%!PS
%%Version: 3.1
%%DocumentFonts: (atend)
%%Pages: (atend)
%%EndComments
%
% Version 3.1 prologue for troff files.
%

/#copies 1 store
/aspectratio 1 def
/formsperpage 1 def
/landscape false def
/linewidth .3 def
/magnification 1 def
/margin 0 def
/orientation 0 def
/resolution 720 def
/xoffset 0 def
/yoffset 0 def

/roundpage true def
/useclippath true def
/pagebbox [0 0 612 792] def

/R  /Times-Roman def
/I  /Times-Italic def
/B  /Times-Bold def
/BI /Times-BoldItalic def
/H  /Helvetica def
/HI /Helvetica-Oblique def
/HB /Helvetica-Bold def
/HX /Helvetica-BoldOblique def
/CW /Courier def
/CO /Courier def
/CI /Courier-Oblique def
/CB /Courier-Bold def
/CX /Courier-BoldOblique def
/PA /Palatino-Roman def
/PI /Palatino-Italic def
/PB /Palatino-Bold def
/PX /Palatino-BoldItalic def
/Hr /Helvetica-Narrow def
/Hi /Helvetica-Narrow-Oblique def
/Hb /Helvetica-Narrow-Bold def
/Hx /Helvetica-Narrow-BoldOblique def
/KR /Bookman-Light def
/KI /Bookman-LightItalic def
/KB /Bookman-Demi def
/KX /Bookman-DemiItalic def
/AR /AvantGarde-Book def
/AI /AvantGarde-BookOblique def
/AB /AvantGarde-Demi def
/AX /AvantGarde-DemiOblique def
/NR /NewCenturySchlbk-Roman def
/NI /NewCenturySchlbk-Italic def
/NB /NewCenturySchlbk-Bold def
/NX /NewCenturySchlbk-BoldItalic def
/ZD /ZapfDingbats def
/ZI /ZapfChancery-MediumItalic def
/VR /Varitimes#Roman def
/VI /Varitimes#Italic def
/VB /Varitimes#Bold def
/VX /Varitimes#BoldItalic def
/S  /S def
/S1 /S1 def
/GR /Symbol def

/inch {72 mul} bind def
/min {2 copy gt {exch} if pop} bind def

/setup {
	counttomark 2 idiv {def} repeat pop

	landscape {/orientation 90 orientation add def} if
	/scaling 72 resolution div def
	linewidth setlinewidth
	1 setlinecap

	pagedimensions
	xcenter ycenter translate
	orientation neg rotate
	width 2 div neg height 2 div translate
	xoffset inch yoffset inch neg translate
	margin 2 div dup neg translate
	magnification dup aspectratio mul scale
	scaling scaling scale

	/Symbol /S Sdefs cf
	/Times-Roman /S1 S1defs cf
	0 0 moveto
} def

/pagedimensions {
	useclippath userdict /gotpagebbox known not and {
		/pagebbox [clippath pathbbox newpath] def
		roundpage currentdict /roundpagebbox known and {roundpagebbox} if
	} if
	pagebbox aload pop
	4 -1 roll exch 4 1 roll 4 copy
	landscape {4 2 roll} if
	sub /width exch def
	sub /height exch def
	add 2 div /xcenter exch def
	add 2 div /ycenter exch def
	userdict /gotpagebbox true put
} def

/pagesetup {
	/page exch def
	currentdict /pagedict known currentdict page known and {
		page load pagedict exch get cvx exec
	} if
} def

/decodingdefs [
	{counttomark 2 idiv {y moveto show} repeat}
	{neg /y exch def counttomark 2 idiv {y moveto show} repeat}
	{neg moveto {2 index stringwidth pop sub exch div 0 32 4 -1 roll widthshow} repeat}
	{neg moveto {spacewidth sub 0.0 32 4 -1 roll widthshow} repeat}
	{counttomark 2 idiv {y moveto show} repeat}
	{neg setfunnytext}
] def

/setdecoding {/t decodingdefs 3 -1 roll get bind def} bind def

/w {neg moveto show} bind def
/m {neg dup /y exch def moveto} bind def
/done {/lastpage where {pop lastpage} if} def

/f {
	dup /font exch def findfont exch
	dup /ptsize exch def scaling div dup /size exch def scalefont setfont
	linewidth ptsize mul scaling 10 mul div setlinewidth
	/spacewidth ( ) stringwidth pop def
} bind def

/sf {f} bind def

/cf {
	dup length 2 idiv
	/entries exch def
	/chtab exch def
	/newfont exch def

	findfont dup length 1 add dict
	/newdict exch def
	{1 index /FID ne {newdict 3 1 roll put} {pop pop} ifelse} forall

	newdict /Metrics entries dict put
	newdict /Metrics get
	begin
		chtab aload pop
		1 1 entries {pop def} for
		newfont newdict definefont pop
	end
} bind def

%
% A few arrays used to adjust reference points and character widths in some
% of the printer resident fonts. If square roots are too high try changing
% the lines describing /radical and /radicalex to,
%
%	/radical	[0 -75 550 0]
%	/radicalex	[-50 -75 500 0]
%

/Sdefs [
	/bracketlefttp		[220 500]
	/bracketleftbt		[220 500]
	/bracketrighttp		[-70 380]
	/bracketrightbt		[-70 380]
	/braceleftbt		[220 490]
	/bracketrightex		[220 -125 500 0]
	/radical		[0 0 550 0]
	/radicalex		[-50 0 500 0]
	/parenleftex		[-20 -170 0 0]
	/integral		[100 -50 500 0]
	/infinity		[10 -75 730 0]
	/registerserif          [50 250 790 0]
	/copyrightserif         [50 250 790 0]
] def

