NCryptfs: The New Stackable Encryption File System

Often, increased security comes at the expense of user convenience, performance, or compatibility with other systems. The right level of security depends on specific site and user needs, which must be carefully balanced. In this project we design and build a new cryptographic file system called NCryptfs with the primary goal of allowing users to tailor the level of security vs. convenience to fit their needs. Some of the features NCryptfs supports include multiple concurrent ciphers (software and hardware ciphers) and authentication methods, separate per-user name spaces, ad-hoc groups, challenge-response authentication, and transparent process suspension and resumption based on key validity. Our Linux prototype works as a stackable file system and can be used to secure any file system. Performance evaluation of NCryptfs shows a minimal user-visible overhead.

Journal Articles:

# Title (click for html version) Formats Published In Date Comments
1 On Incremental File System Development PS PDF BibTeX ACM Transactions on Storage (TOS) May 2006  

Conference and Workshop Papers:

# Title (click for html version) Formats Published In Date Comments
1 Cryptographic File Systems Performance: What You Don't Know Can Hurt You PS PDF BibTeX 2003 IEEE Security In Storage Workshop (SISW 2003) Oct 2003  
2 NCryptfs: A Secure and Convenient Cryptographic File System PS PDF BibTeX Slides Usenix Technical Conference, General Track Jun 2003  

Technical Reports:

# Title (click for html version) Formats Published In Date Comments
1 Enhancing File System Integrity Through Checksums PS PDF BibTeX Stony Brook U. CS TechReport FSL-04-04 May 2004  
2 Operating System Support for Extensible Secure File Systems PS PDF BibTeX Stony Brook U. CS TechReport FSL-04-02 May 2004 Ph.D. Research Proficiency Exam (RPE)
3 Cryptographic File Systems Performance: What You Don't Know Can Hurt You PS PDF BibTeX Stony Brook U. CS TechReport FSL-03-02 Aug 2003 Slightly expanded version of SISW'03 paper with same title.
4 Cryptfs: A Stackable Vnode Level Encryption File System PS PDF BibTeX Columbia U. CS TechReport CUCS-021-98 Jun 1998 This tech-report had been cited more than 15 times before the new version of the work was published -- NCryptfs.

Past Students:

# Name (click for home page) Program Period Current Location
1 Charles P. Wright PhD May 2003 - May 2006 Partner, Senior Software Architect, Illumon (New York, NY)
2 Jay Pradip Dave MS May 2003 - Dec 2003 Head of Product Management, Enterprise platform and Administrative experience, Qualtrics Qualtrics (Seattle, WA)
3 Puja Gupta MS Jan 2003 - Dec 2003 Software Engineering Manager, Darwin Runtime, Core OS, Apple Inc. (Cupertino, CA)
4 Swaroop Karunakara MS Sep 2002 - Dec 2003 Manager, Sustaining Engineering, NetApp (Bangalore, India)
5 Michael Martino MS May 2002 - May 2003 Stony Brook U. MBA program (Stony Brook, NY)
6 Kiran-Kumar Muniswamy-Reddy MS Jan 2002 - May 2004 Consulting Member of Technical Staff, Oracle Corp (Seattle, WA)
7 Sheshadri Sreenath MS Sep 2002 - May 2003 Engineering Director, Cisco Systems (Bangalore, India)
8 Charles P. Wright BS (Honors) Dec 2001 - May 2003 Application Software Developer, Walleye Software (New York, NY)

Sponsors:

# Sponsor Amount Period Type Title (click for award abstract)
1 NSF Trusted Computing (TC) $400,000 2003-2006 Sole PI A Layered Approach to Securing Network File Systems
2 HP/Intel $131,529 2002-2003 Sole PI Linux Application Performance and File System Security
3 HP/Intel $22,490 2001-2002 Sole PI Linux Network Scalability and File System Reliability