To avoid re-encryption in cryptographic storage system when revoking users, Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) hardware module have been introduced to a cryptographic object store system, let private key never leave the hardware module and symmetric key only exist in hardware module in plaintext. Anyone doesn''t know private or symmetric key, so when revoking users, it just needs to modify access control list (ACL) to delete the privileges of the users. To facilitate file sharing and key management, group is adopted. In our system, almost all computationally expensive cryptographic operations are through FPGA/ASIC hardware module. Once creator revokes some users, objects don''t need re-encryption. How to use ACL and FPGA/ASIC hardware module to authenticate and authorize are described. And the procedure of object store and the distribution of meta-data are detailed. Finally, a cryptographic object store prototype system is implemented with tested and effective performance.
展开▼
