In this way file is reconstructed back from its shares. The size of each piece is |F| / (n-k), where |F| is size of secret/data, which is smaller than size of each piece produced through algorithm explained in [52]. In this scheme, m-1 shares of file F may provide some information about F. So in this scheme it is advisable to encrypt F before dispersing it and decode it after reconstruction of the encrypted version.
One possible attack on the security of the data dispersed among servers would be to replace a share of the file F with some other string. So in order to know if data is modified or not, key generation from the image [54] is performed on the shares of secret before sending data on servers. For understanding key generation, [54] should …show more content…
CFS has been reported in [40]. CFS pushes encryption services into the file system. CFS supports secure storage at the system level through a standard UNIX file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. One of the characteristics of CFS is that it can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. In order to ensure confidentiality of data in CFS, data is encrypted immediately before sending it to untrusted components. CFS provides a transparent UNIX file system interface to directory hierarchies that are automatically encrypted with user supplied keys. Users issue a simple command to "attach" a cryptographic key to a directory. Attached directories are then available to the user with all the usual system calls and tools, but the files are automatically encrypted as they are written and decrypted as they are read. Users control CFS through a small suite of tools that create, attach, detach, and otherwise administer encrypted directories. Each directory is protected by a set of cryptographic keys. These keys can be supplied by user entry via the keyboard or, if hardware is available, through removable "smart cards" connected to the client computer. CFS uses DES to encrypt file data. DES has a number of standard modes of operation [41], none of which is completely suitable for encrypting files on-line in a file system. In the simplest DES mode, each 8 byte block of a file is independently encrypted with the given key. Encryption and
One possible attack on the security of the data dispersed among servers would be to replace a share of the file F with some other string. So in order to know if data is modified or not, key generation from the image [54] is performed on the shares of secret before sending data on servers. For understanding key generation, [54] should …show more content…
CFS has been reported in [40]. CFS pushes encryption services into the file system. CFS supports secure storage at the system level through a standard UNIX file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. One of the characteristics of CFS is that it can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. In order to ensure confidentiality of data in CFS, data is encrypted immediately before sending it to untrusted components. CFS provides a transparent UNIX file system interface to directory hierarchies that are automatically encrypted with user supplied keys. Users issue a simple command to "attach" a cryptographic key to a directory. Attached directories are then available to the user with all the usual system calls and tools, but the files are automatically encrypted as they are written and decrypted as they are read. Users control CFS through a small suite of tools that create, attach, detach, and otherwise administer encrypted directories. Each directory is protected by a set of cryptographic keys. These keys can be supplied by user entry via the keyboard or, if hardware is available, through removable "smart cards" connected to the client computer. CFS uses DES to encrypt file data. DES has a number of standard modes of operation [41], none of which is completely suitable for encrypting files on-line in a file system. In the simplest DES mode, each 8 byte block of a file is independently encrypted with the given key. Encryption and