SiRiUS: Securing Remote Untrusted Storage

Authors: E. Goh, H. Shacham, N. Modadugu, and D. Boneh

This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network storage is untrusted and provides its own read-write cryptographic access control for file level sharing. Key management and revocation is simple with minimal out-of-band communication. File system freshness guarantees are supported by SiRiUS using hash tree constructions. SiRiUS contains a novel method of performing file random access in a cryptographic file system without the use of a block server. Extensions to SiRiUS include large scale group sharing using the NNL key revocation construction. Our implementation of SiRiUS performs well relative to the underlying file system despite using cryptographic operations.

In proceedings of the Internet Society (ISOC) Network and Distributed Systems Security (NDSS) Symposium 2003, pp. 131-145

Full paper: ps