Last update to file Thursday, 01-Apr-1999 15:48:28 MET DST


[TCFS]


Introduction


Recent advances in hardware and communication technologies have made possible and cost effective to share a file system among several machines over a local (but possibly also a wide) area network.
One of the most successful and widely used such applications is Sun's Network File System (NFS).

NFS is very simple in structure but assumes a very strong trust model: the user trusts the remote file system server (which might be running on a machine in different country) and a network with his/her data. It is easy to see that neither assumption is a very realistic one. The server (or anybody with superuser privileges) might very well read the data on its local filesytem and it is well known that the Internet or any local area network (e.g, Ethernet) is very easy to tap (see for example, Berkeley's tcpdump application program).

Impersonification of users is also another security drawback of NFS. In fact, most of the permission checking over NFS are performed in the kernel of the client. In such a context a pirate can temporarely assign to his own workstation the Internet address of victim. Without secure RPC no further authentication procedure is requested. From here on, the pirate can issue NFS requests presenting himself with any (false) uid and therefore accessing for reading and writing any private data on the server, even protected data.

Given the above, a user seeking a certain level of security should take some measures. We propose a new cryptographic file system, which we call TCFS, as a suitable solution to the problem of privacy for distributed file system.
Our work improves on Matt Blaze's CFS by providing deeper integration between the encryption service and the file system which results in a complete transparency of use to the user applications.

Starting with release 2.2, TCFS will allow to securely share files among the members of a group. If you want to know more, follow this link.