eCryptfs: An Enterprise-class Encrypted Filesystem for Linux

eCryptfs is a cryptographic filesystem for Linux that stacks on top of existing filesystems. It provides functionality similar to that of GnuPG, except the process of encrypting and decrypting the data is done transparently from the perspective of the application. eCryptfs leverages the recently introduced Linux kernel keyring service, the kernel cryptographic API, the Linux Pluggable Authentication Modules (PAM) framework, OpenSSL/GPGME, the Trusted Platform Module (TPM), and the GnuPG keyring in order to make the process of key and authentication token management seamless to the end user. 1 Enterprise Requirements Any cryptographic application is hard to implement correctly and hard to effectively deploy. When key management and interaction with the cryptographic processes are cumbersome and unwieldy, people will tend to ignore, disable, or circumvent the security measures. They will select insecure passphrases, mishandle their secret keys, or fail to encrypt their sensitive data altogether. This places the confidentiality and the integrity of the data in jeopardy of compromise in the event of unauthorized access to the media on which the data is stored. While users and administrators take great pains to configure access control mechanisms, including measures such as user account and privilege separation, Mandatory Access Control[13], and biometric identification, they often fail to fully consider the circumstances where none of these technologies can have any effect – for example, when the media itself is separated from the control of its host environment. In these cases, access control must be enforced via cryptography. When a business process incorporates a cryptographic solution, it must take several issues into account. How will this affect incremental backups? What sort of mitigation is in place to address key loss? What sort of education is required on the part of the employees? What should the policies be? Who should decide them, and how are they expressed? How disruptive or costly will this technology be? What class of cryptography is appropriate, given the risks? Just what are the risks, anyway? Whenever sensitive data is involved, it is incumbent upon those responsible for the information to reflect on these sorts of questions and to take action accordingly. We see today that far too many businesses ne-