/S1defs [
	/underscore		[0 80 500 0]
	/endash			[7 90 650 0]
] def
%%EndProlog
%%BeginSetup
mark
/resolution 720 def
setup
0 setdecoding
%%EndSetup
%%Page: 1 1
save
mark
1 pagesetup
14 B f
1892 1230 m
(A)1892(Cryptographic)2039(File)2971(System)3242(for)3715(Unix)3939 t
12 I f
2792 1470 m
(Matt)2792(Blaze)3060 t
12 R f
2453 1650 m
(AT&T)2453(Bell)2819(Laboratories)3060 t
2002 1770 m
(101)2002(Crawford)2222(Corner)2721(Road,)3094(Room)3417(4G-634)3751 t
2578 1890 m
(Holmdel,)2578(NJ)3069(07733)3242 t
12 CW f
2340 2130 m
(mab@research.att.com)2340 t
12 B f
995 2370 m
(April)995(14,)1309(1993)1499(-)1779(DRAFT)1859(-)2310(Please)2390(do)2750(not)2917(copy)3124(or)3404(distribute)3557(without)4099(permission.)4533 t
12 I f
2777 2870 m
(ABSTRACT)2777 t
12 R f
1360 3186 m
(Although)1360(cryptographic)1862(techniques)2577(are)3139(playing)3333(an)3742(increasingly)3904(important)4541 t
1110 3326 m
(role)1110(in)1345(modern)1487(computing)1902(system)2465(security,)2847(user-level)3305(tools)3826(for)4108(encrypting)4295(\256le)4856 t
1110 3466 m
(data)1110(are)1371(cumbersome)1579(and)2255(suffer)2490(from)2832(a)3128(number)3243(of)3672(inherent)3834(vulnerabilities.)4290 t
1110 3606 m
(The)1110(Cryptographic)1357(File)2112(System)2360(\(CFS\))2775(offers)3129(an)3469(alternative)3642(to)4210(ad)4364(hoc)4537(user-)4770 t
1110 3746 m
(level)1110(encryption)1397(for)1964(protecting)2157(\256le)2699(data.)2907(CFS)3231(supports)3499(secure)3961(storage)4321(at)4722(the)4863 t
1110 3886 m
(system)1110(level)1495(through)1779(a)2203(standard)2306(Unix)2763(\256le)3053(system)3257(interface)3642(to)4112(encrypted)4256(\256les.)4779 t
1110 4026 m
(Users)1110(can)1425(associate)1633(a)2109(cryptographic)2204(key)2913(with)3129(any)3386(directories)3602(they)4153(wish)4403(to)4673(pro-)4810 t
1110 4166 m
(tect.)1110(Files)1415(in)1711(these)1866(directories)2174(\(as)2743(well)2944(as)3212(their)3373(pathname)3655(components\))4183(are)4864 t
1110 4306 m
(transparently)1110(encrypted)1793(and)2321(decrypted)2549(with)3077(the)3346(speci\256ed)3548(key)4030(without)4259(further)4683 t
1110 4446 m
(user)1110(intervention;)1362(cleartext)2030(is)2496(never)2629(stored)2947(on)3293(a)3465(disk)3570(or)3823(sent)3975(to)4221(a)4367(remote)4471(\256le)4856 t
1110 4586 m
(server.)1110(CFS)1543(can)1827(use)2063(any)2294(available)2538(\256le)3043(system)3268(for)3674(its)3885(underlying)4071(storage)4663 t
1110 4726 m
(without)1110(modi\256cation,)1525(including)2211(distributed)2713(\256le)3276(systems)3477(such)3906(as)4173(NFS.)4319(System)4655 t
1110 4866 m
(management)1110(functions,)1786(such)2326(as)2609(\256le)2772(backup,)2989(work)3428(in)3737(a)3894(normal)4010(manner)4414(and)4837 t
1110 5006 m
(without)1110(knowledge)1518(of)2084(the)2224(key.)2411 t
1360 5182 m
(This)1360(paper)1621(describes)1934(the)2428(design)2622(and)2983(implementation)3204(of)4009(CFS)4157(under)4419(Unix.)4740 t
1110 5322 m
(Encryption)1110(techniques)1690(for)2250(\256le)2436(system-level)2636(encryption)3291(are)3851(described,)4043(and)4579(gen-)4797 t
1110 5462 m
(eral)1110(issues)1341(of)1680(cryptographic)1831(system)2549(interfaces)2935(to)3453(support)3599(routine)4012(secure)4405(com-)4763 t
1110 5602 m
(puting)1110(are)1458(discussed.)1644 t
12 B f
720 6002 m
(1.)720(Introduction)890 t
12 R f
970 6178 m
(Data)970(security)1245(in)1675(modern)1818(distributed)2234(computing)2799(systems)3363(is)3794(a)3925(dif\256cult)4028(problem.)4460(Network)4981 t
720 6318 m
(connections)720(and)1344(remote)1567(\256le)1951(system)2155(services,)2540(while)3007(convenient,)3324(often)3931(make)4228(it)4537(possible)4654(for)5098(an)5287 t
720 6458 m
(intruder)720(to)1146(gain)1285(access)1537(to)1888(sensitive)2027(data)2494(by)2739(compromising)2904(only)3645(a)3904(single)4002(component)4335(of)4915(a)5061(large)5160 t
720 6598 m
(system.)720(Because)1177(of)1628(the)1780(dif\256culty)1979(of)2472(reliably)2623(protecting)3042(information,)3581(sensitive)4231(\256les)4704(are)4956(often)5153 t
720 6738 m
(not)720(stored)922(on)1264(networked)1432(computers,)1986(making)2565(access)2974(to)3328(them)3470(by)3759(authorized)3927(users)4483(inconvenient)4779 t
720 6878 m
(and)720(putting)941(them)1331(out)1620(of)1822(the)1970(reach)2165(of)2472(useful)2620(system)2962(services)3345(such)3780(as)4047(backup.)4194(\(Of)4657(course,)4870(off)5260 t
720 7018 m
(line)720(backups)971(are)1435(themselves)1652(a)2258(security)2382(risk,)2834(making)3116(it)3548(dif\256cult)3687(to)4140(destroy)4305(all)4730(copies)4922(of)5300 t
720 7158 m
(con\256dential)720(data)1344(when)1600(they)1915(are)2178(no)2380(longer)2556(needed\).)2918(In)3422(effect,)3577(the)3935(\(often)4137(well-founded\))4479(fear)5214 t
cleartomark
showpage
restore
%%EndPage: 1 1
%%Page: 2 2
save
mark
2 pagesetup
12 R f
2950 500 m
(-)2950(2)3030(-)3130 t
720 860 m
(that)720(computer)950(data)1453(are)1702(not)1897(terribly)2100(private)2504(has)2887(led)3096(to)3293(a)3437(situation)3540(where)4006(conventional)4348(wisdom)5019 t
720 1000 m
(warns)720(us)1046(not)1193(to)1387(entrust)1521(our)1889(most)2089(modern)2364(computers)2771(with)3312(our)3566(most)3766(important)4041(information.)4550 t
970 1176 m
(Cryptographic)970(techniques)1720(offer)2290(a)2579(promising)2688(approach)3233(for)3729(protecting)3926(\256les)4471(against)4729(unau-)5127 t
720 1316 m
(thorized)720(access.)1161(When)1583(properly)1915(implemented)2368(and)3043(appropriately)3262(applied,)3949(it)4379(is)4493(widely)4620(believed)4993 t
720 1456 m
(that)720(modern)954(encryption)1374(algorithms)1941(\(such)2510(as)2823(the)2976(Data)3177(Encryption)3457(Standard)4045(\(DES\)[1])4526(and)5026(the)5253 t
720 1596 m
(more)720(recent)1018(IDEA)1362(cipher[2]\))1698(are)2229(suf\256ciently)2426(strong)3019(to)3371(render)3516(enciphered)3873(data)4450(unavailable)4701(to)5306 t
720 1736 m
(virtually)720(any)1169(adversary)1383(who)1890(cannot)2137(supply)2498(the)2860(correct)3048(key.)3422(And)3706(yet)3953(routine)4141(use)4523(of)4724(these)4865(algo-)5153 t
720 1876 m
(rithms)720(to)1070(protect)1205(\256le)1580(data)1775(is)2016(uncommon)2138(in)2719(current)2853(systems.)3233(This)3725(is)3979(partly)4100(because)4421(\256le)4840(encryp-)5034 t
720 2016 m
(tion)720(tools,)956(to)1270(the)1413(extent)1609(they)1952(are)2208(available)2403(at)2886(all,)3022(are)3222(often)3417(poorly)3713(integrated,)4076(dif\256cult)4636(to)5067(use,)5210 t
720 2156 m
(and)720(vulnerable)933(to)1480(a)1614(number)1707(of)2114(non-cryptographic)2254(attacks.)3181 t
12 B f
720 2436 m
(1.1.)720(User-Level)980(Cryptography)1579(Is)2352(Cumbersome)2486 t
12 R f
970 2612 m
(The)970(simplest)1210(approach)1668(for)2162(\256le)2357(encryption)2566(is)3135(through)3271(a)3700(tool,)3808(such)4081(as)4356(the)4511(Unix)4713 t
12 CW f
(crypt)5040 t
12 R f
720 2752 m
(program,)720(that)1205(enciphers)1434(\(or)1942(deciphers\))2130(a)2678(\256le)2778(or)2979(data)3126(stream)3373(with)3741(a)4002(speci\256ed)4102(key.)4576(Encryption)4866 t
720 2892 m
(and)720(decryption)940(are)1501(under)1694(the)2014(user's)2208(direct)2542(control.)2863(Depending)3321(on)3894(the)4061(particular)4255(software,)4763(the)5253 t
720 3032 m
(program)720(may)1182(or)1444(may)1599(not)1860(automatically)2068(delete)2778(the)3119(cleartext)3320(when)3788(encrypting,)4101(and)4699(such)4926(pro-)5200 t
720 3172 m
(grams)720(can)1054(usually)1260(also)1648(be)1882(used)2035(as)2295(cryptographic)2435 t
12 S1 f
(")3142 t
12 R f
(\256lters)3191 t
12 S1 f
(")3466 t
12 R f
(as)3555(part)3695(of)3922(a)4062(command)4155(pipeline.)4669 t
970 3348 m
(Another)970(approach)1416(is)1908(integrated)2042(encryption)2576(in)3143(application)3290(software,)3878(where)4374(each)4720(program)4993 t
720 3488 m
(that)720(is)952(to)1084(manipulate)1229(sensitive)1815(data)2288(has)2539(built-in)2750(cryptographic)3157(facilities.)3875(For)4412(example,)4629(a)5116(text)5219 t
720 3628 m
(editor)720(could)1053(ask)1372(for)1584(a)1776(key)1882(when)2108(a)2420(\256le)2526(is)2733(opened)2867(and)3266(automatically)3492(encrypt)4201(and)4614(decrypt)4840(the)5253 t
720 3768 m
(\256le's)720(data)1007(as)1253(they)1399(are)1652(written)1844(and)2231(read.)2450(All)2771(applications)2970(that)3597(are)3823(to)4014(operate)4153(on)4551(the)4716(same)4908(data)5200 t
720 3908 m
(must,)720(of)1035(course,)1185(include)1578(the)1983(same)2181(encryption)2479(engine.)3044(An)3485(encryption)3682(\256lter,)4247(such)4556(as)4827 t
12 CW f
(crypt)5010 t
12 R f
(,)5370 t
720 4048 m
(might)720(also)1042(be)1276(provided)1429(to)1896(allow)2030(data)2337(to)2577(be)2711(imported)2864(into)3339(and)3567(exported)3780(out)4240(of)4434(other)4574(software.)4861 t
970 4224 m
(Unfortunately,)970(neither)1716(approach)2092(is)2573(entirely)2696(satisfactory)3106(in)3703(terms)3839(of)4149(security,)4292(generality,)4746(or)5300 t
720 4364 m
(convenience.)720(The)1438(former)1673(approach,)2049(while)2567(allowing)2883(great)3353(\257exibility)3642(in)4160(its)4302(application,)4465(invites)5078 t
720 4504 m
(mistakes;)720(the)1227(user)1425(could)1677(inadvertently)1996(fail)2683(to)2896(encrypt)3042(a)3454(\256le,)3559(leaving)3795(it)4201(in)4321(the)4467(clear,)4666(or)4981(could)5133 t
720 4644 m
(forget)720(to)1061(delete)1209(the)1550(cleartext)1750(version)2217(after)2624(encryption.)2897(The)3534(manual)3773(nature)4180(of)4533(the)4686(encryption)4886 t
720 4784 m
(and)720(the)949(need)1152(to)1434(supply)1584(the)1961(key)2164(several)2393(times)2789(whenever)3107(a)3628(\256le)3737(is)3947(used)4084(make)4360(encryption)4676(too)5246 t
720 4924 m
(cumbersome)720(for)1378(all)1562(but)1727(the)1925(most)2116(sensitive)2395(of)2861(\256les.)3004(More)3318(seriously,)3621(even)4129(when)4398(used)4700(properly,)4963 t
720 5064 m
(manual)720(encryption)1115(programs)1670(open)2165(a)2439(window)2533(of)2960(vulnerability)3101(while)3758(the)4066(\256le)4254(is)4449(in)4571(clear)4706(form.)4980(It)5326 t
720 5204 m
(is)720(almost)856(impossible)1233(to)1811(avoid)1960(occasionally)2282(storing)2938(cleartext)3328(on)3797(the)3972(disk)4174(and,)4430(in)4688(the)4837(case)5039(of)5300 t
720 5344 m
(remote)720(\256le)1100(servers,)1300(sending)1716(it)2136(over)2250(the)2509(network.)2703(Some)3213(applications)3534(simply)4163(expect)4539(to)4899(be)5040(able)5200 t
720 5484 m
(to)720(read)854(and)1100(write)1313(ordinary)1600(\256les.)2047 t
970 5660 m
(In)970(the)1135(application-based)1347(approach,)2260(each)2794(program)3079(must)3552(have)3853(built-in)4145(encryption)4567(func-)5147 t
720 5800 m
(tionality.)720(Although)1243(encryption)1747(takes)2311(place)2608(automatically,)2911(the)3647(user)3844(still)4094(must)4327(supply)4612(a)4982(key)5084(to)5306 t
720 5940 m
(each)720(application,)980(typically)1586(when)2049(it)2350(is)2460(invoked)2583(or)3012(when)3154(a)3455(\256le)3550(is)3746(\256rst)3869(opened.)4099(Software)4557(without)5032 t
720 6080 m
(encryption)720(capability)1285(cannot)1811(operate)2182(on)2586(secure)2757(data)3114(without)3365(the)3783(use)3980(of)4190(a)4340(separate)4443(encryption)4886 t
720 6220 m
(program,)720(making)1201(it)1606(hard)1718(to)1975(avoid)2113(all)2424(the)2590(problems)2782(outlined)3275(in)3715(the)3854(previous)4046(paragraph.)4505(Furth-)5099 t
720 6360 m
(ermore,)720(rather)1139(than)1468(being)1724(con\256ned)2040(to)2502(a)2645(single)2747(program,)3084(encryption)3570(is)4132(spread)4261(among)4622(multiple)4997 t
720 6500 m
(applications,)720(each)1389(of)1665(which)1822(must)2173(be)2466(trusted)2637(to)3023(interoperate)3175(securely)3807(and)4265(correctly)4496(with)4981(the)5253 t
720 6640 m
(others.)720(A)1127(single)1256(poorly)1587(designed)1944(component)2414(can)2991(introduce)3200(a)3697(signi\256cant)3793(and)4338(dif\256cult)4553(to)4977(detect)5113 t
720 6780 m
(window)720(of)1162(vulnerability.)1318(\(For)2061(example,)2325(some)2819(versions)3130(of)3588(the)3745(Unix)3949(editor)4246 t
12 CW f
(vi)4616 t
12 R f
(can)4817(encrypt)5040 t
720 6920 m
(\256les)720(but)1012(still)1257(leave)1531(temporary)1875(data)2460(in)2751(the)2936(clear.\))3174(New)3607(encryption)3922(algorithms)4526(entail)5132 t
720 7060 m
(modi\256cation)720(of)1431(every)1633(program,)2001(and)2541(cryptographic)2817(code)3587(can)3916(introduce)4185(a)4742(signi\256cant)4898 t
cleartomark
showpage
restore
%%EndPage: 2 2
%%Page: 3 3
save
mark
3 pagesetup
12 R f
2950 500 m
(-)2950(3)3030(-)3130 t
720 860 m
(performance)720(penalty.)1366 t
12 B f
720 1140 m
(1.2.)720(System-Level)980(Cryptography)1707(Is)2480(Often)2614(Insuf\256cient)2948 t
12 R f
970 1316 m
(One)970(way)1214(to)1458(avoid)1597(many)1909(of)2221(the)2366(pitfalls)2558(of)2939(user-level)3084(encryption)3603(is)4162(to)4288(make)4427(cryptographic)4733 t
720 1456 m
(services)720(a)1152(basic)1250(part)1542(of)1774(the)1919(underlying)2111(system.)2677(In)3127(designing)3272(such)3785(a)4050(system,)4147(it)4556(is)4668(important)4793(to)5306 t
720 1596 m
(identify)720(exactly)1147(what)1546(is)1831(to)1964(be)2110(trusted)2275(with)2655(cleartext)2921(and)3388(what)3614(requires)3900(cryptographic)4340(protec-)5060 t
720 1736 m
