A Trusted Versioning File System for Passive Mobile Storage Devices

Luigi Catuogno, Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi

Journal of Network and Computer Applications, Vol. 38, February 2014, pp. 65-75. http://dx.doi.org/10.1016/j.jnca.2013.05.006


Versioning file systems are useful in applications like post-intrusion file system analysis, or reliable file retention and retrievability as required by legal regulations for sensitive data management. Secure versioning file systems provide essential security functionalities such as data integrity, data confidentiality, access control, and verifiable audit trails. However, these tools build on top of centralized data repositories operating within a trusted infrastructure. They often fail to offer the same security properties when applied to repositories lying on decentralized, portable storage devices like USB flash drives and memory chip cards. The reason is that portable storage devices are usually passive, i.e., they cannot enforce any security policy on their own. Instead, they can be plugged in any (untrusted) platform which may not correctly maintain or intentionally corrupt the versioning information on the device. However, we point out that analogous concerns are also raised in those scerarios in which data repositories are hosted by outsourced cloud-based storage services whose providers might not satisfy certain security requirements. In this paper we present TVFS: a Trusted Versioning File System which stores data on untrusted storage devices. TVFS has the following features: (1) file integrity and confidentiality; (2) trustworthy data retention and retrievability; and (3) verifiable history of changes in a seamless interval of time. With TVFS any unauthorized data change or corruption (possibly resulting from being connected to an untrusted platform) can be detected when it is connected to a legitimate trusted platform again. We present a prototype implementation and discuss its performance and security properties. We highlight that TVFS could fit those scenarios where different stakeholders concurrently access and updates shared data, such as financial and e-health multiparty services as well as civil protection application systems such as hazardous waste tracement systems, where the ability to reliably keep track of documents history is a strong (or legally enforced) requirement.


tags: integrity, passive storage, security, versioning