SiRiUS: Securing Remote Untrusted Storage
Authors: E. Goh, H. Shacham, N. Modadugu, and D. Boneh
Abstract:
This paper presents SiRiUS, a secure file system designed to be
layered over insecure network and P2P file systems such as NFS, CIFS,
OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network storage
is untrusted and provides its own read-write cryptographic access
control for file level sharing. Key management and revocation is
simple with minimal out-of-band communication. File system freshness
guarantees are supported by SiRiUS using hash tree
constructions. SiRiUS contains a novel method of performing file
random access in a cryptographic file system without the use of a
block server. Extensions to SiRiUS include large scale group sharing
using the NNL key revocation construction. Our implementation of
SiRiUS performs well relative to the underlying file system despite
using cryptographic operations.
Reference:
In proceedings of the Internet Society (ISOC) Network and Distributed Systems Security (NDSS) Symposium 2003, pp. 131-145
Full paper: ps