SiRiUS: Securing Remote Untrusted Storage Eu-Jin Goh

Abstract

This paper presents SiRiUS, a secure file system de-signed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo!Briefcase. SiRiUS assumes the network storage is untrusted and provides its own read-write cryptographic ac-cess control for file level sharing. Key management and revocation is simple with minimal out-of-band communi-cation. File system freshness guarantees are supported by SiRiUS using hash tree constructions. SiRiUS contains anovel method of performing file random access in a cryptographic file system without the use of a block server. Ex-tensions to SiRiUS include large scale group sharing using the NNL key revocation construction. Our implemen-tation of SiRiUS performs well relative to the underlying file system despite using cryptographic operations