(tion.)720(In)1029(other)1180(words,)1478(we)1852(must)2042(understand)2328(what)2906(components)3190(of)3821(the)3971(system)4168(are)4553(vulnerable)4749(to)5306 t
720 1876 m
(compromise.)720 t
970 2052 m
(In)970(general,)1119(the)1551(user)1747(has)1996(little)2205(choice)2477(but)2839(to)3042(trust)3185 t
12 I f
(some)3449 t
12 R f
(components)3764(of)4394(the)4543(system,)4739(since)5153 t
720 2192 m
(the)720(whole)916(point)1258(of)1555(storing)1704(data)2088(on)2336(a)2504(computer)2605(is)3107(to)3236(perform)3378(various)3813(operations)4215(on)4764(the)4932(clear-)5127 t
720 2332 m
(text.)720(Ideally,)1026(however,)1445(required)1942(trust)2397(should)2667(be)3043(limited)3212(to)3611(those)3761(parts)4071(of)4361(a)4517(system)4626(that)5017(are)5254 t
720 2472 m
(under)720(the)1033(user's)1220(direct)1547(control.)1861 t
970 2648 m
(For)970(\256les,)1188(we)1470(are)1660(usually)1857(interested)2257(in)2777(protecting)2923(the)3463(physical)3662(media)4115(on)4461(which)4633(sensitive)4978 t
720 2788 m
(data)720(are)963(stored.)1152(This)1559(includes)1816(on-line)2260(disks)2644(as)2935(well)3077(as)3326(backup)3468(copies)3856(\(which)4205(may)4580(persist)4829(long)5186 t
720 2928 m
(after)720(the)995(on-line)1197(versions)1593(have)2050(been)2332(deleted\).)2614(In)3127(distributed)3283(\256le)3855(server-based)4065(systems,)4727(it)5195(is)5319 t
720 3068 m
(often)720(also)1020(desirable)1267(to)1754(protect)1901(the)2288(network)2488(connection)2934(between)3513(client)3964(and)4284(server)4509(since)4854(these)5153 t
720 3208 m
(links)720(may)1006(be)1264(very)1428(easy)1692(for)1956(an)2147(eavesdropper)2311(to)3001(monitor.)3146(Finally,)3649(it)4072(is)4191(possible)4323(that)4769(the)5001(user)5200 t
720 3348 m
(may)720(not)967(trust)1161(the)1416(\256le)1603(server)1797(itself,)2130(especially)2442(when)2963(it)3262(is)3370(physically)3491(or)4026(administratively)4166(remote.)4990 t
970 3524 m
(Physical)970(media)1424(can)1764(be)1976(protected)2135(by)2628(specialized)2794(hardware.)3375(Disk)3937(controllers)4211(are)4773(commer-)4966 t
720 3664 m
(cially)720(available)1035(with)1516(embedded)1777(encryption)2317(hardware)2878(that)3369(can)3596(be)3808(used)3967(to)4233(encipher)4373(entire)4832(disks)5152 t
720 3804 m
(or)720(individual)879(\256le)1427(blocks)1640(with)2014(a)2288(speci\256ed)2401(key.)2888(Once)3191(the)3503(key)3710(is)3943(provided)4084(to)4571(the)4725(controller)4932 t
720 3944 m
(hardware,)720(encryption)1238(is)1795(completely)1918(transparent.)2495(This)3141(approach)3397(has)3878(a)4080(number)4175(of)4584(disadvantages)4726 t
720 4084 m
(for)720(general)915(use,)1323(however.)1568(The)2105(granularity)2346(of)2930(encryption)3086(keys)3656(must)3932(be)4223(compatible)4392(with)4983(the)5253 t
720 4224 m
(hardware;)720(often,)1244(the)1566(entire)1758(disk)2077(must)2323(be)2603(thought)2761(of)3174(as)3319(a)3464(single)3562(protected)3895(entity.)4386(It)4775(is)4893(dif\256cult)5018 t
720 4364 m
(to)720(share)864(resources)1167(among)1670(users)2047(who)2344(are)2600(not)2796(willing)3000(to)3392(trust)3536(one)3801(another)4025(with)4436(the)4701(same)4899(key.)5197 t
720 4504 m
(Obviously,)720(this)1293(approach)1510(is)1991(only)2114(applicable)2370(when)2905(the)3205(required)3393(hardware)3834(is)4320(available.)4442(Backups)4987 t
720 4644 m
(remain)720(a)1100(dif\256cult)1199(problem.)1627(If)2144(the)2270(backups)2463(are)2903(taken)3096(of)3403(the)3550(raw,)3744(undecrypted)4000(disk,)4640(it)4918(may)5033(be)5287 t
720 4784 m
(dif\256cult)720(to)1148(reliably)1288(restore)1702(\256les)2074(should)2320(the)2686(disk)2878(controller)3124(hardware)3637(become)4127(unavailable,)4545(even)5174 t
720 4924 m
(when)720(the)1026(keys)1220(are)1488(known.)1682(If)2126(the)2254(backup)2449(is)2843(taken)2972(of)3280(the)3428(cleartext)3623(data)4085(the)4333(backup)4528(itself)4922(will)5212 t
720 5064 m
(require)720(separate)1111(cryptographic)1555(protection.)2273(Finally,)2882(this)3304(approach)3529(does)4018(not)4288(protect)4492(data)4876(going)5126 t
720 5204 m
(into)720(and)962(out)1189(of)1397(the)1551(disk)1753(controller)2009(itself,)2532(and)2859(therefore)3087(may)3575(not)3837(be)4046(suf\256cient)4214(for)4717(protecting)4912 t
720 5344 m
(data)720(in)960(remote)1094(\256le)1468(servers.)1662 t
970 5520 m
(Network)970(connections)1453(between)2091(client)2554(machines)2886(and)3404(\256le)3641(servers)3860(can)4265(be)4496(protected)4674(with)5186 t
720 5660 m
(end-to-end)720(encryption)1288(and)1850(cryptographic)2071(authentication.)2786(Again,)3586(specialized)3957(hardware)4539(may)5032(be)5287 t
720 5800 m
(employed)720(for)1237(this)1420(purpose,)1638(depending)2091(on)2634(the)2797(particular)2987(network)3491(involved,)3927(or)4421(it)4565(may)4677(be)4928(imple-)5085 t
720 5940 m
(mented)720(in)1119(software.)1258(Not)1786(all)2011(networks)2176(support)2660(encryption,)3065(however,)3653(and)4139(among)4356(those)4727(that)5025(do,)5250 t
720 6080 m
(not)720(all)914(system)1075(vendors)1450(supply)1870(working)2231(implementations)2671(of)3515(encryption)3655(as)4209(a)4349(standard)4442(product.)4889 t
970 6256 m
(Even)970(when)1266(the)1576(various)1774(problems)2179(with)2678(media)2943(and)3288(network)3512(level)3956(encryption)4241(are)4806(ignored,)5003 t
720 6396 m
(the)720(combination)927(of)1589(the)1749(two)1956(approaches)2196(may)2795(not)3062(be)3276(adequate)3449(for)3935(the)4135(protection)4341(of)4888(data)5047(in)5306 t
720 6536 m
(modern)720(distributed)1142(systems.)1714(In)2222(particular,)2378(even)2925(though)3207(cleartext)3597(may)4067(never)4330(be)4652(stored)4821(on)5171(a)5347 t
720 6676 m
(disk)720(or)967(sent)1113 t
12 S1 f
(")1353 t
12 R f
(over)1402(the)1661(wire)1854 t
12 S1 f
(")2067 t
12 R f
(,)2116(sensitive)2192(data)2660(can)2906(be)3118(leaked)3277(if)3636(the)3756(\256le)3949(server)4148(itself)4486(is)4773(comprom-)4899 t
720 6816 m
(ised.)720(The)1035(\256le)1272(server)1477(must)1821(maintain,)2107(at)2610(some)2748(point,)3053(the)3382(keys)3580(used)3851(to)4123(encipher)4269(both)4734(the)5000(disk)5199 t
720 6956 m
(and)720(the)944(network.)1142(Even)1656(if)1953(the)2078(server)2276(can)2620(be)2837(completely)3001(trusted,)3587(direct)3995(media)4319(encryption)4663(and)5227 t
720 7096 m
(network)720(encryption)1153(has)1707(a)1907(number)2000(of)2407(shortcomings)2547(from)3236(a)3510(point)3604(of)3893(view)4034(of)4308(ef\256cient)4449(distributed)4884 t
cleartomark
showpage
restore
%%EndPage: 3 3
%%Page: 4 4
save
mark
4 pagesetup
12 R f
2950 500 m
(-)2950(4)3030(-)3130 t
720 860 m
(system)720(design.)1114(Observe)1557(that)2015(each)2255(\256le)2532(access)2744(requires)3108(two)3553(cryptographic)3791(operations)4516(by)5075(the)5253 t
720 1000 m
(server,)720(once)1084(for)1351(the)1532(network)1720(and)2154(once)2368(for)2635(the)2816(disk,)3004(even)3276(though)3543(the)3918(server)4106(is)4440(never)4562(itself)4869(mak-)5153 t
720 1140 m
(ing)720(use)930(of)1146(cleartext)1302(data.)1772(Such)2098(a)2394(design)2503(violates)2873(the)3304(principle)3507(that)3991(work)4227(should)4528(be)4904(shifted)5072 t
720 1280 m
(from)720(the)1001(\(shared,)1195(heavily)1625(loaded\))2026(\256le)2433(server)2634(to)2974(the)3115(\(unshared,)3309(lightly)3859(loaded\))4222(client)4630(machines)4946 t
720 1420 m
(whenever)720(possible[3].)1243(Even)1905(if)2208(the)2339(cryptographic)2543(operations)3267(are)3825(themselves)4028(implemented)4620(in)5306 t
720 1560 m
(hardware,)720(additional)1235(server)1757(software)2090(complexity)2543(is)3125(still)3246(required)3469(to)3909(support)4043(it.)4444 t
970 1736 m
(In)970(the)1133(following)1343(sections,)1874(we)2355(describe)2557(the)3021(alternative)3232(approach)3804(taken)4307(by)4631(the)4815(Crypto-)5026 t
720 1876 m
(graphic)720(File)1138(System)1384(\(CFS\).)1797(CFS)2218(pushes)2489(\256le)2873(encryption)3084(entirely)3655(into)4080(the)4325(client)4529(\256le)4854(system)5065 t
720 2016 m
(interface,)720(and)1210(therefore)1423(does)1896(not)2157(suffer)2352(from)2673(many)2948(of)3256(the)3397(dif\256culties)3585(inherent)4142(in)4577(user-level)4712(and)5227 t
720 2156 m
(disk-)720(and)1001(network-)1214(based)1687(system-level)2000(encryption.)2649 t
12 B f
720 2576 m
(2.)720(CFS:)890(Cryptographic)1196(Services)1996(in)2456(the)2597(File)2797(System)3031 t
12 R f
970 2752 m
(CFS)970(investigates)1225(the)1835(question)2023(of)2472(where)2613(in)2946(a)3081(system)3175(does)3551(responsibility)3812(for)4510(\256le)4691(encryption)4886 t
720 2892 m
(properly)720(belong.)1168(As)1606(discussed)1780(in)2282(the)2417(previous)2605(section,)3060(if)3472(encryption)3587(is)4142(performed)4264(at)4805(too)4933(low)5127(a)5347 t
720 3032 m
(level,)720(we)1038(introduce)1231(vulnerability)1739(by)2409(requiring)2583(trust)3078(in)3347(components)3495(that)4130(may)4365(be)4626(far)4793(removed)4980 t
720 3172 m
(from)720(the)1007(user's)1207(control.)1547(On)2011(the)2210(other)2410(hand,)2710(if)3026(encryption)3153(is)3720(too)3854(close)4061(to)4360(the)4506(user,)4705(the)4987(high)5186 t
720 3312 m
(degree)720(of)1102(human)1265(interaction)1655(required)2233(invites)2697(errors)3083(as)3427(well)3591(as)3862(the)4026(perception)4237(that)4808(crypto-)5053 t
720 3452 m
(graphic)720(protection)1127(is)1662(not)1790(worth)1991(the)2318(trouble)2512(for)2900(practical,)3087(day-to-day)3578(use.)4144(CFS)4420(is)4680(designed)4807(on)5280 t
720 3592 m
(the)720(principle)907(that)1375(the)1596(trusted)1784(components)2153(of)2775(a)2916(system)3010(should)3386(encrypt)3748(immediately)4149(before)4793(send-)5140 t
720 3732 m
(ing)720(data)914(to)1154(untrusted)1288(components.)1776 t
12 B f
720 4012 m
(2.1.)720(Design)980(Goals)1367 t
12 R f
970 4188 m
(CFS)970(occupies)1226(something)1688(of)2232(a)2374(middle)2469(ground)2846(between)3228(low-level)3670(and)4167(user-level)4383(cryptogra-)4900 t
720 4328 m
(phy.)720(It)1017(aims)1138(to)1413(protect)1554(exactly)1935(those)2329(aspects)2630(of)3023(\256le)3169(storage)3369(that)3762(are)3989(vulnerable)4181(to)4734(attack)4874(in)5207(a)5347 t
720 4468 m
(way)720(that)961(is)1184(convenient)1307(enough)1877(to)2273(use)2410(routinely.)2613(In)3161(particular,)3304(we)3838(are)4020(guided)4209(by)4579(the)4742(following)4932 t
720 4608 m
(speci\256c)720(goals:)1127 t
720 4784 m
(\267)720(Rational)970(key)1418(management.)1631(Cryptographic)2355(systems)3089(restrict)3511(access)3886(to)4233(sensitive)4368(information)4831 t
970 4924 m
(through)970(knowledge)1394(of)1970(the)2120(key)2317(that)2539(was)2769(used)3004(to)3273(encrypt)3416(the)3825(data.)4021(Clearly,)4340(to)4773(be)4916(of)5078(any)5227 t
970 5064 m
(use)970(at)1180(all,)1317(a)1518(system)1621(must)2006(have)2291(some)2567(way)2871(of)3120(obtaining)3270(the)3775(key)3972(from)4196(the)4481(user.)4679(But)5000(this)5225 t
970 5204 m
(need)970(not)1250(be)1458(intrusive;)1625(encryption)2135(keys)2703(should)2977(not)3352(have)3560(to)3840(be)3987(supplied)4153(more)4614(than)4914(once)5174 t
970 5344 m
(per)970(session.)1180(Once)1655(a)1964(key)2074(has)2304(been)2521(typed)2804(in)3128(and)3279(authenticated,)3509(the)4237(user)4441(should)4698(not)5076(be)5287 t
970 5484 m
(asked)970(to)1293(type)1437(it)1694(again)1812(on)2122(subsequent)2292(operations)2876(that)3427(can)3658(be)3874(reliably)4037(connected)4455(with)4990(the)5253 t
970 5624 m
(previously)970(supplied)1533(key.)1996(Of)2294(course,)2475(the)2873(user)3075(should)3330(also)3706(have)3955(some)4237(way)4547(to)4802(manually)4952 t
970 5764 m
(destroy)970(a)1364(supplied)1457(key)1905(when)2118(it)2417(is)2525(not)2646(in)2840(use.)2974 t
720 5940 m
(\267)720(Transparent)970(access)1597(semantics.)1957(Encrypted)2556(\256les)3103(should)3358(behave)3733(no)4126(differently)4301(from)4864(other)5153 t
970 6080 m
(\256les,)970(except)1247(in)1606(that)1746(they)1973(are)2226(useless)2418(without)2804(the)3217(key.)3409(Encrypted)3697(\256les)4235(should)4481(support)4847(the)5253 t
970 6220 m
(same)970(access)1288(methods)1665(available)2144(on)2649(the)2840(underlying)3058(storage)3650(system.)4069(All)4546(system)4772(calls)5179 t
970 6360 m
(should)970(work)1336(normally,)1627(and)2137(it)2355(should)2468(be)2834(possible)2992(to)3432(compile)3571(and)4003(execute)4220(in)4630(a)4768(completely)4865 t
970 6500 m
(encrypted)970(environment.)1483 t
720 6676 m
(\267)720(Transparent)970(performance.)1595(Although)2323(cryptographic)2829(algorithms)3548(are)4116(often)4314(somewhat)4613(com-)5153 t
970 6816 m
(putationally)970(intensive,)1589(the)2097(performance)2287(penalty)2936(associated)3333(with)3869(encrypted)4125(\256les)4640(should)4883(not)5246 t
970 6956 m
(be)970(so)1134(high)1292(that)1558(it)1791(discourages)1911(their)2530(use.)2803(In)3085(particular,)3237(interactive)3780(response)4340(time)4812(should)5079 t
970 7096 m
(not)970(be)1164(noticeably)1317(degraded.)1858 t
cleartomark
showpage
restore
%%EndPage: 4 4
%%Page: 5 5
save
mark
5 pagesetup
12 R f
2950 500 m
(-)2950(5)3030(-)3130 t
720 860 m
(\267)720(Protection)970(of)1506(\256le)1647(contents.)1842(Clearly,)2354(the)2779(data)2967(in)3208(\256les)3343(should)3585(be)3947(protected,)4102(as)4621(should)4763(struc-)5126 t
