Key Management in an Encrypting File System

As distributed computing systems grow in size, complexity and variety of application, the problem of protecting sensitive data from unauthorized disclosure and tampering becomes increasingly important. Cryptographic techniques can play an important role in protecting communication links and file data, since access to data can be limited to those who hold the proper key. In the case of file data, however, the routine use of encryption facilities often places the organizational requirements of information security in opposition to those of information management. Since strong encryption implies that only the holders of the cryptographic key have access to the cleartext data, an organization may be denied the use of its own critical business records if the key used to encrypt these records becomes unavailable (e.g., through the accidental death of the key holder). This paper describes a system, based on cryptographic "smartcards," for the temporary "escrow" of file encryption keys for critical files in a cryptographic file system. Unlike conventional escrow schemes, this system is bilaterally auditable, in that the holder of an escrowed key can verify that, in fact, he or she holds the key to a particular directory and the owner of the key can verify, when the escrow period is ended, that the escrow agent has neither used the key nor can use it in the future. We describe a new algorithm, based on the DES cipher, for the online encryption of file data in a secure and efficient manner that is suitable for use in a smartcard.