Securing files under the semi-trusted user threat model using per-file key encryption
First Claim
1. A computer-implemented method for securing a plaintext file Fp as an encrypted, ciphertext file Fc in a distributed file system, said method comprising the steps of:
- (a) providing storage resources distributed in said distributed file system;
(b) providing said storage resources to be accessible to an authenticable user Ux using an untrusted client device;
(c) assigning to said plaintext file Fp a symmetric file key FK;
(d) block by block encrypting by a compatibility shim layer, each block Mi of said plaintext file Fp with said file key FK to produce a corresponding authentication tag Ti, and a corresponding encrypted block Ci of said encrypted, ciphertext file Fc;
(e) inserting said compatibility shim layer on top of an Application Programming Interface (API) of said distributed file system for intercepting and servicing file system requests generated on said untrusted client device;
(f) storing said corresponding encrypted block Ci in said storage resources distributed in said distributed file system;
(g) encrypting said file key FK by a symmetric wrapping key WK to obtain a wrapped file key WFK;
(h) placing said authentication tag Ti, said wrapped file key WFK and a key ID of said wrapping key WK, in a metadata of said encrypted, ciphertext file Fc; and
(i) generating and storing a message authentication code (MAC) of said metadata, for protecting said metadata from tampering by later verifying its integrity based on said MAC.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).
-
Citations
17 Claims
-
1. A computer-implemented method for securing a plaintext file Fp as an encrypted, ciphertext file Fc in a distributed file system, said method comprising the steps of:
-
(a) providing storage resources distributed in said distributed file system; (b) providing said storage resources to be accessible to an authenticable user Ux using an untrusted client device; (c) assigning to said plaintext file Fp a symmetric file key FK; (d) block by block encrypting by a compatibility shim layer, each block Mi of said plaintext file Fp with said file key FK to produce a corresponding authentication tag Ti, and a corresponding encrypted block Ci of said encrypted, ciphertext file Fc; (e) inserting said compatibility shim layer on top of an Application Programming Interface (API) of said distributed file system for intercepting and servicing file system requests generated on said untrusted client device; (f) storing said corresponding encrypted block Ci in said storage resources distributed in said distributed file system; (g) encrypting said file key FK by a symmetric wrapping key WK to obtain a wrapped file key WFK; (h) placing said authentication tag Ti, said wrapped file key WFK and a key ID of said wrapping key WK, in a metadata of said encrypted, ciphertext file Fc; and (i) generating and storing a message authentication code (MAC) of said metadata, for protecting said metadata from tampering by later verifying its integrity based on said MAC. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system operating under a semi-trusted user threat model that supports an authenticable user Ux with an untrusted client device, said computer system comprising:
-
(a) a file system having storage resources; (b) a plaintext file Fp containing blocks Mi of plaintext data, said plaintext file Fp assigned a symmetric file key FK and a symmetric wrapping key WK; (c) a compatibility shim layer inserted on top of an Application Programming Interface (API) accessing said file system for block by block encryption of said blocks Mi with said file key FK to produce corresponding authentication tags Ti, and corresponding encrypted blocks Ci of an encrypted ciphertext file Fc; (d) a policy engine for performing an authentication of said authenticable user Ux accessing said file system via a file system request generated on said untrusted client device, said policy engine further encrypting said file key FK by a symmetric wrapping key WK to obtain a wrapped file key WFK; (e) metadata related to said encrypted ciphertext file Fc comprising said authentication tags Ti, said wrapped file key WFK, a key ID of said wrapping key WK and an Access Control List (ACL) related to said encrypted ciphertext file Fc, said metadata further protected from tampering by including in it a message authentication code (MAC) for a later verification of the integrity of said metadata; and (f) a key manager for storing said wrapping key WK. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A distributed computer system cluster operating under a semi-trusted user threat model that supports an authenticable user Ux with an untrusted client device, said distributed computer system cluster comprising:
-
(a) a distributed file system having storage resources distributed over one or more datanodes of said cluster; (b) a plaintext file Fp having blocks Mi of plaintext data, said plaintext file Fp secured in said distributed file system as a ciphertext file Fc having cyphertext blocks Ci corresponding to said blocks Mi; (c) a symmetric file key FK and a symmetric wrapping key WK assigned to said plaintext file Fp and said ciphertext file Fc; (d) a compatibility shim layer inserted on top of an Application Programming Interface (API) accessing said storage resources; (e) an individual policy engine running on one or more of said datanodes for performing an authentication of said authenticable user Ux accessing said file system via a file system request generated on said untrusted client device; (f) a metadata related to said plaintext file Fp and said ciphertext file Fc, said metadata comprising authentication tags Ti and ciphertext blocks Ci produced by block by block encryption by said compatibility shim layer of corresponding said blocks Mi, a wrapped file key WFK and a key ID of said wrapping key WK; and (g) a key manager for storing said wrapping key WK. - View Dependent Claims (15, 16, 17)
-
Specification