970 1000 m
(tural)970(data)1244(related)1497(to)1877(a)2024(\256le's)2130(contents.)2424(For)2948(example,)3168(it)3658(should)3779(not)4153(be)4360(possible)4526(to)4974(deter-)5120 t
970 1140 m
(mine)970(that)1271(a)1512(particular)1625(sequence)2146(of)2645(bytes)2805(occurs)3119(multiple)3492(times)3955(in)4278(a)4433(\256le,)4547(or)4792(how)4953(two)5220 t
970 1280 m
(encrypted)970(\256les)1483(differ.)1724 t
720 1456 m
(\267)720(Protection)970(of)1509(sensitive)1653(meta-data.)2120(Considerable)2709(information)3388(can)4002(often)4213(be)4505(derived)4663(from)5068(a)5347 t
970 1596 m
(\256le)970(system's)1168(structural)1634(data;)2133(these)2411(should)2701(be)3065(protected)3221(to)3711(the)3848(extent)4038(possible.)4375(In)4883(particu-)5026 t
970 1736 m
(lar,)970(\256le)1167(names)1361(should)1708(not)2069(be)2263(discernible)2416(without)2984(the)3392(key.)3579 t
720 1912 m
(\267)720(Protection)970(of)1510(network)1655(connections.)2093(Distributed)2782(\256le)3369(systems)3568(make)3996(the)4302(network)4495(an)4934(attrac-)5093 t
970 2052 m
(tive)970(target)1205(for)1533(obtaining)1727(sensitive)2236(\256le)2712(data;)2920(no)3208(information)3382(that)4005(is)4239(encrypted)4373(in)4899(the)5046(\256le)5246 t
970 2192 m
(system)970(itself)1345(should)1627(be)1988(discernible)2141(by)2709(observation)2869(of)3470(network)3610(traf\256c.)4043 t
720 2368 m
(\267)720(Natural)970(key)1371(granularity.)1585(The)2224(grouping)2451(of)2926(what)3067(is)3341(protected)3463(under)3951(a)4266(particular)4361(key)4864(should)5079 t
970 2508 m
(mirror)970(the)1320(structural)1509(constructs)2006(presented)2536(to)3038(the)3174(user)3363(by)3605(the)3767(underlying)3956(system.)4518(It)4964(should)5079 t
970 2648 m
(be)970(easy)1130(to)1390(protect)1531(related)1912(\256les)2286(under)2535(the)2856(same)3051(key,)3346(and)3597(it)3818(should)3934(be)4303(easy)4464(to)4725(create)4867(new)5201 t
970 2788 m
(keys)970(for)1236(other)1422(\256les.)1715(The)2032(Unix)2264(directory)2550(structure)3030(offers)3497(a)3823(\257exible,)3922(natural)4358(way)4737(to)4981(group)5120 t
970 2928 m
(\256les.)970 t
720 3104 m
(\267)720(Compatibility)970(with)1683(underlying)1939(system)2502(services.)2879(Encrypted)3378(\256les)3913(and)4156(directories)4372(should)4923(be)5287 t
970 3244 m
(stored)970(and)1310(managed)1529(in)2008(the)2148(same)2341(manner)2634(as)3040(other)3186(\256les.)3478(In)3794(particular,)3939(it)4475(should)4588(be)4954(possi-)5112 t
970 3384 m
(ble)970(for)1161(administrators)1345(to)2079(backup)2217(and)2607(restore)2824(individual)3195(encrypted)3728(\256les)4245(without)4490(the)4903(use)5095(of)5300 t
970 3524 m
(special)970(tools)1363(and)1657(without)1889(knowing)2316(the)2795(key.)3001(In)3303(general,)3462(untrusted)3904(parts)4410(of)4702(the)4860(system)5065 t
970 3664 m
(should)970(not)1331(require)1525(modi\256cation.)1905 t
720 3840 m
(\267)720(Portability.)970(The)1602(encryption)1840(system)2406(should)2793(exploit)3166(existing)3553(interfaces)3987(wherever)4507(possible)5005 t
970 3980 m
(and)970(should)1227(not)1631(rely)1868(on)2138(unusual)2341(or)2798(special-purpose)2981(system)3818(features.)4236(Furthermore,)4769 t
970 4120 m
(encrypted)970(\256les)1485(should)1728(be)2091(portable)2247(between)2684(implementations;)3126(\256les)4007(should)4251(be)4615(usable)4771(wher-)5121 t
970 4260 m
(ever)970(the)1216(key)1403(is)1616(supplied.)1737 t
720 4436 m
(\267)720(Scale.)970(The)1361(encryption)1609(engine)2185(should)2567(not)2950(place)3166(an)3481(unusual)3656(load)4092(on)4361(any)4543(shared)4778(com-)5153 t
970 4576 m
(ponent)970(of)1349(the)1501(system.)1700(File)2157(servers)2397(in)2789(particular)2935(should)3448(not)3821(be)4027(required)4192(to)4644(perform)4789(any)5227 t
970 4716 m
(special)970(additional)1344(processing)1866(for)2420(clients)2600(who)2955(require)3201(cryptographic)3581(protection.)4288 t
720 4892 m
(\267)720(Concurrent)970(access.)1557(It)1980(should)2101(be)2469(possible)2629(for)3071(several)3259(users)3647(\(or)3942(processes\))4130(to)4678(have)4820(access)5094 t
970 5032 m
(to)970(the)1106(same)1295(encrypted)1584(\256les)2099(simultaneously.)2342(Sharing)3184(semantics)3600(should)4117(be)4480(similar)4634(to)5011(those)5146 t
970 5172 m
(of)970(the)1110(underlying)1297(storage)1858(system.)2245 t
720 5348 m
(\267)720(Limited)970(trust.)1409(In)1751(general,)1908(the)2348(user)2552(should)2809(be)3187(required)3357(to)3814(trust)3965(only)4237(those)4508(components)4819 t
970 5488 m
(under)970(his)1304(or)1506(her)1667(direct)1881(control)2216(and)2618(whose)2852(integrity)3219(can)3689(be)3915(independently)4088(veri\256ed.)4829(It)5326 t
970 5628 m
(should)970(not,)1340(for)1573(example,)1762(be)2249(necessarily)2412(to)2996(trust)3140(the)3405(\256le)3602(servers)3806(from)4196(which)4480(storage)4823(ser-)5220 t
970 5768 m
(vices)970(are)1292(obtained.)1513(This)2072(is)2361(especially)2517(important)3073(in)3617(large-scale)3785(environments)4379(where)5108 t
970 5908 m
(administrative)970(control)1700(is)2081(spread)2202(among)2555(several)2922(entities.)3302 t
720 6084 m
(\267)720(Compatibility)970(with)1714(future)2001(technology.)2361(Several)3038(emerging)3471(technologies)3998(have)4679(potential)4978 t
970 6224 m
(applicability)970(for)1614(protecting)1795(data.)2324(In)2635(particular,)2775(keys)3306(could)3566(be)3873(contained)4026(in)4533(or)4667(managed)4807(by)5280 t
12 S1 f
970 6364 m
(")970 t
12 R f
(smart-cards)1019 t
12 S1 f
(")1580 t
12 R f
(that)1695(would)1942(remain)2308(in)2708(the)2868(physical)3081(possession)3548(of)4129(authorized)4296(users.)4870(An)5254 t
970 6504 m
(encryption)970(system)1524(should)1899(support,)2260(but)2691(not)2885(require,)3079(novel)3489(hardware)3796(of)4281(this)4421(sort.)4636 t
cleartomark
showpage
restore
%%EndPage: 5 5
%%Page: 6 6
save
mark
6 pagesetup
12 R f
2950 500 m
(-)2950(6)3030(-)3130 t
12 B f
720 860 m
(2.2.)720(CFS)980(Functionality)1246(and)1975(User)2209(Interface)2488 t
12 R f
970 1036 m
(An)970(important)1156(goal)1666(of)1914(CFS)2055(is)2310(to)2432(present)2567(the)2955(user)3143(with)3384(a)3639(secure)3733(\256le)4080(service)4275(that)4656(works)4878(in)5212(a)5347 t
720 1176 m
(seamless)720(manner,)1194(without)1630(any)2044(notion)2263(that)2617(encrypted)2844(\256les)3363(are)3610(somehow)3802 t
12 S1 f
(")4307 t
12 R f
(special)4356 t
12 S1 f
(")4690 t
12 R f
(,)4739(and)4814(without)5032 t
720 1316 m
(the)720(need)908(to)1175(type)1310(in)1558(the)1693(same)1881(key)2169(several)2383(times)2764(in)3067(a)3202(single)3296(session.)3625(Most)4084(interaction)4373(with)4930(CFS)5186 t
720 1456 m
(is)720(through)849(standard)1270(\256le)1724(system)1925(calls,)2307(with)2605(no)2866(prominent)3033(distinction)3575(between)4132(\256les)4578(that)4826(happen)5054 t
720 1596 m
(to)720(be)854(under)1007(CFS)1320(and)1574(those)1787(that)2081(are)2302(not.)2488 t
970 1772 m
(CFS)970(provides)1241(a)1712(transparent)1822(Unix)2413(\256le)2710(system)2921(interface)3313(to)3790(directory)3941(hierarchies)4432(that)5016(are)5254 t
720 1912 m
(automatically)720(encrypted)1418(with)1933(user)2189(supplied)2431(keys.)2881(Users)3213(issue)3528(a)3811(simple)3906(command)4270(to)4786 t
12 S1 f
(")4921 t
12 R f
(attach)4970 t
12 S1 f
(")5257 t
12 R f
(a)5347 t
720 2052 m
(cryptographic)720(key)1435(to)1657(a)1800(directory.)1902(Attached)2455(directories)2937(are)3494(then)3689(available)3945(to)4428(the)4571(user)4767(with)5016(all)5279 t
720 2192 m
(the)720(usual)915(system)1217(calls)1600(and)1869(tools,)2090(but)2403(the)2605(\256les)2800(are)3049(automatically)3242(encrypted)3945(as)4465(they)4612(are)4866(written)5059 t
720 2332 m
(and)720(decrypted)938(as)1456(they)1601(are)1854(read.)2046(No)2368(modi\256cations)2560(of)3262(the)3408(\256le)3601(systems)3801(on)4229(which)4395(the)4734(encrypted)4927 t
720 2472 m
(\256les)720(are)966(stored)1157(are)1496(required.)1687(File)2202(system)2435(services)2815(such)3247(as)3512(backup,)3657(restore,)4078(archival)4479(and)4910(usage)5127 t
720 2612 m
(accounting)720(work)1301(normally)1601(on)2090(encrypted)2264(\256les)2791(and)3046(directories)3273(without)3836(knowledge)4259(of)4840(the)4995(key.)5197 t
720 2752 m
(CFS)720(ensures)979(that)1384(cleartext)1610(\256le)2068(contents)2266(and)2711(name)2928(data)3232(are)3476(never)3666(stored)3976(on)4314(a)4478(disk)4575(or)4820(transmit-)4964 t
720 2892 m
(ted)720(over)907(a)1160(network.)1253 t
970 3068 m
(CFS)970(works)1258(by)1626(providing)1821(a)2364 t
12 S1 f
(")2492 t
12 R f
(virtual)2541 t
12 S1 f
(")2856 t
12 R f
(\256le)2980(system)3209(on)3619(the)3814(client's)4036(machine,)4466(typically)4978 t
720 3208 m
(mounted)720(on)1200 t
12 CW f
(/crypt,)1411 t
12 R f
(through)1973(which)2405(users)2756(access)3061(their)3425(encrypted)3704(\256les.)4235(The)4564(attach)4808(com-)5153 t
720 3348 m
(mand)720(creates)1027(an)1401(entry)1555(under)1843 t
12 CW f
(/crypt)2189 t
12 R f
(that)2662(is)2884(associated)3006(with)3541(a)3796(cryptographic)3890(key)4598(and)4812(a)5026(direc-)5120 t
720 3488 m
(tory)720(on)965(some)1136(other)1441(\256le)1739(system.)1944(Files)2400(are)2686(stored)2883(in)3228(encrypted)3373(form)3897(and)4182(with)4406(encrypted)4670(path)5193 t
720 3628 m
(names)720(in)1068(this)1203(directory,)1419(although)1924(they)2386(appear)2634(to)2994(the)3129(user)3317(who)3559(issued)3807(the)4150(attach)4339(command)4668(as)5184(if)5326 t
720 3768 m
(they)720(are)977(ordinary)1173(\256les)1630(and)1881(directories)2103(under)2660 t
12 CW f
(/crypt)3014 t
12 R f
(.)3446(The)3565(underlying)3800(encrypted)4370(directories)4892 t
720 3908 m
(can)720(reside)939(on)1279(any)1452(accessible)1678(\256le)2218(system,)2425(including)2843(remote)3351(\256le)3739(servers)3947(such)4341(as)4615(Sun)4769(NFS[4].)5010 t
720 4048 m
(Users)720(control)1051(CFS)1450(through)1722(a)2154(small)2265(suite)2584(of)2869(tools)3026(that)3318(create,)3556(attach,)3929(detach,)4303(and)4703(otherwise)4933 t
720 4188 m
(administer)720(encrypted)1269(directories.)1782 t
970 4364 m
(User)970(keys)1250(in)1524(CFS)1672(consist)1940(of)2329(arbitrary-length)2483 t
12 S1 f
(")3292 t
12 R f
(passphrases)3341 t
12 S1 f
(")3908 t
12 R f
(.)3957(The)4081(passphrase)4321(is)4895(used)5031(to)5306 t
720 4504 m
(generate)720(the)1167(internal)1355(cryptographic)1764(keys)2472(used)2733(by)2994(CFS's)3155(encryption)3497(routines.)4052(Passphrases)4551(must)5165 t
720 4644 m
(be)720(of)885(suf\256cient)1037(length)1538(to)1892(allow)2039(the)2359(creation)2559(of)2999(several)3152(independent)3545(keys;)4185(the)4492(current)4692(imple-)5085 t
720 4784 m
(mentation)720(requires)1249(at)1683(least)1817(16)2085(characters.)2252(The)2855(phrase)3088(may)3448(include)3702(any)4102(printable)4321(ASCII)4795(char-)5154 t
720 4924 m
(acter,)720(and)1024(ideally)1238(will)1607(consist)1836(of)2212(an)2353(easily)2507(remembered)2829(nonsense)3471(phrase)3953(with)4308(unusual)4564(punctua-)4980 t
720 5064 m
(tion,)720(capitalization)1000(or)1711(spelling)1873(\(e.g.,)2317 t
12 CW f
("if)2654(you)2964(have)3274(nothing)3656(2)4254(hide)4420(you)4802(Have)5112 t
720 5204 m
(nothing)720(too)1296(fear!")1584 t
12 R f
(\).)2016(The)2166(actual)2392(method)2719(of)3120(encryption)3260(is)3814(discussed)3935(below)4436(in)4769(section)4903(3.)5284 t
970 5380 m
(The)970 t
12 CW f
(cmkdir)1252 t
12 R f
(command)1748(is)2286(used)2431(to)2716(create)2875(encrypted)3226(directories)3764(and)4337(assign)4575(their)4941(key)5227 t
720 5520 m
(phrases.)720(Its)1197(operation)1365(is)1866(similar)1993(to)2375(that)2515(of)2742(the)2888(Unix)3081 t
12 CW f
(mkdir)3399 t
12 R f
(command)3805(with)4325(the)4585(addition)4778(that)5219 t
720 5660 m
(it)720(asks)845(for)1109(a)1306(key.)1417(For)1718(example,)1943(the)2438(following)2643(dialog)3169(creates)3528(an)3919(encrypted)4090(directory)4621(called)5113 t
12 S1 f
720 5800 m
(")720 t
12 CW f
(/usr/mab/secrets)769 t
12 R f
(:)1921 t
12 S1 f
(")1955 t
12 CW f
1080 6000 m
($)1080 t
12 B f
(cmkdir)1224(/usr/mab/secrets)1638 t
12 CW f
1080 6140 m
(Key:)1080 t
12 I f
(\(user)1440(enters)1727(passphrase,)2061(which)2672(does)2999(not)3259(echo\))3453 t
12 CW f
1080 6280 m
(Again:)1080 t
12 I f
(\(same)1584(phrase)1910(must)2277(be)2544(entered)2697(again)3097(to)3411(prevent)3545(errors\))3945 t
12 CW f
1080 6420 m
($)1080 t
12 R f
970 6656 m
(To)970(use)1162(an)1381(encrypted)1554(directory,)2087(its)2611(key)2786(must)3019(be)3314(supplied)3487(to)3955(CFS)4109(with)4383(the)4657 t
12 CW f
(cattach)4896 t
12 R f
720 6796 m
(command.)720 t
12 CW f
(cattach)1340 t
12 R f
(takes)1888(three)2179(parameters:)2463(an)3067(encryption)3223(key)3780(\(which)3996(is)4372(prompted)4496(for\),)5000(the)5253 t
720 6936 m
(name)720(of)1022(a)1164(directory)1259(previously)1735(created)2285(with)2674 t
12 CW f
(cmkdir)2963 t
12 R f
(,)3395(and)3468(a)3684(name)3780(that)4083(will)4307(be)4538(used)4694(to)4957(access)5094 t
720 7076 m
(the)720(directory)913(under)1393(the)1712(CFS)1905(mount)2165(point.)2519(For)2883(example,)3096(to)3579(attach)3719(the)4052(directory)4244(created)4723(above)5114 t
