CS252 Spring 2007 class project by Steven Houston and Thomas Kho
We implement an encrypted file system that uses a Trusted Platform Module (TPM) to securely store file encryption keys. Key management is centralized. We identified the ability of a key server to verify deletion of file encryption keys on clients to reduce the amount of re-encryption necessary on key revocation. We place the TPM on the file-read datapath and encrypt files with RSA. In benchmarking filesystem performance, we found that read and write speeds were orders of magnitude slower than without encryption. Software decryption was about twice as fast as hardware decryption via TPM.
Report and presentation available for download.
Note: This software was tested on Mac OS X 10.4.9 and requires MacFuse (tested with 2.6.3) and the TPM driver (version 1.0.0) for OS X. /dev/tpm must be accesible to the user.
To build, run make. Use the script tfs_mount.sh to mount the file system. We use TPM/J-style password representations for SRK and owner password (e.g. -p123 to denote a SHA1 password, 123 for a Vista-style password)