File-system and Block-layer Encryption: Theory, Practice, and Improvement

Author(s)/Presenter(s):
Library Content Type:
Publish Date: 
Monday, September 11, 2017
Event Name: 
Focus Areas:
Abstract: 

File-system and full-disk encryption are important software technologies to implement data at rest encryption solution. There are many approaches we can choose in different software layer, and each has its own pros and cons. In this talk we will introduce the theory of data encryption in file-system and block-layer, including Ext4, NTFS, ecryptfs, bitlocker, and LUKS/dm-crypt, etc., we will discuss the data encryption cost with different algorithms, and present the performance benchmark, security analysis and optimization methods. We will also introduce a HSM based solution to boost the data encryption performance and strengthen the secure key protection.

Watch video: