Securing files under the semi-trusted user threat model using per-file key encryption

US 10,298,555 B2
Filed: 05/31/2016
Issued: 05/21/2019
Est. Priority Date: 04/04/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securing a plaintext file F_pas an encrypted, ciphertext file F_cin a distributed file system, said method comprising the steps of:

(a) providing storage resources distributed in said distributed file system;

(b) providing said storage resources to be accessible to an authenticable user U_xusing an untrusted client device;

(c) assigning to said plaintext file F_pa symmetric file key FK;

(d) block by block encrypting by a compatibility shim layer, each block M_iof said plaintext file F_pwith said file key FK to produce a corresponding authentication tag T_i, and a corresponding encrypted block C_iof said encrypted, ciphertext file F_c;

(e) inserting said compatibility shim layer on top of an Application Programming Interface (API) of said distributed file system for intercepting and servicing file system requests generated on said untrusted client device;

(f) storing said corresponding encrypted block C_iin said storage resources distributed in said distributed file system;

(g) encrypting said file key FK by a symmetric wrapping key WK to obtain a wrapped file key WFK;

(h) placing said authentication tag T_i, said wrapped file key WFK and a key ID of said wrapping key WK, in a metadata of said encrypted, ciphertext file F_c; and

(i) generating and storing a message authentication code (MAC) of said metadata, for protecting said metadata from tampering by later verifying its integrity based on said MAC.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).

Citations

17 Claims

1. A computer-implemented method for securing a plaintext file F_pas an encrypted, ciphertext file F_cin a distributed file system, said method comprising the steps of:
- (a) providing storage resources distributed in said distributed file system;
  
  (b) providing said storage resources to be accessible to an authenticable user U_xusing an untrusted client device;
  
  (c) assigning to said plaintext file F_pa symmetric file key FK;
  
  (d) block by block encrypting by a compatibility shim layer, each block M_iof said plaintext file F_pwith said file key FK to produce a corresponding authentication tag T_i, and a corresponding encrypted block C_iof said encrypted, ciphertext file F_c;
  
  (e) inserting said compatibility shim layer on top of an Application Programming Interface (API) of said distributed file system for intercepting and servicing file system requests generated on said untrusted client device;
  
  (f) storing said corresponding encrypted block C_iin said storage resources distributed in said distributed file system;
  
  (g) encrypting said file key FK by a symmetric wrapping key WK to obtain a wrapped file key WFK;
  
  (h) placing said authentication tag T_i, said wrapped file key WFK and a key ID of said wrapping key WK, in a metadata of said encrypted, ciphertext file F_c; and
  
  (i) generating and storing a message authentication code (MAC) of said metadata, for protecting said metadata from tampering by later verifying its integrity based on said MAC.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further storing said wrapping key WK in a key manager.
  - 3. The method of claim 1, further using Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) mode in said step (d) of block by block encrypting.
  - 4. The method of claim 1, further utilizing in said step (d) of block by block encrypting, an Initialization Vector (IV) to said file key FK, that is based on a block number of said block M_iof said plaintext file F_p.
  - 5. The method of claim 1, where prior to said step (d) of block by block encrypting, said compatibility shim layer further consults a policy engine for authenticating and authorizing said authenticable user U_x.
  - 6. The method of claim 5, wherein said policy engine performs said step of authenticating using kerberos authentication protocol.
  - 7. The method of claim 5, wherein based on the results of said steps of authenticating and authorizing, said policy engine returns said file key FK to said compatibility shim layer to use in said step (d) of block by block encrypting.
  - 8. The method of claim 1, where said compatibility shim layer further verifies the integrity of said corresponding encrypted block C_iby checking said corresponding authentication tag T_i, before block by block decrypting said corresponding encrypted block C_iwith said file key FK to produce corresponding said block M_iof said plaintext file F_p.