cleartomark
showpage
restore
%%EndPage: 6 6
%%Page: 7 7
save
mark
7 pagesetup
12 R f
2950 500 m
(-)2950(7)3030(-)3130 t
720 860 m
(to)720(the)854(name)1041 t
12 CW f
(/crypt/matt:)1373 t
1080 1060 m
($)1080 t
12 B f
(cattach)1224(/usr/mab/secrets)1637(matt)2519 t
12 CW f
1080 1200 m
(Key:)1080 t
12 I f
(\(same)1440(key)1766(used)1965(in)2225(the)2359(cmkdir)2546(command\))2919 t
12 CW f
1080 1340 m
($)1080 t
12 R f
970 1576 m
(If)970(the)1100(key)1297(is)1520(supplied)1651(correctly,)2109(the)2616(user)2813 t
12 S1 f
(")3063 t
12 R f
(sees)3112 t
12 S1 f
(")3312 t
12 CW f
(/crypt/matt)3443 t
12 R f
(as)4285(a)4436(normal)4540(directory;)4932 t
720 1716 m
(all)720(standard)899(operations)1364(\(creating,)1922(reading,)2436(writing,)2883(compiling,)3318(executing,)3894 t
12 CW f
(cd)4480 t
12 R f
(,)4624 t
12 CW f
(mkdir)4743 t
12 R f
(,)5103(etc.\))5190 t
720 1856 m
(work)720(as)1006(expected.)1146(The)1683(actual)1910(\256les)2238(are)2480(stored)2667(under)3002 t
12 CW f
(/usr/mab/secrets)3348 t
12 R f
(,)4500(which)4571(would)4905(not)5246 t
720 1996 m
(ordinarily)720(be)1247(used)1412(directly.)1683(Consider)2172(the)2657(following)2855(dialog,)3374(which)3756(creates)4100(a)4484(single)4588(encrypted)4927 t
720 2136 m
(\256le:)720 t
12 CW f
1080 2336 m
($)1080 t
12 B f
(ls)1224(-l)1345(/crypt)1459 t
12 CW f
1080 2476 m
(total)1080(1)1512 t
1080 2616 m
(drwx------)1080(2)1944(mab)2088(512)2880(Apr)3168(1)3528(15:56)3672(matt)4104 t
1080 2756 m
($)1080 t
12 B f
(echo)1224 t
12 S1 f
(")1497 t
12 B f
(murder)1546 t
12 S1 f
(")1939(>)2028 t
12 B f
(/crypt/matt/crimes)2135 t
12 CW f
1080 2896 m
($)1080 t
12 B f
(ls)1224(-l)1345(/crypt/matt)1459 t
12 CW f
1080 3036 m
(total)1080(1)1512 t
1080 3176 m
(-rw-rw-r--)1080(1)1944(mab)2088(7)3024(Apr)3168(1)3528(15:57)3672(crimes)4104 t
1080 3316 m
($)1080 t
12 B f
(cat)1224(/crypt/matt/crimes)1417 t
12 CW f
1080 3456 m
(murder)1080 t
1080 3596 m
($)1080 t
12 B f
(ls)1224(-l)1345(/usr/mab/secrets)1459 t
12 CW f
1080 3736 m
(total)1080(1)1512 t
1080 3876 m
(-rw-rw-r--)1080(1)1944(mab)2088(15)2952(Apr)3168(1)3528(15:57)3672(8b06e85b87091124)4104 t
1080 4016 m
($)1080 t
12 B f
(cat)1224(-v)1417(/usr/mab/secrets/8b06e85b87091124)1557 t
12 CW f
1080 4156 m
(M-Z,k^]^B^VM-VM-6A~uM-LM-_M-DM-^[)1080 t
1080 4296 m
($)1080 t
12 R f
970 4532 m
(When)970(the)1305(user)1501(is)1750(\256nished)1880(with)2310(an)2573(encrypted)2735(directory,)3258(its)3772(entry)3937(under)4234 t
12 CW f
(/crypt)4589 t
12 R f
(can)5071(be)5287 t
720 4672 m
(deleted)720(with)1110(the)1367 t
12 CW f
(cdetach)1589 t
12 R f
(command.)2136(Of)2723(course,)2891(the)3276(underlying)3465(encrypted)4028(directory)4543(remains)5019 t
720 4812 m
(and)720(may)933(be)1180(attached)1333(again)1773(at)2073(some)2200(future)2494(time.)2821 t
12 CW f
1080 5012 m
($)1080 t
12 B f
(cdetach)1224(matt)1657 t
12 CW f
1080 5152 m
($)1080 t
12 B f
(ls)1224(-l)1345(/crypt)1459 t
12 CW f
1080 5292 m
(total)1080(0)1512 t
1080 5432 m
($)1080 t
12 B f
(ls)1224(-l)1345(/usr/mab/secrets)1459 t
12 CW f
1080 5572 m
(total)1080(1)1512 t
1080 5712 m
(-rw-rw-r--)1080(1)1944(mab)2088(15)2952(Apr)3168(1)3528(15:57)3672(8b06e85b87091124)4104 t
1080 5852 m
($)1080 t
12 R f
970 6088 m
(File)970(names)1234(are)1617(encrypted)1839(and)2388(encoded)2637(in)3112(an)3282(ASCII)3471(representation)3860(of)4618(their)4795(binary)5093 t
720 6228 m
(encrypted)720(value)1258(padded)1583(out)1994(to)2213(the)2372(DES)2584(cipher)2875(block)3240(size)3572(of)3824(eight)3989(bytes.)4295(Note)4683(that)4980(this)5225 t
720 6368 m
(reduces)720(by)1130(approximately)1294(half)2033(the)2264(maximum)2455(path)2988(component)3239(and)3817(\256le)4035(name)4234(size,)4539(since)4801(names)5093 t
720 6508 m
(stored)720(on)1068(the)1242(disk)1443(are)1697(twice)1896(as)2209(long)2362(as)2629(their)2782(clear)3056(counterparts.)3342(Encrypted)4059(\256les)4605(may)4859(them-)5119 t
720 6648 m
(selves)720(be)1064(padded)1227(out)1623(to)1827(accommodate)1971(cipher)2688(block)3038(boundaries,)3355(and)3962(therefore)4185(can)4668(occupy)4884(up)5280 t
720 6788 m
(to)720(one)861(eight)1081(byte)1369(encryption)1623(block)2184(of)2498(extra)2645(storage.)2932(Otherwise,)3396(encrypted)3966(\256les)4486(place)4734(no)5034(spe-)5200 t
720 6928 m
(cial)720(requirements)934(on)1602(the)1762(underlying)1949(\256le)2510(system.)2704 t
cleartomark
showpage
restore
%%EndPage: 7 7
%%Page: 8 8
save
mark
8 pagesetup
12 R f
2950 500 m
(-)2950(8)3030(-)3130 t
970 860 m
(Encrypted)970(directories)1527(can)2099(be)2329(backed)2506(up)2909(along)3093(with)3424(the)3702(rest)3913(of)4151(the)4315(\256le)4526(system.)4744(The)5214 t
12 CW f
720 1000 m
(cname)720 t
12 R f
(program)1128(translates)1582(back)2084(and)2357(forth)2577(between)2858(cleartext)3304(names)3765(and)4119(their)4339(encrypted)4607(coun-)5127 t
720 1140 m
(terparts)720(for)1126(a)1311(particular)1409(key,)1915(allowing)2163(the)2629(appropriate)2821(\256le)3413(name)3612(to)3917(be)4056(located)4214(from)4607(backups)4887(if)5326 t
720 1280 m
(needed.)720(If)1181(the)1313(system)1512(on)1899(which)2071(CFS)2416(is)2682(running)2815(should)3241(become)3614(unavailable,)4039(encrypted)4675(\256les)5199 t
720 1420 m
(can)720(be)937(decrypted)1102(individually,)1627(given)2292(a)2611(key,)2716(using)2971(the)3284 t
12 CW f
(ccat)3515 t
12 R f
(program.)3855(Neither)4384 t
12 CW f
(cname)4828 t
12 R f
(nor)5240 t
12 CW f
720 1560 m
(ccat)720 t
12 R f
(require)1087(that)1506(the)1766(rest)1992(of)2245(CFS)2424(be)2717(running)2909(or)3362(be)3541(installed,)3733(and)4251(both)4502(run)4794(without)5032 t
720 1700 m
(modi\256cation)720(under)1380(most)1704(Unix)1990(platforms.)2281(This)2864(helps)3129(ensure)3434(that)3798(encrypted)4030(\256le)4554(contents)4759(will)5212 t
720 1840 m
(always)720(be)1093(recoverable,)1246(even)1875(if)2141(no)2255(machine)2415(is)2862(available)2983(on)3457(which)3617(to)3950(run)4084(the)4284(full)4471(CFS)4679(system.)4933 t
12 B f
720 2120 m
(2.3.)720(Security)980(Model)1447 t
12 R f
970 2296 m
(CFS)970(protects)1242(\256le)1681(contents)1893(and)2352(\256le)2583(names)2795(by)3160(guaranteeing)3338(that)4017(they)4257(are)4523(never)4728(sent)5053(in)5306 t
720 2436 m
(clear)720(form)998(to)1277(the)1416(\256le)1608(system.)1807(When)2257(run)2588(on)2793(a)2958(client)3056(machine)3369(in)3821(a)3960(distributed)4058(\256le)4618(system,)4816(this)5225 t
720 2576 m
(protection)720(extends)1251(to)1662(\256le)1800(system)1998(traf\256c)2377(sent)2708(over)2946(the)3203(network.)3394(In)3901(effect,)4045(it)4392(offers)4504(the)4828(security)5019 t
720 2716 m
(of)720(end-to-end)885(encryption)1470(between)2049(the)2513(client)2725(and)3058(the)3296(server)3508(without)3866(any)4298(actual)4535(encryption)4886 t
720 2856 m
(required)720(at)1160(the)1287(server)1474(side.)1807 t
970 3032 m
(Some)970(data)1291(are)1538(not)1731(protected,)1932(however.)2456(File)2985(sizes,)3220(access)3531(times,)3884(and)4223(the)4443(structure)4637(of)5105(the)5253 t
720 3172 m
(directory)720(hierarchy)1242(are)1783(all)2017(kept)2226(in)2521(the)2702(clear.)2936(\(Symbolic)3326(link)3915(pointers,)4190(are,)4695(however,)4958 t
720 3312 m
(encrypted\).)720(This)1361(makes)1633(CFS)1998(vulnerable)2270(to)2835(traf\256c)2987(analysis)3332(from)3779(both)4072(real-time)4345(observation)4839 t
720 3452 m
(and)720(snapshots)945(of)1465(the)1617(underlying)1816(\256les;)2389(whether)2676(this)3114(is)3340(acceptable)3472(must)4029(be)4315(evaluated)4479(for)4990(each)5181 t
720 3592 m
(application.)720 t
970 3768 m
(It)970(is)1084(important)1205(to)1715(emphasize)1850(that)2398(CFS)2620(protects)2875(data)3297(only)3538(in)3793(the)3928(context)4116(of)4511(the)4652(\256le)4840(system.)5035 t
720 3908 m
(It)720(is)838(not,)963(in)1191(itself,)1329(a)1645(complete,)1742(general)2257(purpose)2654(cryptographic)3078(security)3789(system.)4213(Once)4661(bits)4956(have)5174 t
720 4048 m
(been)720(returned)991(to)1436(a)1575(user)1673(program,)1918(they)2400(are)2652(beyond)2843(the)3241(reach)3433(of)3737(CFS's)3882(protection.)4229(This)4833(means)5093 t
720 4188 m
(that)720(even)956(with)1237(CFS,)1506(sensitive)1805(data)2282(might)2537(be)2873(written)3040(to)3435(a)3583(paging)3690(device)4071(when)4438(a)4751(program)4858(is)5319 t
720 4328 m
(swapped)720(out)1186(or)1387(revealed)1534(in)1987(a)2128(trace)2228(of)2508(a)2655(program's)2755(address)3296(space.)3704(Systems)4088(where)4538(the)4878(paging)5073 t
720 4468 m
(device)720(is)1073(on)1194(a)1354(remote)1447(\256le)1821(system)2015(are)2390(especially)2576(vulnerable)3097(to)3644(this)3778(sort)3993(of)4214(attack.)4354(\(It)4751(is)4905(theoret-)5026 t
720 4608 m
(ically)720(possible)1035(to)1477(use)1618(CFS)1825(as)2086(a)2233(paging)2333(\256le)2708(system,)2910(although)3323(the)3792(current)3987(implementation)4375(does)5180 t
720 4748 m
(not)720(readily)914(support)1288(this)1689(in)1904(practice\).)2038 t
970 4924 m
(Access)970(to)1363(attached)1511(directories)1965(is)2527(controlled)2662(by)3204(restricting)3378(the)3921(virtual)4122(directories)4491(created)5054 t
720 5064 m
(under)720 t
12 CW f
(/crypt)1067 t
12 R f
(using)1540(the)1842(standard)2030(Unix)2478(\256le)2759(protection)2954(mechanism.)3483(Only)4142(the)4423(user)4611(who)4852(issued)5099 t
720 5204 m
(the)720 t
12 CW f
(cattach)949 t
12 R f
(command)1503(is)2027(permitted)2158(to)2670(see)2814(or)3017(use)3167(the)3377(cleartext)3574(\256les.)4039(This)4361(is)4626(based)4758(on)5082(the)5253 t
12 I f
720 5344 m
(uid)720 t
12 R f
(of)917(the)1060(user;)1250(an)1527(attacker)1683(who)2106(can)2355(obtain)2564(access)2908(to)3257(a)3394(client)3490(machine)3801(and)4251(compromise)4467(a)5105(user)5200 t
720 5484 m
(account)720(can)1151(use)1375(any)1594(of)1826(that)1985(user's)2225(currently)2571(attached)3064(directories.)3523(If)4160(this)4299(is)4533(a)4673(concern,)4785(the)5253 t
720 5624 m
(attached)720(name)1188(can)1516(be)1750(marked)1931 t
12 I f
(obscure,)2359 t
12 R f
(which)2837(prevents)3198(it)3673(from)3808(appearing)4109(in)4649(a)4810(listing)4930(of)5300 t
12 CW f
720 5764 m
(/crypt)720 t
12 R f
(.)1152(When)1270(an)1604(attach)1765(is)2100(made)2229(obscure,)2538(the)2990(attacker)3186(must)3615(guess)3899(its)4215(current)4379(name,)4768(which)5107 t
720 5904 m
(can)720(be)965(randomly)1157(chosen)1697(by)2109(the)2308(real)2534(user.)2793(Of)3142(course,)3347(attackers)3769(who)4274(can)4558(become)4802(the)5253 t
12 S1 f
720 6044 m
(")720 t
12 R f
(superuser)769 t
12 S1 f
(")1229 t
12 R f
(on)1328(the)1498(client)1695(machine)2013(can)2471(thwart)2688(any)3046(protection)3270(scheme,)3809(including)4250(this;)4756(such)5016(an)5287 t
720 6184 m
(intruder)720(has)1143(access)1345(to)1692(the)1827(entire)2015(address)2330(space)2731(of)3038(the)3179(kernel)3367(and)3708(can)3922(read)4129(\(or)4376(modify\))4557(any)4986(data)5200 t
720 6324 m
(anywhere)720(in)1225(the)1359(system.)1546 t
cleartomark
showpage
restore
%%EndPage: 8 8
%%Page: 9 9
save
mark
9 pagesetup
12 R f
2950 500 m
(-)2950(9)3030(-)3130 t
12 B f
720 860 m
(3.)720(File)890(Encryption)1124 t
12 R f
970 1036 m
(CFS)970(uses)1230(DES)1483(to)1755(encrypt)1895(\256le)2301(data.)2501(DES)2817(has)3089(a)3295(number)3394(of)3807(standard)3954(modes)4408(of)4769(operation,)4916 t
720 1176 m
(none)720(of)997(which)1141(is)1478(completely)1603(suitable)2182(for)2601(encrypting)2785(\256les)3343(on)3587(line)3750(in)3974(a)4111(\256le)4207(system.)4404(In)4852(the)4995(sim-)5185 t
720 1316 m
(plest)720(DES)1003(mode,)1284 t
12 I f
(ECB)1636(\(electronic)1917(code)2493(book\),)2774 t
12 R f
(each)3132(8)3406(byte)3521(block)3784(of)4107(a)4263(\256le)4372(is)4582(independently)4719 t
720 1456 m
(encrypted)720(with)1238(the)1497(given)1689(key.)2001(Encryption)2289(and)2868(decryption)3086(can)3645(be)3856(performed)4014(randomly)4558(on)5063(any)5227 t
720 1596 m
(block)720(boundary.)1029(Although)1594(this)2090(protects)2307(the)2730(data)2919(itself,)3161(it)3475(can)3586(reveal)3795(a)4131(great)4227(deal)4510(about)4753(a)5063(\256le's)5159 t
720 1736 m
(structure)720(--)1185(a)1309(given)1406(block)1717(of)2028(cleartext)2172(always)2630(encrypts)3007(to)3457(the)3594(same)3784(ciphertext,)4074(and)4628(so)4844(repeated)4994 t
720 1876 m
(blocks)720(can)1102(be)1336(easily)1517(identi\256ed)1866(as)2389(such.)2557(Other)2915(modes)3256(of)3638(DES)3806(operation)4100(include)4623(various)5046 t
12 I f
720 2016 m
(stream)720(mode)1088 t
12 R f
(ciphers)1388(which)1776(base)2110(the)2364(encryption)2552(of)3107(a)3248(block)3342(on)3650(the)3811(data)3999(that)4240(preceded)4462(it.)4935(These)5114 t
720 2156 m
(defeat)720(the)1062(kinds)1258(of)1568(structural)1717(analysis)2222(possible)2660(with)3105(ECB)3369(mode,)3652(but)3999(make)4203(it)4513(dif\256cult)4631(to)5063(ran-)5207 t
720 2296 m
(domly)720(read)1086(or)1350(write)1508(in)1813(constant)1965(time.)2424(For)2767(example,)2992(a)3487(write)3598(to)3903(the)4055(middle)4260(of)4653(a)4811(\256le)4922(could)5133 t
720 2436 m
(require)720(reading)1104(the)1508(data)1699(that)1943(preceded)2168(it)2644(and)2756(reenciphering)2973(and)3677(rewriting)3894(the)4379(data)4570(that)4814(follows)5039 t
720 2576 m
