A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the 1st USENIX Conference on File and Storage Technologies
Mobile Device Security Using Transient Authentication
IEEE Transactions on Mobile Computing
Proceedings of the 2007 ACM workshop on Storage security and survivability
Secure and efficient access to outsourced data
Proceedings of the 2009 ACM workshop on Cloud computing security
PACISSO: P2P access control incorporating scalability and self-organization for storage systems
PACISSO: P2P access control incorporating scalability and self-organization for storage systems
A firewall approach to personal knowledge system
CBMS'03 Proceedings of the 16th IEEE conference on Computer-based medical systems
Strong security for network-attached storage
FAST'02 Proceedings of the 1st USENIX conference on File and storage technologies
A framework for evaluating storage system security
FAST'02 Proceedings of the 1st USENIX conference on File and storage technologies
A secure file sharing service for distributed computing environments
The Journal of Supercomputing
Hi-index | 0.00 |
As distributed computing systems grow in size, complexity and variety of application, the problem of protecting sensitive data from unauthorized disclosure and tampering becomes increasingly important. Cryptographic techniques can play an important role in protecting communication links and file data, since access to data can be limited to those who hold the proper key. In the case of file data, however, the routine use of encryption facilities often places the organizational requirements of information security in opposition to those of information management. Since strong encryption implies that only the holders of the cryptographic key have access to the cleartext data, an organization may be denied the use of its own critical business records if the key used to encrypt these records becomes unavailable (e.g., through the accidental death of the key holder). This paper describes a system, based on cryptographic "smartcards," for the temporary "escrow" of file encryption keys for critical files in a cryptographic file system. Unlike conventional escrow schemes, this system is bilaterally auditable, in that the holder of an escrowed key can verify that, in fact, he or she holds the key to a particular directory and the owner of the key can verify, when the escrow period is ended, that the escrow agent has neither used the key nor can use it in the future. We describe a new algorithm, based on the DES cipher, for the on-line encryption of file data in a secure and efficient manner that is suitable for use in a smartcard.