SASTECH Journal 8 Volume 10, Issue 1, May 2011 DESIGN AND DEVELOPMENT OF A USER BASED SECURE FILE SYSTEM FOR LINUX USING FUSE Venkatanatha Sarma Yerragudi 1 , N.D.Gangadhar 2 , Dipayan Mazumdar 3 1-M.Sc. [Engg.] Student, 2-Professor, 3-Assitant Professor Department of CE, M. S. Ramaiah School of Advanced Studies, Bangalore 560 058 Abstract Data storage on personal computers is inherently insecure as authentication and file access control are handled by the host operating system. These security provisions can be bypassed if another operating system is used on the same personal computer. To address this problem, file encryptors, disk encryptors and file system encryptors were developed, each with its drawbacks. By combining the strengths of file encryptors and file system encryptors, these drawbacks can be overcome. To achieve this, a user space file system library must be used. The file system must also have its own authentication and authorization routines to provide uniform access across multiple operating systems. This paper describes the design and development of such a file system for Linux using the FUSE library and the OpenSSL library. The design for this file system was mathematically modelled and formally verified using Alloy analyser. The file system requires the user to provide user name and password for authentication. Each file is encrypted using a separate key to provide security against cryptanalysis. This key is encrypted using the owner’s private key to allow for change of ownership. The password is used to decrypt the user’s private key. The developed file system was tested for authentication and access control successfully. The optimal performance of the file system was perceived at file sizes between 1 kilobyte and 256 megabytes. The performance degradation due to encryption was also measured and found to be within usable limits. This stackable file system can be used on all Unix clones that have FUSE and OpenSSL libraries. Keywords: File System, Security, User Authenticating File System, FUSE, openSSL Nomenclature s seconds B bytes Abbreviations AES Advanced Encryption Standard API Application Programming Interface b64 Base 64 BBFS Big Brother File System CFD Control Flow Diagram DFD Data Flow Diagram EFS Encrypting File System ext Extended file system FAT File Allocation Table FS File System FUSE Filesystem in USEr space iNode index Node I/O Input/Output MD5 Message Digest 5 NT New Technology NTFS New Technology File System OS Operating System PGP Pretty Good Privacy RSA Rivest Shamir Adleman SFS Secure File System SSL Secure Socket Layer ZFS Zettabyte File System 1. INTRODUCTION All applications of computer systems depend on data and hence, depend on data storage. Users of these applications may store information such as bank statements, website passwords, government issued digital certificates and other such confidential information on their personal computers. However, such data stored on the personal computer is not secured against eavesdroppers by default. Operating systems provide authentication and access control to the personal computer which can be bypassed easily. By booting in to a live boot disk, provided by distributions such as Ubuntu, it is very easy to mount the local hard disk and access the information. To remedy this problem, there are many available solutions: One of the approaches is the use of encryption software that can encrypt individual files and provide confidentiality. However, it is not easy to manage multiple passwords. Using same password to encrypt many files can be a security risk in itself. Also, if applications on the personal computer have to use such a feature, they must be rewritten to integrate with the encryption software. Examples of such applications are AES Crypt and PGP file encryption software. These applications may be classified as file encryptors. Another approach to solve the problem of data security in personal computers is the encryption of the entire disk file system itself. Some kernel level applications encrypt the entire disk contents using a single encryption key. Such a solution to resolve the issue of data security in disk file systems can be classified as volume encryption approach. Though the information is secured against external eavesdroppers, this form of security does no protect against eavesdropping by the other users of the personal computer. Also, only a single user can access the information if the key is not shared.