(it.)720(Unix)908(\256le)1197(system)1400(semantics,)1784(however,)2338(require)2829(approximately)3218(uniform)3962(access)4399(time)4754(for)5018(ran-)5207 t
720 2716 m
(dom)720(blocks)974(of)1328(the)1468(\256le.)1655 t
970 2892 m
(Compounding)970(this)1698(dif\256culty)1913(are)2395(concerns)2581(that)3047(the)3268(56)3456(bit)3617(key)3786(size)4000(of)4228(DES)4369(is)4636(vulnerable)4758(to)5306 t
720 3032 m
(exhaustive)720(search)1290(of)1652(the)1808(key)2011(space.)2240(DES)2631(keys)2912(can)3187(be)3408(made)3576(effectively)3891(longer)4460(by)4822(multiple)4997 t
720 3172 m
(encryption)720(with)1294(independently)1568(chosen)2309(56)2702(bit)2883(keys.)3072(Unfortunately,)3423(DES)4188(is)4475(computationally)4617 t
720 3312 m
(rather)720(expensive,)1041(especially)1591(when)2112(implemented)2411(in)3080(software.)3214(It)3737(is)3851(likely)3972(that)4287(multiple)4508(iterations)4951 t
720 3452 m
(of)720(the)860(DES)1047(algorithm)1313(would)1822(be)2162(prohibitively)2315(slow)2978(for)3245(\256le)3425(system)3619(applications.)3994 t
970 3628 m
(To)970(allow)1171(random)1506(access)1941(to)2315(\256les)2477(but)2746(still)2969(discourage)3221(structural)3810(analysis)4334(and)4791(provide)5033 t
720 3768 m
(greater)720(protection)1098(than)1631(a)1883(single)1981(iteration)2314(ECB)2761(mode)3039(cipher,)3351(CFS)3726(encrypts)3985(\256le)4437(contents)4636(in)5082(two)5220 t
720 3908 m
(ways.)720(Recall)1087(that)1445(CFS)1677(keys)1942(are)2213(long)2410 t
12 S1 f
(")2675 t
12 R f
(passphrases)2724 t
12 S1 f
(")3291 t
12 R f
(.)3340(When)3461(the)3798(phrase)3997(is)4362(provided)4495(at)4974(attach)5113 t
720 4048 m
(time,)720(it)1030(is)1162 t
12 S1 f
(")1307 t
12 R f
(crunched)1356 t
12 S1 f
(")1795 t
12 R f
(into)1908(two)2160(separate)2404(56)2861(bit)3045(DES)3237(keys.)3527(The)3881(\256rst)4131(key)4383(is)4620(used)4765(to)5049(pre-)5207 t
720 4188 m
(compute)720(a)1177(long)1273(\(half)1530(megabyte\))1800(pseudo-random)2350(bit)3140(mask)3311(with)3608(DES's)3865 t
12 I f
(OFB)4222(\(output)4498(feed)4890(back\))5134 t
12 R f
720 4328 m
(mode.)720(This)1101(mask)1359(is)1657(stored)1782(for)2120(the)2304(life)2495(of)2700(the)2844(attach.)3035(When)3436(a)3766(\256le)3863(block)4061(is)4372(to)4497(be)4635(written,)4792(it)5207(is)5319 t
720 4468 m
(\256rst)720(exclusive-or'd)948(\(XOR\))1682(with)2054(the)2308(part)2495(of)2722(the)2862(mask)3049(corresponding)3343(to)4070(its)4204(byte)4360(offset)4608(in)4923(the)5058(\256le)5246 t
720 4608 m
(modulo)720(the)1129(precomputed)1317(mask)1985(length.)2280(The)2692(result)2919(is)3228(then)3350(encrypted)3598(with)4112(the)4366(second)4553(key)4926(using)5139 t
720 4748 m
(standard)720(ECB)1195(mode.)1496(When)1901(reading,)2255(the)2713(cipher)2928(is)3296(reversed)3445(in)3920(the)4083(obvious)4299(manner:)4749(\256rst)5212 t
720 4888 m
(decrypt)720(in)1125(ECB)1264(mode,)1542(then)1883(XOR)2134(with)2430(the)2688(positional)2879(mask.)3399(Observe)3767(that)4210(this)4435(allows)4654(uniform)5012 t
720 5028 m
(random)720(access)1127(time)1473(across)1728(the)2068(entire)2255(size)2569(of)2796(the)2936(pre-computed)3123(mask)3831(\(but)4126(not)4361(insertion)4556(or)5019(dele-)5160 t
720 5168 m
(tion)720(of)948(blocks\).)1088 t
970 5344 m
(This)970(encryption)1231(scheme)1792(guarantees)2199(that)2759(identical)2987(blocks)3450(will)3812(encrypt)4048(to)4456(different)4598(cipher-)5060 t
720 5484 m
(text)720(depending)943(upon)1485(their)1767(position)2030(in)2461(the)2597(\256le.)2786(It)3052(does)3168(admit)3430(some)3747(kinds)4043(of)4345(structural)4486(analysis,)4982 t
720 5624 m
(however.)720(It)1256(is)1384(possible)1519(to)1968(determine)2116(which)2651(blocks)2998(are)3366(identical)3567(\(and)4037(in)4305(the)4454(same)4656(place\))4958(in)5306 t
720 5764 m
(two)720(\256les)950(encrypted)1201(under)1724(the)2047(same)2244(key.)2541(Chosen)2834(plaintext)3244(attacks)3715(can)4098(also)4313(reveal)4556(something)4898 t
720 5904 m
(about)720(a)1046(\256le's)1158(structure:)1458(an)1972(attacker)2144(can)2583(verify)2808(that)3154(a)3394(particular)3506(block)4026(corresponds)4352(to)4992(some)5146 t
720 6044 m
(guessed)720(plaintext)1140(by)1602(simple)1762(bitwise)2124(comparison)2512(of)3113(the)3253(ciphertext.)3440 t
970 6220 m
(The)970(security)1202(of)1629(this)1775(scheme)1996(is)2402(not)2529(well-analyzed)2729(in)3448(the)3588(literature)3781(\(it)4262(may)4416(be)4669(new)4828(-)5073(there)5160 t
720 6360 m
(appear)720(to)1080(be)1215(no)1369(previous)1530(references)1985(to)2518(this)2652(technique\),)2867(and)3444(it)3657(is)3765(beyond)3886(the)4279(scope)4466(of)4779(this)4919(paper)5134 t
720 6500 m
(to)720(attempt)864(to)1276(do)1420(so.)1590(However,)1817(at)2335(a)2472(minimum,)2575(it)3125(is)3243(clear)3374(that)3657(the)3888(level)4085(of)4369(protection)4520(against)5059 t
720 6640 m
(attack)720(is)1052(at)1178(least)1310(that)1576(of)1802(a)1947(single)2045(DES)2378(pass)2649(in)2901(ECB)3040(mode)3318(but)3630(may)3828(be)4079(as)4236(strong)4380(as)4725(two)4869(passes)5093 t
720 6780 m
(with)720(DES)995(stream)1282(mode)1664(ciphers.)1992(It)2510(is)2645(possible)2787(that)3243(this)3485(scheme)3721(is)4142(weakened,)4284(in)4854(that)5010(the)5253 t
720 6920 m
(attacker)720(can)1145(search)1356(for)1707(the)1892(two)2084(DES)2309(subkeys)2580(independently,)3012(if)3768(there)3887(are)4172(several)4363(known)4748(plain-)5119 t
720 7060 m
(text)720(\256les)941(encrypted)1182(with)1695(the)1949(same)2136(passphrase.)2423 t
cleartomark
showpage
restore
%%EndPage: 9 9
%%Page: 10 10
save
mark
10 pagesetup
12 R f
2920 500 m
(-)2920(10)3000(-)3160 t
970 860 m
(Encryption)970(of)1560(pathname)1716(components)2239(uses)2876(a)3139(similar)3248(scheme,)3641(with)4088(the)4359(addition)4563(that)5015(the)5253 t
720 1000 m
(high)720(order)980(bits)1279(of)1500(the)1646(cleartext)1839(name)2299(\(which)2605(are)2984(normally)3175(zero\))3655(are)3946(set)4137(to)4316(a)4455(simple)4553(checksum)4920 t
720 1140 m
(computed)720(over)1244(the)1507(entire)1704(name)2029(string.)2340(This)2736(frustrates)3001(structural)3500(analysis)4006(of)4445(long)4596(names)4861(that)5219 t
720 1280 m
(differ)720(only)1027(in)1281(the)1415(last)1602(few)1810(characters.)2029 t
12 B f
720 1700 m
(4.)720(Prototype)890(Implementation)1436 t
12 R f
970 1876 m
(Of)970(considerable)1145(practical)1801(signi\256cance)2264(is)2887(whether)3017(the)3452(performance)3648(penalty)4303(of)4706(on-line)4855(\256le)5246 t
720 2016 m
(system)720(encryption)1096(is)1651(too)1773(great)1968(for)2249(routine)2430(use.)2812(The)3083(prototype)3310(CFS)3812(implementation)4067(is)4865(intended)4986 t
720 2156 m
(to)720(help)856(answer)1105(this)1487(question)1705(as)2156(well)2299(as)2549(provide)2692(some)3102(experience)3399(with)3961(practical)4218(applications)4675(of)5300 t
720 2296 m
(secure)720(\256le)1066(storage.)1260 t
970 2472 m
(The)970(CFS)1205(prototype)1468(is)1978(implemented)2108(entirely)2786(at)3203(user)3339(level,)3588(communicating)3901(with)4699(the)4963(Unix)5160 t
720 2612 m
(kernel)720(via)1074(the)1275(NFS)1476(interface.)1750(Each)2294(client)2587(machine)2909(runs)3370(a)3631(special)3737(NFS)4124(server,)4397 t
12 CW f
(cfsd)4805 t
12 R f
(\(CFS)5146 t
720 2752 m
(Daemon\),)720(on)1247(its)1419 t
12 I f
(localhost)1586 t
12 R f
(interface,)2100(that)2602(interprets)2835(CFS)3342(\256le)3608(system)3814(requests.)4201(At)4717(boot)4889(time,)5155 t
720 2892 m
(the)720(system)919(invokes)1306 t
12 CW f
(cfsd)1763 t
12 R f
(and)2102(issues)2326(an)2665(NFS)2829 t
12 CW f
(mount)3132 t
12 R f
(of)3543(its)3694(localhost)3860(interface)4346(on)4817(the)4988(CFS)5186 t
720 3032 m
(directory)720 t
12 CW f
(\(/crypt\))1249 t
12 R f
(to)1888(start)2045(CFS.)2316(\(To)2663(allow)2899(the)3229(client)3439(to)3770(also)3927(work)4185(as)4495(a)4659(regular)4776(NFS)5180 t
720 3172 m
(server,)720(CFS)1083(runs)1337(on)1584(a)1744(different)1837(port)2291(number)2525(from)2932(standard)3206(NFS\).)3653 t
970 3348 m
(The)970(NFS)1197(protocol)1458(is)1900(designed)2022(for)2490(remote)2671(\256le)3046(servers,)3241(and)3652(so)3866(assumes)4014(that)4457(the)4680(\256le)4869(system)5065 t
720 3488 m
(is)720(very)849(loosely)1110(coupled)1506(to)1934(the)2076(client)2271(\(even)2587(though,)2901(in)3312(CFS's)3453(case,)3801(they)4084(are)4338(actually)4531(the)4959(same)5153 t
720 3628 m
(machine\).)720(The)1282(client)1513(kernel)1826(communicates)2171(with)2911(the)3170(\256le)3362(system)3561(through)3942(17)4362 t
12 I f
(remote)4528(procedure)4907 t
720 3768 m
(calls)720(\(RPCs\))1011 t
12 R f
(that)1426(implement)1669(various)2247(\256le)2663(system-related)2879(primitives)3643(\(read,)4195(write,)4533(etc.\).)4872(The)5214 t
720 3908 m
(server)720(is)1072 t
12 I f
(stateless,)1212 t
12 R f
(in)1710(that)1863(it)2103(is)2230(not)2370(required)2583(to)3042(maintain)3196(any)3678(state)3911(data)4192(between)4452(individual)4911 t
720 4048 m
(client)720(calls.)1028 t
970 4224 m
(NFS)970(clients)1239(cache)1603(\256le)1924(blocks)2128(to)2492(enhance)2636(\256le)3078(system)3282(performance)3667(\(reducing)4323(the)4833(need)5030(to)5306 t
720 4364 m
(issue)720(requests)1008(to)1449(the)1590(server\);)1784(a)2198(simple)2298(protocol)2667(managed)3114(by)3593(the)3759(client)3952(maintains)4266(some)4781(degree)5081 t
720 4504 m
(of)720(cache)864(consistency.)1180(All)1855(communication)2053(is)2846(initiated)2971(by)3412(the)3577(client,)3769(and)4112(the)4330(server)4522(can)4860(simply)5071 t
720 4644 m
(process)720(each)1126(RPC)1391(as)1664(it)1810(is)1924(received)2051(and)2503(then)2722(wait)2974(for)3226(the)3411(next.)3603(Most)3925(of)4218(the)4363(complexity)4555(of)5142(an)5287 t
720 4784 m
(NFS)720(implementation)981(is)1779(in)1901(the)2036(generic)2224(client)2618(side)2927(of)3162(the)3303(interface,)3491(and)3982(it)4196(is)4306(therefore)4429(often)4904(pos-)5193 t
720 4924 m
(sible)720(to)988(implement)1122(new)1678(\256le)1917(system)2111(services)2486(entirely)2913(by)3321(adding)3481(a)3848(simple)3941(NFS)4303(server.)4563 t
12 CW f
970 5100 m
(cfsd)970 t
12 R f
(is)1312(implemented)1447(as)2130(an)2284(RPC)2451(server)2732(for)3079(an)3273(extended)3440(version)3928(of)4337(the)4492(NFS)4694(protocol.)4969 t
720 5240 m
(Additional)720(RPCs)1280(are)1599(de\256ned)1789(to)2186(allow)2324(attaching)2635(and)3120(detaching)3337(encrypted)3848(directories.)4365(Initially,)4987 t
720 5380 m
(the)720(root)924(of)1175(the)1332(CFS)1537(\256le)1809(system)2021(appears)2414(as)2838(an)2996(empty)3167(directory.)3526(The)4088 t
12 CW f
(cattach)4364 t
12 R f
(command)4926 t
720 5520 m
(sends)720(an)1028(RPC)1182(to)1450 t
12 CW f
(cfsd)1617 t
12 R f
(with)1946(arguments)2201(containing)2742(the)3290(full)3477(path)3685(name)3932(of)4232(a)4372(directory)4465(\(mounted)4939 t
720 5660 m
(elsewhere\),)720(the)1311(name)1500(of)1802(the)1944 t
12 S1 f
(")2133 t
12 R f
(attach)2182(point,)2511 t
12 S1 f
(")2789 t
12 R f
(and)2880(the)3095(key.)3284(If)3569(the)3691(key)3880(is)4095(correct)4218(\(as)4593(veri\256ed)4775(by)5184(a)5347 t
720 5800 m
(special)720(\256le)1103(in)1306(the)1449(directory)1645(encrypted)2128(with)2650(a)2913(hash)3015(of)3284(the)3433(supplied)3629(key\),)4085 t
12 CW f
(cfsd)4408 t
12 R f
(computes)4744(the)5253 t
720 5940 m
(cryptographic)720(mask)1435(\(described)1737(in)2285(the)2427(previous)2622(section\))3084(and)3513(creates)3734(an)4115(entry)4276(in)4571(its)4713(root)4877(direc-)5120 t
720 6080 m
(tory)720(under)975(the)1309(speci\256ed)1517(attach)2005(point)2353(name.)2662(The)3053(attach)3300(point)3648(entry)3957(appears)4265(as)4692(a)4853(directory)4966 t
720 6220 m
(owned)720(by)1090(the)1261(user)1459(who)1710(issued)1967(the)2319(attach)2517(request,)2855(with)3283(a)3548(protection)3652(mode)4191(of)4510(700)4662(to)4894(prevent)5040 t
720 6360 m
(others)720(from)1065(seeing)1350(its)1708(contents.)1874(\(Attaches)2395(marked)2905(as)3315 t
12 I f
(obscure,)3465 t
12 R f
(as)3945(described)4095(in)4605(section)4749(2,)5140(do)5280 t
720 6500 m
(not)720(appear)930(in)1305(the)1455(directory,)1658(however\).)2178(File)2756(system)3001(operations)3393(in)3951(the)4102(attached)4306(directory)4763(are)5254 t
720 6640 m
(sent)720(as)954(regular)1094(NFS)1474(RPCs)1734(to)2048 t
12 CW f
(cfsd)2214 t
12 R f
(via)2542(the)2729(standard)2916(NFS)3363(client)3623(interface.)3931 t
970 6816 m
(The)970(structure)1196(of)1657(CFS)1797(is)2051(described)2172(graphically)2672(in)3253(\256gure)3387(1.)3707 t
970 6992 m
(For)970(each)1186(encrypted)1454(\256le)1976(accessed)2179(through)2648(an)3072(attach)3235(point,)3572 t
12 CW f
(cfsd)3932 t
12 R f
(generates)4270(a)4773(unique)4876 t
12 I f
(\256le)5253 t
720 7132 m
(handle)720 t
12 R f
(which)1097(is)1440(used)1571(by)1841(the)2011(client)2208(NFS)2526(interface)2796(to)3266(refer)3410(to)3686(the)3830(\256le.)4027(For)4301(each)4518(attach)4786(point,)5122 t
cleartomark
showpage
restore
%%EndPage: 10 10
%%Page: 11 11
save
mark
11 pagesetup
12 R f
2920 500 m
(-)2920(11)3000(-)3160 t
cleartomark restore
%%BeginGlobal
%
% Version 3.1 drawing procedures for dpost. Automatically pulled in, but only
% when needed.
%

