An Efficient Technique to Access Cryptographic File System over Network File System

Abstract

Mounting of cryptographic file system (CFS) over network file system (NFS) degrades the performance of remote file access. User-space CFS when implemented as modified NFS server together with CFS_Unix and Extended CFS_Unix can act as a remote NFS server. It enables them to be accessed remotely without the requirement of extra NFS mount. However, this is not a good approach due to many security issues involved in this context, such as the transmission of unencrypted passwords and data over the insecure network. When these are mounted remotely as NFS servers, different security attacks like interception, masquerade, and replay attacks can take place. In this paper, a secure protocol is developed and implemented using safe methods like mutual credential authentication and establishment of session for extended CFS_Unix. This approach restricts the aforementioned attacks, enabling secure remote access. Besides, CFS_Unix is moderated to use NFS version 3 instead of version 2. This is done for reliable write operations. In addition to this, a detailed comparative analysis is presented with respect to remote access performance of extended CFS_Unix with secure protocol with existing CFS mounted over NFS.