[OpenAFS-devel] [GSoC 2010] Encrypted storage

Derek Atkins warlord@MIT.EDU
Wed, 24 Mar 2010 16:22:25 -0400 

Simon Wilkinson <sxw@inf.ed.ac.uk> writes:

> Hi, and thanks for your interest in OpenAFS
>
> On 23 Mar 2010, at 16:48, Sanket Agarwal wrote:
>> 	=E2=80=A2 Where can I learn about the present encryption methodology us=
ed in OpenAFS for packet encryption and which module shall have the relevan=
t code section ? This can give me an insight about what can be a good way t=
o do Server side encryption!
>
> We'd be doing this separately from OpenAFS's current (and future) wire en=
cryption protocols. As I'd envisaged the project, it's not really a server =
side encryption scheme - all of the encryption and decryption work would be=
 performed by the client. The purpose is to prevent the server from knowing=
 any of the content uploaded by the client.
>
> The workflow would be as follows:
>
> *) User writes a file locally
> *) Client generates a key for the file, and encrypts file with it
> *) Client encrypts key with user's key, and stores encrypted key in file'=
s metadata [0]
> *) Client stores file on file server
>
> Reading would work in reverse of this operation - as you can see, all of =
the cryptography is done at the client (in the cache manager). The server i=
s unmodified - it just saves blobs of data.

About four-five years ago I designed a complete encryption system for
AFS.  The design also depends on your requirements.  For example, do you
want to:

 * Encrypt the directory contents as well as the file contents?
   (I.e. hide the filenames)
 * Have centralized group management for encryption contexts? (i.e. be
   able to centrally add or remove people from having access to the
   encryption keys)
 * have other hidden/implicit requirements that haven't been stated yet?

Note that directory encryption is more complicated than file encryption.
File encryption can be implemented completely on the client.  Indeed, I
implemented that four+ years ago.  However if you want to encrypt the
directory contents then you also need the fileserver to help you
(because the directory contents are maintained by the fileserver).

I'll step back and ask:  what's your threat model?  What are you trying
to protect against?

-derek
--=20
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available