/inpath false def
/savematrix matrix currentmatrix def

/Dl {
	inpath
		{pop pop neg lineto}
		{newpath neg moveto neg lineto stroke}
	ifelse
} bind def

/De {
	/y1 exch 2 div def
	/x1 exch 2 div def
	neg exch x1 add exch translate
	x1 y1 scale
	0 0 1 0 360
	inpath
		{1 0 moveto arc savematrix setmatrix}
		{newpath arc savematrix setmatrix stroke}
	ifelse
} bind def

/Da {
	/dy2 exch def
	/dx2 exch def
	/dy1 exch def
	/dx1 exch def
	dy1 add neg exch dx1 add exch
	dx1 dx1 mul dy1 dy1 mul add sqrt
	dy1 dx1 neg atan
	dy2 neg dx2 atan
	inpath
		{arc}
		{newpath arc stroke}
	ifelse
} bind def

/DA {
	/dy2 exch def
	/dx2 exch def
	/dy1 exch def
	/dx1 exch def
	dy1 add neg exch dx1 add exch
	dx1 dx1 mul dy1 dy1 mul add sqrt
	dy1 dx1 neg atan
	dy2 neg dx2 atan
	inpath
		{arcn}
		{newpath arcn stroke}
	ifelse
} bind def

/Ds {
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	/y0 exch def
	/x0 exch def
	x0 5 x1 mul add 6 div
	y0 5 y1 mul add -6 div
	x2 5 x1 mul add 6 div
	y2 5 y1 mul add -6 div
	x1 x2 add 2 div
	y1 y2 add -2 div
	inpath
		{curveto}
		{newpath x0 x1 add 2 div y0 y1 add -2 div moveto curveto stroke}
	ifelse
} bind def
%%EndGlobal
save mark
11 R f
2116 2080 2116 2260 Dl
2879 2080 2116 2080 Dl
2880 2260 2880 2080 Dl
2117 2260 2880 2260 Dl
12 R f
2160 2212 m
(NFS)2160(client)2420 t
2880 2619 2944 2581 Dl
2880 2619 2954 2616 Dl
2880 2620 -22 -247 22 -246 Da
2880 2125 2954 2128 Dl
2880 2125 2944 2163 Dl
2880 1809 2933 1758 Dl
2880 1809 2951 1789 Dl
2880 1810 -90 -270 90 -270 Da
2880 1270 2951 1290 Dl
2880 1270 2933 1321 Dl
2744 3609 2816 3592 Dl
2744 3610 2816 3628 Dl
2744 3610 61 -293 74 -291 Da
2880 3024 2952 3039 Dl
2880 3025 2936 3072 Dl
2250 3430 486 90 De
2250 3790 486 90 De
2116 1720 2116 1900 Dl
2879 1720 2116 1720 Dl
2880 1900 2880 1720 Dl
2117 1900 2880 1900 Dl
1252 2303 1216 2303 Dl
1324 2303 1288 2303 Dl
1396 2303 1360 2303 Dl
1468 2303 1432 2303 Dl
1539 2303 1503 2303 Dl
1611 2303 1575 2303 Dl
1683 2303 1647 2303 Dl
1754 2303 1718 2303 Dl
1826 2303 1790 2303 Dl
1897 2303 1861 2303 Dl
1969 2303 1933 2303 Dl
2041 2303 2005 2303 Dl
2113 2303 2077 2303 Dl
2185 2303 2149 2303 Dl
2256 2303 2220 2303 Dl
2328 2303 2292 2303 Dl
2399 2303 2363 2303 Dl
2471 2303 2435 2303 Dl
2543 2303 2507 2303 Dl
2615 2303 2579 2303 Dl
2687 2303 2651 2303 Dl
2758 2303 2722 2303 Dl
2830 2303 2794 2303 Dl
2901 2303 2865 2303 Dl
2973 2303 2937 2303 Dl
2973 2267 2973 2303 Dl
2973 2192 2973 2228 Dl
2973 2118 2973 2154 Dl
2973 2043 2973 2079 Dl
2973 1968 2973 2004 Dl
2973 1893 2973 1929 Dl
2973 1819 2973 1855 Dl
2973 1744 2973 1780 Dl
2973 1669 2973 1705 Dl
2937 1669 2973 1669 Dl
2865 1669 2901 1669 Dl
2794 1669 2830 1669 Dl
2722 1669 2758 1669 Dl
2651 1669 2687 1669 Dl
2579 1669 2615 1669 Dl
2507 1669 2543 1669 Dl
2435 1669 2471 1669 Dl
2363 1669 2399 1669 Dl
2292 1669 2328 1669 Dl
2220 1669 2256 1669 Dl
2149 1669 2185 1669 Dl
2077 1669 2113 1669 Dl
2005 1669 2041 1669 Dl
1933 1669 1969 1669 Dl
1861 1669 1897 1669 Dl
1790 1669 1826 1669 Dl
1718 1669 1754 1669 Dl
1647 1669 1683 1669 Dl
1575 1669 1611 1669 Dl
1503 1669 1539 1669 Dl
1432 1669 1468 1669 Dl
1360 1669 1396 1669 Dl
1288 1669 1324 1669 Dl
1216 1669 1252 1669 Dl
1216 1705 1216 1669 Dl
1216 1780 1216 1744 Dl
1216 1855 1216 1819 Dl
1216 1929 1216 1893 Dl
1216 2004 1216 1968 Dl
1216 2079 1216 2043 Dl
1216 2154 1216 2118 Dl
1216 2228 1216 2192 Dl
1216 2303 1216 2267 Dl
2294 2080 2294 1900 Dl
2294 2080 2276 2008 Dl
2294 2080 2312 2008 Dl
1980 2395 1 1 De
9 R f
1161 3249 m
(.)1161(.)1188(.)1214(.)1241(.)1268(.)1295(.)1322(.)1348(.)1375(.)1402(.)1428(.)1455(.)1482(.)1508(.)1535(.)1562(.)1589(.)1615(.)1642(.)1669(.)1695(.)1722(.)1749(.)1775(.)1802(.)1829(.)1856(.)1883(.)1909(.)1936(.)1962(.)1989(.)2016(.)2042(.)2069(.)2096(.)
2123(.)2150(.)2176(.)2203(.)2230(.)2256(.)2283(.)2310(.)2336(.)2364(.)2390(.)2417(.)2443(.)2470(.)2497 t
(.)2523(.)2550(.)2577(.)2603(.)2631(.)2657(.)2684(.)2711(.)2737(.)2764(.)2790(.)2817(.)2844(.)2870(.)2898(.)2924(.)2951(.)2978(.)3004(.)3004 t
3004 3222 m
(.)3004 t
3004 3196 m
(.)3004 t
3004 3168 m
(.)3004 t
3004 3142 m
(.)3004 t
3004 3115 m
(.)3004 t
3004 3088 m
(.)3004 t
3004 3062 m
(.)3004 t
3004 3035 m
(.)3004 t
3004 3008 m
(.)3004 t
3004 2981 m
(.)3004 t
3004 2954 m
(.)3004 t
3004 2928 m
(.)3004 t
3004 2901 m
(.)3004 t
3004 2874 m
(.)3004 t
3004 2847 m
(.)3004 t
3004 2821 m
(.)3004 t
3004 2794 m
(.)3004 t
3004 2767 m
(.)3004 t
3004 2740 m
(.)3004 t
3004 2713 m
(.)3004 t
3004 2687 m
(.)3004 t
3004 2660 m
(.)3004 t
3004 2633 m
(.)3004 t
3004 2607 m
(.)3004 t
3004 2579 m
(.)3004 t
3004 2553 m
(.)3004 t
3004 2526 m
(.)3004 t
3004 2499 m
(.)3004 t
3004 2473 m
(.)3004 t
3004 2445 m
(.)3004 t
3004 2419 m
(.)3004 t
3004 2392 m
(.)3004(.)3004(.)2978(.)2951(.)2924(.)2898(.)2870(.)2844(.)2817(.)2790(.)2764(.)2737(.)2711(.)2684(.)2657(.)2631(.)2603(.)2577(.)2550(.)2523(.)2497(.)2470(.)2443(.)2417(.)2390(.)2364(.)2336(.)2310(.)2283(.)2256(.)2230(.)2203(.)2176(.)2150(.)2123(.)2096(.)
2069(.)2042(.)2016(.)1989(.)1962(.)1936(.)1909(.)1883(.)1856(.)1829(.)1802(.)1775(.)1749(.)1722(.)1695 t
(.)1669(.)1642(.)1615(.)1589(.)1562(.)1535(.)1508(.)1482(.)1455(.)1428(.)1402(.)1375(.)1348(.)1322(.)1295(.)1268(.)1241(.)1214(.)1188(.)1161(.)1161 t
1161 2419 m
(.)1161 t
1161 2445 m
(.)1161 t
1161 2473 m
(.)1161 t
1161 2499 m
(.)1161 t
1161 2526 m
(.)1161 t
1161 2553 m
(.)1161 t
1161 2579 m
(.)1161 t
1161 2607 m
(.)1161 t
1161 2633 m
(.)1161 t
1161 2660 m
(.)1161 t
1161 2687 m
(.)1161 t
1161 2713 m
(.)1161 t
1161 2740 m
(.)1161 t
1161 2767 m
(.)1161 t
1161 2794 m
(.)1161 t
1161 2821 m
(.)1161 t
1161 2847 m
(.)1161 t
1161 2874 m
(.)1161 t
1161 2901 m
(.)1161 t
1161 2928 m
(.)1161 t
1161 2954 m
(.)1161 t
1161 2981 m
(.)1161 t
1161 3008 m
(.)1161 t
1161 3035 m
(.)1161 t
1161 3062 m
(.)1161 t
1161 3088 m
(.)1161 t
1161 3115 m
(.)1161 t
1161 3142 m
(.)1161 t
1161 3168 m
(.)1161 t
1161 3196 m
(.)1161 t
1161 3222 m
(.)1161 t
1161 3249 m
(.)1161 t
12 R f
1252 3203 1216 3203 Dl
1324 3203 1288 3203 Dl
1396 3203 1360 3203 Dl
1468 3203 1432 3203 Dl
1539 3203 1503 3203 Dl
1611 3203 1575 3203 Dl
1683 3203 1647 3203 Dl
1754 3203 1718 3203 Dl
1826 3203 1790 3203 Dl
1897 3203 1861 3203 Dl
1969 3203 1933 3203 Dl
2041 3203 2005 3203 Dl
2113 3203 2077 3203 Dl
2185 3203 2149 3203 Dl
2256 3203 2220 3203 Dl
2328 3203 2292 3203 Dl
2399 3203 2363 3203 Dl
2471 3203 2435 3203 Dl
2543 3203 2507 3203 Dl
2615 3203 2579 3203 Dl
2687 3203 2651 3203 Dl
2758 3203 2722 3203 Dl
2830 3203 2794 3203 Dl
2901 3203 2865 3203 Dl
2973 3203 2937 3203 Dl
2973 3167 2973 3203 Dl
2973 3094 2973 3130 Dl
2973 3021 2973 3057 Dl
2973 2949 2973 2985 Dl
2973 2876 2973 2912 Dl
2973 2803 2973 2839 Dl
2973 2730 2973 2766 Dl
2973 2658 2973 2694 Dl
2973 2585 2973 2621 Dl
2973 2512 2973 2548 Dl
2973 2440 2973 2476 Dl
2937 2440 2973 2440 Dl
2865 2440 2901 2440 Dl
2794 2440 2830 2440 Dl
2722 2440 2758 2440 Dl
2651 2440 2687 2440 Dl
2579 2440 2615 2440 Dl
2507 2440 2543 2440 Dl
2435 2440 2471 2440 Dl
2363 2440 2399 2440 Dl
2292 2440 2328 2440 Dl
2220 2440 2256 2440 Dl
2149 2440 2185 2440 Dl
2077 2440 2113 2440 Dl
2005 2440 2041 2440 Dl
1933 2440 1969 2440 Dl
1861 2440 1897 2440 Dl
1790 2440 1826 2440 Dl
1718 2440 1754 2440 Dl
1647 2440 1683 2440 Dl
1575 2440 1611 2440 Dl
1503 2440 1539 2440 Dl
1432 2440 1468 2440 Dl
1360 2440 1396 2440 Dl
1288 2440 1324 2440 Dl
1216 2440 1252 2440 Dl
1216 2476 1216 2440 Dl
1216 2548 1216 2512 Dl
1216 2621 1216 2585 Dl
1216 2694 1216 2658 Dl
1216 2766 1216 2730 Dl
1216 2839 1216 2803 Dl
1216 2912 1216 2876 Dl
1216 2985 1216 2949 Dl
1216 3057 1216 3021 Dl
1216 3130 1216 3094 Dl
1216 3203 1216 3167 Dl
2116 2887 2116 3160 Dl
2879 2886 2116 2886 Dl
2880 3159 2880 2886 Dl
2117 3160 2880 3160 Dl
2294 2889 2294 2755 Dl
2294 2890 2276 2818 Dl
2294 2890 2312 2818 Dl
2654 2756 2654 2890 Dl
2654 2755 2672 2827 Dl
2654 2755 2636 2827 Dl
2116 2483 2116 2756 Dl
2879 2483 2116 2483 Dl
2880 2756 2880 2483 Dl
2117 2756 2880 2756 Dl
1252 3923 1216 3923 Dl
1324 3923 1288 3923 Dl
1396 3923 1360 3923 Dl
1468 3923 1432 3923 Dl
1539 3923 1503 3923 Dl
1611 3923 1575 3923 Dl
1683 3923 1647 3923 Dl
1754 3923 1718 3923 Dl
1826 3923 1790 3923 Dl
1897 3923 1861 3923 Dl
1969 3923 1933 3923 Dl
2041 3923 2005 3923 Dl
2113 3923 2077 3923 Dl
2185 3923 2149 3923 Dl
2256 3923 2220 3923 Dl
2328 3923 2292 3923 Dl
2399 3923 2363 3923 Dl
2471 3923 2435 3923 Dl
2543 3923 2507 3923 Dl
2615 3923 2579 3923 Dl
2687 3923 2651 3923 Dl
2758 3923 2722 3923 Dl
2830 3923 2794 3923 Dl
2901 3923 2865 3923 Dl
2973 3923 2937 3923 Dl
2973 3887 2973 3923 Dl
2973 3818 2973 3854 Dl
2973 3750 2973 3786 Dl
2973 3682 2973 3718 Dl
2973 3613 2973 3649 Dl
2973 3545 2973 3581 Dl
2973 3476 2973 3512 Dl
2973 3408 2973 3444 Dl
2973 3340 2973 3376 Dl
2937 3340 2973 3340 Dl
2865 3340 2901 3340 Dl
2794 3340 2830 3340 Dl
2722 3340 2758 3340 Dl
2651 3340 2687 3340 Dl
2579 3340 2615 3340 Dl
2507 3340 2543 3340 Dl
2435 3340 2471 3340 Dl
2363 3340 2399 3340 Dl
2292 3340 2328 3340 Dl
2220 3340 2256 3340 Dl
2149 3340 2185 3340 Dl
2077 3340 2113 3340 Dl
2005 3340 2041 3340 Dl
1933 3340 1969 3340 Dl
1861 3340 1897 3340 Dl
1790 3340 1826 3340 Dl
1718 3340 1754 3340 Dl
1647 3340 1683 3340 Dl
1575 3340 1611 3340 Dl
1503 3340 1539 3340 Dl
1432 3340 1468 3340 Dl
1360 3340 1396 3340 Dl
1288 3340 1324 3340 Dl
1216 3340 1252 3340 Dl
1216 3376 1216 3340 Dl
1216 3444 1216 3408 Dl
1216 3512 1216 3476 Dl
1216 3581 1216 3545 Dl
1216 3649 1216 3613 Dl
1216 3718 1216 3682 Dl
1216 3786 1216 3750 Dl
1216 3854 1216 3818 Dl
1216 3923 1216 3887 Dl
2250 3790 2250 3430 Dl
2744 3790 2744 3430 Dl
2116 1137 2116 1453 Dl
2879 1136 2116 1136 Dl
2880 1452 2880 1136 Dl
2117 1453 2880 1453 Dl
1252 1583 1216 1583 Dl
1324 1583 1288 1583 Dl
1396 1583 1360 1583 Dl
1468 1583 1432 1583 Dl
1539 1583 1503 1583 Dl
1611 1583 1575 1583 Dl
1683 1583 1647 1583 Dl
1754 1583 1718 1583 Dl
1826 1583 1790 1583 Dl
1897 1583 1861 1583 Dl
1969 1583 1933 1583 Dl
2041 1583 2005 1583 Dl
2113 1583 2077 1583 Dl
2185 1583 2149 1583 Dl
2256 1583 2220 1583 Dl
2328 1583 2292 1583 Dl
2399 1583 2363 1583 Dl
2471 1583 2435 1583 Dl
2543 1583 2507 1583 Dl
2615 1583 2579 1583 Dl
2687 1583 2651 1583 Dl
2758 1583 2722 1583 Dl
2830 1583 2794 1583 Dl
2901 1583 2865 1583 Dl
2973 1583 2937 1583 Dl
2973 1547 2973 1583 Dl
2973 1478 2973 1514 Dl
2973 1410 2973 1446 Dl
2973 1342 2973 1378 Dl
2973 1273 2973 1309 Dl
2973 1205 2973 1241 Dl
2973 1136 2973 1172 Dl
2973 1068 2973 1104 Dl
2973 1000 2973 1036 Dl
2937 1000 2973 1000 Dl
2865 1000 2901 1000 Dl
2794 1000 2830 1000 Dl
2722 1000 2758 1000 Dl
2651 1000 2687 1000 Dl
2579 1000 2615 1000 Dl
2507 1000 2543 1000 Dl
2435 1000 2471 1000 Dl
2363 1000 2399 1000 Dl
2292 1000 2328 1000 Dl
2220 1000 2256 1000 Dl
2149 1000 2185 1000 Dl
2077 1000 2113 1000 Dl
