashan, O.A., Zin, A.M., 2013. An efficient adaptive of transparent spatial digital image encryption. Proc. 4th Int. Conf. on Electrical Engineering and Informatics, p.288–297. [doi:10.1016/j.protcy.2013.12.193]
Khashan, O.A., Zin, A.M., Sundararajan, E.A., 2014. Performance study of selective encryption in comparison to full encryption for still visual images. J. Zhejiang Univ.-Sci. C (Comput. & Electron.), 15(6):435–444. [doi:10.1631/jzus.C1300262]
Lee, K., Ewe, H., 2007. Multiple hashes of single key with passcode for multiple accounts. J. Zhejiang Univ.-Sci. A, 8(8):1183–1190. [doi:10.1631/jzus.2007.A1183]
Li, S.B., Jia, X., 2010. Research and application of transparent encrypting file system based on windows kernel. Proc. Int. Conf. on Computational Intelligence and Software Engineering, p.1–4. [doi:10.1109/CISE.2010.5677091]
Ludwig, S., Kalfa, W., 2001. File system encryption with integrated user management. ACM SIGOPS Oper. Syst. Rev., 35(4):88–93. [doi:10.1145/506084.506092]
Ma, J., Li, Z., Li, J., 2010. A novel secure virtual storage device scheme. Proc. IEEE Int. Conf. on Intelligent Computing and Intelligent Systems, p.271–275. [doi:10.1109/ICICISYS.2010.5658742]
Mazières, D., 2001. A toolkit for user-level file systems. Proc. USENIX Annual Technical Conf., p.261–274.
Mellado, D., Blanco, C., Sánchez, L., et al., 2010. A systematic review of security requirements engineering. Comput. Stand. Interface, 32(4):153–165. [doi:10.1016/j.csi.2010.01.006]
OpenSSL Project, 2014. OpenSSL Project. Available from https://www.openssl.org/ [Accessed on Mar. 15, 2014].
Preneel, B., 2011. Modes of operation of a block cipher. In: van Tilborg, H.C.A., Jajodia, S. (Eds.), Encyclopaedia of Cryptography and Security. Springer US, p.789–794. [doi:10.1007/978-1-4419-5906-5_599]
Rajgarhia, A., Gehani, A., 2010. Performance and extension of user space file systems. Proc. ACM Symp. on Applied Computing, p.206–213. [doi:10.1145/1774088.1774130]
Rivest, R., 1992. The MD5 Message-Digest Algorithm. Technical Report No. RFC-1321, MIT Laboratory for Computer Science and RSA Data Security, Inc.
Schiesser, M., 2005. Complete hard disk encryption using FreeBSD’s GEOM framework. Proc. 4th European BSD Conf. Available from http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf [Accessed on Feb. 9, 2014].
Shukela, V., 2013. Chaoticfs Project. Available from https://github.com/vi/chaoticfs [Accessed on Mar. 3, 2014].
Singh, V., Lakshminarasimhaiah, D., Mishra, Y., et al., 2006. An implementation and evaluation of online disk encryption for windows systems. Proc. 2nd Int. Conf. on Information Systems Security, p.337–348. [doi:10.1007/11961635_24]
Sunsoft, 2014. Linux-PAM. Available from http://www.linuxpam.org [Accessed on Feb. 9, 2014].
Szeredi, M., 2010. FUSE: Filesystem in Userspace. Available from http://fuse.sourceforge.net/ [Accessed on Jan. 13, 2014].
Trusted Computing Group, 2011. TPM Main Part 1: Design Principles. Specification Version 1.2, Revision 116.
Verma, O.P., Agarwal, R., Dafouti, D., et al., 2011. Performance analysis of data encryption algorithms. Proc. 3rd Int. Conf. on Electronics Computer Technology, p.399–403. [doi:10.1109/ICECTECH.2011.5942029]
Wright, C.P., Martino, M.C., Zadok, E., 2003. NCryptfs: a secure and convenient cryptographic file system. Proc. USENIX Annual Technical Conf., p.197–210.
Zhang, X., Liu, F., Chen, T., et al., 2009. Research and application of the transparent data encryption in intranet data leakage prevention. Proc. Int. Conf. on Computational Intelligence and Security, p.376–379. [doi:10.1109/CIS.2009.107]
Author information
Authors and Affiliations
Corresponding author
Additional information
Project partly supported by the Ministry of Higher Education of Malaysia under Grant LRGS/TD/2011/UKM/ICT/02
ORCID: Osama A. KHASHAN, http://orcid.org/0000-0003-1965-1869
Rights and permissions
About this article
Cite this article
Khashan, O.A., Zin, A.M. & Sundararajan, E.A. ImgFS: a transparent cryptography for stored images using a filesystem in userspace. Frontiers Inf Technol Electronic Eng 16, 28–42 (2015). https://doi.org/10.1631/FITEE.1400133
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.1400133