Over the years, different encrypting file systems have been proposed to protect the confidentiality of users' data. However, since the enhanced encrypting modules of these systems are implemented independently of the operating system kernel, the protection of secure information has not been considered comprehensively. The secure information is open to attack, leading to system vulnerability. In this paper, we propose the design of an encrypting file system based on Trusted Platform Module (TPM) for strengthening data safety. Secret keys are encapsulated using TPM certificate and the trusted chain of trusted boot is introduced into the encrypting file system. In this way, the encrypting file system safety is significantly improved. In this study, we have designed and implemented a TPM based encrypting file system (TSFile) on Linux with trusted USBKey devices adopted as additional factors of multi-factor identity authentication. Its performance has been tested and the efficiency and safety are validated.
展开▼