2005 1000 2041 1000 Dl
1933 1000 1969 1000 Dl
1861 1000 1897 1000 Dl
1790 1000 1826 1000 Dl
1718 1000 1754 1000 Dl
1647 1000 1683 1000 Dl
1575 1000 1611 1000 Dl
1503 1000 1539 1000 Dl
1432 1000 1468 1000 Dl
1360 1000 1396 1000 Dl
1288 1000 1324 1000 Dl
1216 1000 1252 1000 Dl
1216 1036 1216 1000 Dl
1216 1104 1216 1068 Dl
1216 1172 1216 1136 Dl
1216 1241 1216 1205 Dl
1216 1309 1216 1273 Dl
1216 1378 1216 1342 Dl
1216 1446 1216 1410 Dl
1216 1514 1216 1478 Dl
1216 1583 1216 1547 Dl
2654 1900 2654 2080 Dl
2654 1900 2672 1972 Dl
2654 1900 2636 1972 Dl
720 1044 m
(.)720 t
1260 1990 m
(Unix)1260(Kernel)1540 t
1260 1854 m
(Client's)1260(system)2160(calls)2535 t
3150 1674 m
(system)3150(call)3525(interface)3739 t
2160 2710 m
(NFS)2160(Server)2420 t
2160 2574 m
(Localhost)2160 t
2160 2980 m
(Encryption-)2160 t
2160 3114 m
(Decryption)2160 t
1260 2844 m
(CFS)1260(Daemon)1514 t
1260 3610 m
(Underlying)1260 t
1260 3772 m
(Storage)1260 t
2294 3564 m
(any)2294(\256le)2507 t
2294 3726 m
(system)2294 t
3150 2350 m
(localhost)3150(interface)3625 t
3150 2484 m
(\(cleartext\))3150 t
3150 3294 m
(network)3150(interface)3583 t
3150 3430 m
(\(encrypted\))3150 t
2160 1314 m
(any)2160(program)2373 t
1260 1224 m
(Application)1260 t
1260 1386 m
(software)1260 t
12 B f
2394 4203 m
(Figure)2394(1)2774(-)2874(CFS)2954(Prototype)3220 t
12 R f
720 4483 m
(the)720(CFS)920(daemon)1187(maintains)1620(a)2142(table)2248(of)2535(handles)2688(and)3109(their)3336(corresponding)3611(underlying)4352(encrypted)4927 t
720 4623 m
(names.)720(When)1143(a)1475(read)1574(or)1826(write)1971(operation)2263(occurs,)2762(the)3150(handle)3342(is)3707(used)3833(as)4098(an)4243(index)4401(into)4713(this)4946(table)5166 t
720 4763 m
(to)720(\256nd)858(the)1089(underlying)1280(\256le)1846(name.)2045 t
12 CW f
(cfsd)2452 t
12 R f
(uses)2785(regular)3037(Unix)3422(system)3707(calls)4087(to)4353(read)4492(and)4743(write)4961(the)5253 t
720 4903 m
(\256le)720(contents,)924(which)1405(are)1748(encrypted)1944(before)2467(writing)2823(and)3221(decrypted)3444(after)3966(reading,)4235(as)4674(appropriate.)4823 t
720 5043 m
(To)720(avoid)900(repeated)1215 t
12 I f
(open)1669 t
12 R f
(and)1970 t
12 I f
(close)2191 t
12 R f
(calls,)2506 t
12 CW f
(cfsd)2837 t
12 R f
(also)3173(maintains)3415(a)3932(small)4033(cache)4343(of)4663(\256le)4811(descrip-)5013 t
720 5183 m
(tors)720(for)946(\256les)1131(on)1377(which)1542(there)1879(have)2163(been)2433(recent)2703(operations.)3040(Directory)3655(and)4159(symbolic)4376(link)4862(opera-)5094 t
720 5323 m
(tions,)720(such)1034(as)1304 t
12 I f
(readdir,)1454(readlink,)1915 t
12 R f
(and)2416 t
12 I f
(lookup)2639 t
12 R f
(are)3036(similarly)3232(translated)3712(into)4230(appropriate)4468(system)5065 t
720 5463 m
(calls)720(and)981(encrypted)1194(and)1707(decrypted)1920(as)2433(needed.)2573 t
970 5639 m
(To)970(prevent)1151(intruders)1559(from)2035(issuing)2317(RPC)2707(calls)2982(to)3251(CFS)3393(directly)3655(\(and)4072(thereby)4334(thwarting)4743(the)5253 t
720 5779 m
(protection)720(mechanism\),)1252 t
12 CW f
(cfsd)1946 t
12 R f
(only)2278(accepts)2536(RPCs)2933(that)3251(originate)3476(from)3948(a)4226(privileged)4322(port)4853(on)5090(the)5253 t
720 5919 m
(local)720(machine.)994 t
12 CW f
970 6095 m
(cfsd)970 t
12 R f
(is)1316(considerably)1455(simpler)2127(than)2547(a)2812(full)2923(\256le)3149(system.)3361(In)3824(particular,)3983(it)4533(knows)4660(nothing)5032 t
720 6235 m
(about)720(the)1036(actual)1232(storage)1568(of)1964(\256les)2113(on)2363(disks,)2532(relying)2858(on)3247(the)3415(underlying)3610(\256le)4179(systems)4381(to)4811(take)4953(care)5201 t
720 6375 m
(of)720(this.)875(This)1175(simplicity)1444(comes)1983(at)2345(the)2488(expense)2691(of)3133(performance.)3289(Because)4021(it)4476(is)4600(at)4737(user)4880(level,)5136 t
720 6515 m
(using)720(system)1027(calls)1408(to)1675(store)1815(data,)2094(and)2369(because)2587(it)3011(communicates)3124(with)3864(its)4123(client)4283(through)4596(an)5015(RPC)5173 t
720 6655 m
(interface,)720(it)1237(must)1372(perform)1675(several)2130(extraneous)2538(data)3126(copies)3394(for)3769(each)3977(client)4264(request.)4600(In)5085(the)5253 t
720 6795 m
(diagram)720(in)1162(\256gure)1304(1,)1632(each)1770(arc)2037(represents)2231(the)2766(crossing)2960(of)3408(a)3555(kernel)3655(boundary,)4002(with)4532(considerable)4793 t
720 6935 m
(associated)720(context)1254(switch)1648(overhead.)2002(The)2551(DES)2778(encryption)3045(code)3600(itself,)3867(which)4180(is)4514(implemented)4636(in)5306 t
720 7075 m
(software,)720(dominates)1213(the)1758(cost)1955(of)2199(each)2349(\256le)2618(system)2822(request.)3207(CFS)3674(access)3938(could,)4294(based)4641(on)4964(worst)5133 t
cleartomark
showpage
restore
%%EndPage: 11 11
%%Page: 12 12
save
mark
12 pagesetup
12 R f
2920 500 m
(-)2920(12)3000(-)3160 t
720 860 m
(case)720(analysis)966(of)1394(its)1534(components,)1689(take)2340(up)2580(to)2740(six)2874(times)3055(as)3357(long)3497(as)3751(the)3891(underlying)4078(storage.)4639 t
970 1036 m
(CFS)970(performance)1242(is)1906(much)2045(better)2370(in)2702(practice,)2854(however.)3322(Informal)3862(benchmarks)4342(\(such)4981(as)5300 t
720 1176 m
(compiling)720(itself\),)1254(with)1611(underlying)1870(\256les)2436(on)2682(both)2847(local)3106(and)3385(remotely)3602(mounted)4074(\256le)4539(systems,)4737(sug-)5193 t
720 1316 m
(gest)720(a)962(fairly)1063(consistent)1373(factor)1904(of)2233(approximately)2382(1.5)3126(using)3325(CFS)3635(compared)3898(with)4420(the)4683(underlying)4879 t
720 1456 m
(\256le)720(system.)935(This)1401(surprising)1675(performance)2217(can)2883(be)3109(attributed)3282(to)3804(two)3958(factors.)4198(First,)4655(the)4967(DES)5174 t
720 1596 m
(software)720(implementation[5])1182(used)2128(in)2397(CFS)2541(is)2805(highly)2936(optimized)3294(\(running)3826(at)4290(about)4427(ten)4744(times)4941(the)5253 t
720 1736 m
(speed)720(of)1040(the)1187(standard)1381(library)1835(implementaton\),)2202(enabling)3041(encryption)3501(at)4061(close)4194(to)4487(disk)4627(I/O)4874(speeds)5080 t
720 1876 m
(on)720(modern)900(workstations.)1327(Second,)2072(and)2515(perhaps)2748(most)3181(importantly,)3476(the)4129(hit)4336(rate)4524(of)4764(the)4924(client)5132 t
720 2016 m
(cache)720(under)1051(typical)1383(Unix)1770(workloads)2069(is)2628(generally)2768(quite)3274(high)3574(\(above)3847(70%\),)4232(so)4581(most)4747(I/O)5041(for)5260 t
720 2156 m
(encrypted)720(\256les)1233(never)1474(actually)1780(reaches)2202(CFS.)2602(Of)2927(course,)3094(it)3478(is)3587(possible)3709(to)4145(construct)4280(a)4762 t
12 S1 f
(")4856 t
12 R f
(pathologi-)4905 t
720 2296 m
(cal)720 t
12 S1 f
(")860 t
12 R f
(workload)955(that)1454(will)1681(defeat)1915(the)2254(cache,)2447(and)2795(such)3014(workloads)3280(do)3826(cause)3992(CFS)4303(to)4562(perform)4701(about)5133 t
720 2436 m
(twice)720(again)1020(as)1320(slowly.)1460 t
970 2612 m
(A)970(forthcoming)1096(paper)1731(analyzes)2037(CFS)2490(performance)2744(in)3390(more)3524(detail.)3811 t
12 B f
720 3032 m
(5.)720(Conclusions)890 t
12 R f
970 3208 m
(CFS)970(provides)1226(a)1683(simple)1779(mechanism)2144(to)2735(protect)2872(data)3249(written)3492(to)3876(disks)4013(and)4304(sent)4520(to)4757(networked)4894 t
720 3348 m
(\256le)720(servers.)929(Although)1394(experience)1903(with)2477(CFS)2746(and)3015(with)3243(user)3512(interaction)3767(is)4336(still)4471(limited)4708(to)5105(the)5253 t
720 3488 m
(research)720(environment,)1165(performance)1849(on)2501(modern)2667(workstations)3080(appears)3741(to)4153(be)4293(within)4452(a)4806(range)4906(that)5219 t
720 3628 m
(allows)720(its)1074(routine)1229(use.)1610 t
12 B f
720 4048 m
(6.)720(Acknowledgements)890 t
12 R f
970 4224 m
(The)970(author)1204(would)1559(like)1908(to)2138(express)2281(his)2690(sincere)2880(thanks)3269(to)3632(Don)3775(Mitchell)4030(and)4488(Jack)4710(Lacy)4972(for)5260 t
720 4364 m
(their)720(help)1003(in)1272(using)1428(their)1750(excellent)2032(CryptoLib)2527(software.)3089(Steve)3633(Bellovin)3961(made)4437(a)4758(number)4872(of)5300 t
720 4504 m
(helpful)720(suggestions)1108(on)1717(lines)1884(of)2159(attack)2306(on)2640(CFS.)2807(Howard)3098(Katseff)3530(entrusted)3930(CFS)4418(with)4680(real)4942(data,)5170 t
720 4644 m
(and)720(cheerfully)936(suffered)1466(through)1902(each)2319(new)2581(\(and)2823(incompatible\))3079(release.)3791(Tom)4237(London)4507(is)4923(owed)5046(a)5347 t
720 4784 m
(particular)720(debt)1225(of)1476(gratitude)1620(for)2092(creating)2276(the)2707(highly)2898(supportive)3251(environment)3804(in)4457(which)4596(this)4934(work)5154 t
720 4924 m
(was)720(done.)946 t
12 B f
720 5344 m
(7.)720(References)890 t
12 R f
720 5660 m
([1])720(National)970(Bureau)1452(of)1866(Standards,)2034 t
12 S1 f
(")2606 t
12 R f
(Data)2655(Encryption)2949(Standard.)3551 t
12 S1 f
(")4008 t
12 R f
(FPSP)4165 t
12 S1 f
(#)4501 t
12 R f
(46,)4561(NTIS,)4779(Apr.)5184 t
970 5800 m
(1977.)970 t
720 5976 m
([2])720(Lai,)970(X.)1203(and)1362(Massey,)1578(J.)2018 t
12 S1 f
(")2138 t
12 R f
(A)2187(proposal)2316(for)2773(a)2956(new)3053(block)3296(encryption)3607(standard.)4165 t
12 S1 f
(")4602 t
12 I f
(Proc.)4735(EURO-)5042 t
970 6116 m
(CRYPT)970(90,)1370 t
12 R f
(389--404,)1560(1990.)2070 t
720 6292 m
([3])720(Howard,)970(J.H.,)1428(Kazar,)1694(M.L.,)2052(Menees,)2365(S.G.,)2812(Nichols,)3099(D.A.,)3547(Satyanaryanan,)3853(M.)4633(&)4854(Sidebot-)4992 t
970 6432 m
(ham,)970(R.N.)1253 t
12 S1 f
(")1565 t
12 R f
(Scale)1614(and)1920(Performance)2139(in)2798(Distributed)2938(File)3526(Systems.)3760 t
12 S1 f
(")4192 t
12 I f
(ACM)4326(Trans.)4624(Comput-)4980 t
970 6572 m
(ing)970(Systems,)1164 t
12 R f
(Vol.)1614(6,)1864(No.)1994(1,)2210(\(February\),)2340(1988.)2923 t
720 6748 m
([4])720(Sandberg,)970(R.,)1507(Goldberg,)1702(D.,)2240(Kleiman,)2441(S.,)2940(Walsh,)3122(D.,)3514(&)3715(Lyon,)3864(B.)4202 t
12 S1 f
(")4407 t
12 R f
(Design)4456(and)4851(Imple-)5079 t
970 6888 m
(mentation)970(of)1492(the)1632(Sun)1819(Network)2046(File)2505(System.)2733 t
12 S1 f
(")3118 t
12 I f
(Proc.)3247(USENIX,)3550 t
12 R f
(Summer,)4032(1985.)4510 t
cleartomark
showpage
restore
%%EndPage: 12 12
%%Page: 13 13
save
mark
13 pagesetup
12 R f
2920 500 m
(-)2920(13)3000(-)3160 t
720 860 m
([5])720(Lacy,)970(J.,)1291(Mitchell,)1450(D.,)1941(and)2139(Schell,)2364(W.,)2747 t
12 S1 f
(")2972 t
12 R f
(CryptoLib:)3021(A)3608(C)3747(Library)3880(of)4293(Routines)4446(for)4927(Cryp-)5120 t
970 1000 m
(tosystems.)970 t
12 S1 f
(")1476 t
12 R f
(AT&T)1605(Bell)1971(Laboratories)2212(document,)2859(1992.)3403 t
cleartomark
showpage
restore
%%EndPage: 13 13
%%Trailer
done
%%DocumentFonts: Times-Bold Times-Italic Times-Roman Courier
%%Pages: 13