ACM Transactions on Computer Systems (TOCS)
Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
ACM Transactions on Computer Systems (TOCS)
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
File-system development with stackable layers
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
BITS: a smartcard protected operating system
Communications of the ACM
File system aging—increasing the relevance of file system benchmarks
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Using encryption for authentication in large networks of computers
Communications of the ACM
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Unifying File System Protection
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Application Design for a Smart Watch with a High Resolution Display
ISWC '00 Proceedings of the 4th IEEE International Symposium on Wearable Computers
Protecting unattended computers without software
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
FiST: a language for stackable file systems
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
| Hi-index | 0.00 |
Laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive files. Unfortunately, storing data in a cryptographic file system does not fully address this problem. Such systems ask the user to imbue them with long-term authority for decryption, but that authority can be used by anyone who physically possesses the machine. Forcing the user to frequently reestablish his identity is intrusive, encouraging him to disable encryption.This tension between usability and security is eliminated through Transient Authentication, in which a small hardware token continuously authenticates the user's presence to the laptop over a short-range, wireless link. Whenever the laptop needs decryption authority, it acquires it from the token; authority is retained only as long as necessary. With careful key management, ZIA imposes an overhead of less than 7% for representative workloads, though some infrequent operations suffer greater overheads. The largest file cache on our hardware can be re-encrypted within five seconds of the user's departure, and restored in just over six seconds after detecting the user's return. This secures the machine before an attacker can gain physical access, but recovers full performance before a returning user resumes work. Key granularity plays an important role in determining performance; assigning encryption keys on a per-directory basis limits the cost of an exposed key while maintaining acceptable overhead.