Electrical computers and digital processing systems: support – Data processing protection using cryptography – Computer instruction/address encryption
Reexamination Certificate
1997-09-11
2002-06-11
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Computer instruction/address encryption
C713S193000
Reexamination Certificate
active
06405315
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to distributed data processing. More particularly, the invention relates to a decentralized file system implemented on remotely encrypted data storage devices to provide secure data sharing among clients of the file system.
BACKGROUND OF THE INVENTION
Distributed file systems allow networked computers to access remote storage devices as if the devices were on a local file system. These file systems allow for sharing of data among networked clients. Additionally, a user can access networked data from other networked computers in the same way she accesses it from her own computer. This type of network file sharing is becoming increasingly prevalent as the computing industry becomes more network centric.
FIG. 1
shows a typical prior art distributed file system
1
. The system includes several computers
2
and a file server
3
attached to a network
4
. The computers
2
(referred to as clients) and server
3
communicate with each other over the network
4
using a network protocol such as Ethernet. A storage unit
5
is attached to the server
3
for storing data accessible to the computers. Each computer
2
might include its own storage unit
6
. Typically, a computer
2
would send a request to the server
3
when it need some data stored on the storage unit
5
. The server fetches the required data and sends it to the requesting computer. In some cases, data is stored in multiple parts each residing on a different storage unit rather than on a single unit. A distributed file system is then needed to manage the storing, updating, and accessing operations concerning such scattered data.
Distributed file systems have many security problems that local file systems do not have. The network itself is susceptible to security risks such as snooping (unauthorized break-ins), spoofing (impersonation), and packet eavesdropping (unauthorized receipt of data being transmitted over the network). The identity of a network client can be spoofed such as where a user id can be forged in requests to the file server. In addition, the distributed file systems still have the vulnerabilities of the local file systems. The disk containing file data can be stolen and mounted on another machine, bypassing the protection afforded by the operating system. The distributed file server can be broken into giving the attacker root access to the disk. Backup tapes are not generally encrypted and data is easily accessed if they are stolen.
There are three security areas that existing distributed file systems either fail to address, or address inadequately: confidentiality, integrity and authentication. Confidentiality refers to the requirement that the file system data can only be read by the parties that are intended to have access to the data. Integrity means that it is possible for the parties accessing the data to verify that the data read was not altered. Authentication requires that the exchanges between the data repositories and the file system clients are done such that both parties of the exchanges are able to verify the messages involved came from the other.
Network File System (NFS) was an early network file system that has gained wide spread adoption. (See, for example, reference
1
). When NFS was introduced, it relied on the operating system to enforce confidentiality, integrity, and authentication. It allowed users to access the network file system as if it were a local file system. Network communications were unencrypted and unauthenticated. The administrators of the local machine could become any user on the machine and gain access to the users files. Other machines on the network could disguise as another machine and fool the NFS server. Since packets were not encrypted across the network, an eavesdropper could view and alter the contents of the packets. Authentication was later added to version
3
of the NFS protocol.
Another file system, the Andrew File System (AFS, reference
2
), and its follow-on Decorum File System (DFS, reference
3
) are other network file systems that allow users access to the file systems as if they were local file systems. AFS relies on the authorization service Kerberos (reference
4
) to authenticate exchanges between the network client and the file system. AFS does not encrypt the file system data. So, an eavesdropper can view the data that is requested or sent to an AFS server. Version 1.2 of DFS added the option of encryption and integrity guarantees (reference
5
).
Cryptographic File System (CFS, reference
6
) is a file system that acts as a local file system and uses another shadow file system as a repository of data. Each directory of the file system has an encryption key associated that is used to encrypt important meta-data (such as filenames and symbolic links) and file data. CFS uses a modified Data Encryption Standard (reference
7
) to perform the encryption. Data is encrypted and then stored in the shadow file system. Each file in CFS has a corresponding file in the shadow file system. Using NFS as the shadow file system allows CFS to act as a network file system. Since the shadow file system is the repository of data, it must provide authentication for changes to the files. If NFS is used as the shadow file system, for example, CFS can be subject to replays (i.e., a copy of the data is presented to pretend that it is coming from the originator).
Accordingly, there is still a need for a decentralized file system based on a network of secure storage devices in which data can be moved, archived, and backed up in a secure manner, files can be securely copied directly from one device to another, and all data encryption is handled by the clients, rather than the devices, to overcome the above-described security problems.
References
1. Sandberg, R., et al., “Design and Implementation of the Sun Network Filesystem,” USENIX Conference Proceedings, USENIX Association, Berkeley, Calif., Summer 1985.
2. Howard, J. H. et al., “Scale and Performance in a Distributed File System, ACM Transactions on Computer Systems, Vol. 6, No. 1, February 1988.
3. Kazer, M., et al., “DEcorum File System Architectural Overview”, USENIX Summer Conference, June 1990.
4. Steiner, J. G., “Kerberos: An Authentication Service For Open Network Systems,” Winter USEIX, 1988, Dallas, Tex.
5. Everhart, C., “Security Enhancements for DCE DFS”, OSF RFC 90.0, February 1996.
6. Blaze, M., “A Cryptographic File System for Unix”, First ACM Conference on Communications and Computing Security, November 1993.
7. Data Encryption Standard, National Bureau of Standards, Federal Information Processing Standards Publication Number 46, National Technical Information Service, Springfield, Va., Jan. 15, 1977.
SUMMARY OF THE INVENTION
The present invention relates to a decentralized file system based on services provided by a network of secure remotely encrypted storage devices, and methods for securely storing, accessing, and updating data stored in the file system. The file system allows secure movement of data and metadata between the network clients and the network storage devices. Data is accessible only to authorized network clients in possession of appropriate encryption and decryption keys, where all encryption and decryption of data and metadata are performed by the network clients. The storage devices themselves do not have any encryption capabilities. Files can be copied directly from one storage device to another storage device in a secure manner. The network client's only involvement would be to initiate the action.
The basic file system includes a network, a network client that requests data from the system, a secure network storage device serving as a repository of the system's data, a key manager for controlling data access keys, and a lock manager for handling consistency of the files. The key manager maintains an access list of subscribers.
The file structure of the system is hierarchically composed of files and directories. Each directory entry references a file or another directory. Files may be created, read
Burns Randal Chilton
Chron Edward Gustav
Long Darrell
Reed Benjamin Clay
DiLorenzo Anthony
Hayes Gail
McSwain Marc D.
Tran Khanh Q.
LandOfFree
Decentralized remotely encrypted file system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Decentralized remotely encrypted file system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Decentralized remotely encrypted file system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2974965