9. A computer system operating under a semi-trusted user threat model that supports an authenticable user U_xwith an untrusted client device, said computer system comprising:
- (a) a file system having storage resources;
  
  (b) a plaintext file F_pcontaining blocks M_iof plaintext data, said plaintext file F_passigned a symmetric file key FK and a symmetric wrapping key WK;
  
  (c) a compatibility shim layer inserted on top of an Application Programming Interface (API) accessing said file system for block by block encryption of said blocks M_iwith said file key FK to produce corresponding authentication tags T_i, and corresponding encrypted blocks C_iof an encrypted ciphertext file F_c;
  
  (d) a policy engine for performing an authentication of said authenticable user U_xaccessing said file system via a file system request generated on said untrusted client device, said policy engine further encrypting said file key FK by a symmetric wrapping key WK to obtain a wrapped file key WFK;
  
  (e) metadata related to said encrypted ciphertext file F_ccomprising said authentication tags T_i, said wrapped file key WFK, a key ID of said wrapping key WK and an Access Control List (ACL) related to said encrypted ciphertext file F_c, said metadata further protected from tampering by including in it a message authentication code (MAC) for a later verification of the integrity of said metadata; and
  
  (f) a key manager for storing said wrapping key WK.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein in response to said file system request and after performing said authentication, said policy engine further performs an authorization of said user U_xbased on said Access Control List (ACL) read from said metadata.
  - 11. The system of claim 10, wherein said policy engine further reads said key ID from said metadata and queries said key manager for said wrapping key WK, then decrypts said wrapped file key WFK with said wrapping key WK to obtain said file key FK, and then releases said file key FK to said compatibility shim layer.
  - 12. The system of claim 9, wherein said metadata further comprises the last time that a key rotation of said file key FK was performed.
  - 13. The system of claim 9, wherein said policy engine further deploys a policy comprising:
    - (g) a configuration information establishing sections of said file system that are to be encrypted;
      
      (h) a configuration information selected from the group consisting of establishing each file in said file system to be uniquely assigned said wrapping key WK, establishing multiple files in a directory of said file system to be assigned said wrapping key WK and establishing multiple files in multiple levels of a directory tree of said file system to be assigned said wrapping key WK; and
      
      (i) a configuration information establishing the key rotation period for said sections of said file system that are to be encrypted.

14. A distributed computer system cluster operating under a semi-trusted user threat model that supports an authenticable user U_xwith an untrusted client device, said distributed computer system cluster comprising:
- (a) a distributed file system having storage resources distributed over one or more datanodes of said cluster;
  
  (b) a plaintext file F_phaving blocks M_iof plaintext data, said plaintext file F_psecured in said distributed file system as a ciphertext file F_chaving cyphertext blocks C_icorresponding to said blocks M_i;
  
  (c) a symmetric file key FK and a symmetric wrapping key WK assigned to said plaintext file F_pand said ciphertext file F_c;
  
  (d) a compatibility shim layer inserted on top of an Application Programming Interface (API) accessing said storage resources;
  
  (e) an individual policy engine running on one or more of said datanodes for performing an authentication of said authenticable user U_xaccessing said file system via a file system request generated on said untrusted client device;
  
  (f) a metadata related to said plaintext file F_pand said ciphertext file F_c, said metadata comprising authentication tags T_iand ciphertext blocks C_iproduced by block by block encryption by said compatibility shim layer of corresponding said blocks M_i, a wrapped file key WFK and a key ID of said wrapping key WK; and
  
  (g) a key manager for storing said wrapping key WK.
- View Dependent Claims (15, 16, 17)
- - 15. The distributed computer system cluster of claim 14 further comprising a master policy engine running on a namenode of said cluster, said master policy engine communicating a policy to said individual policy engine running on said one or more of said datanodes, said master policy engine further protecting said policy from tampering by utilizing a private key to cryptographically sign said policy.
  - 16. The distributed computer system cluster of claim 14, wherein said individual policy engine receives from said key manager said wrapping key in response to sending it said key ID, then decrypts said wrapped file key WFK by said wrapping key WK to obtain said file key FK, and then transmits said file key FK to said compatibility shim layer.
  - 17. The distributed computer system cluster of claim 16, wherein said compatibility shim layer first verifies the integrity of each of said encrypted blocks C_iby checking its authentication tag, before decrypting it with said file key FK to produce a corresponding block of said blocks M_iof said plaintext file F_p.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zettaset Incorporated
Original Assignee
Zettaset Incorporated
Inventors
Murray, Eric A.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US15/168,332
Publication Number

US 20160277373A1
Time in Patent Office

1,085 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 9/54   Interprogram communication

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

Securing files under the semi-trusted user threat model using per-file key encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Securing files under the semi-trusted user threat model using per-file key encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links