A few days ago the company Kudelski Security (specialized in conducting security audits) unveiled the release of the Oramfs filesystem with the implementation of ORAM (Random Oblivious the Access Machine) technology, andth virtual file system is designed for use with remote data stores and it does not allow anyone to track the structure of the writes and reads from them, respectively. Combined with encryption, the technology provides the highest level of data privacy protection
The project proposes a FUSE module for Linux with the implementation of the FS layer, which does not allow to trace the structure of the read and write operations, the Oramfs code is written in Rust and is licensed under GPLv3.
ORAM technology involves the creation of another layer in addition to encryption, which does not allow to determine the nature of the current activity when working with data. For example, in the case of using encryption when storing data in a third-party service, the owners of this service cannot find the data themselves, but can determine which blocks are accessed and what operations are performed. ORRAM hides information about which parts of the file system are being accessed and what type of operation is being performed (read or write).
When considering the privacy of storage solutions, encryption alone is not enough to prevent access pattern leakage. Unlike traditional solutions such as LUKS or Bitlocker, an ORAM scheme prevents an attacker from knowing whether to perform read or write operations and to which parts of the file system are being accessed. This level of privacy is achieved by making additional access requests than necessary, mixing the blocks that make up the storage layer, and writing and re-encrypting data back and forth each time, even when only a read operation is performed. Obviously this comes with a loss of performance, but it provides additional security compared to other solutions.
Oramfs provides a universal file system layer that simplifies the organization of data storage on any external storage. Data is stored encrypted with the optional authentication option. The ChaCha8, AES-CTR, and AES-GCM algorithms can be used for encryption. Read and write access patterns are hidden by the ORAM path scheme. In the future, the implementation of other schemes is planned, but in their current form, development is still in the stage of a prototype, which is not recommended for use in production systems.
Oramfs can be used with any file system and does not depend on the type of external storage being targeted: The files can be synced with any service that can be mounted as a local directory (SSH, FTP, Google Drive, Amazon S3, Dropbox, Google Cloud Storage, Mail.ru Cloud, Yandex and other services supported by rclone or for which there are FUSE modules to mount). The storage size is not fixed, and if more space is needed, the ORAM size can grow dynamically.
The Oramfs configuration boils down to defining two directories, public and private, that act as server and client:
- The public directory can be any directory on the local file system that is connected to external storages by mounting them via SSHFS, FTPFS, Rclone, and any other FUSE module.
- The private directory is provided by the Oramfs FUSE module and is designed to work directly with files stored in ORAM. The public directory contains a file with the ORAM image.
Any operation with a private directory affects the state of this image file, but this file looks like a black box to an external observer, changes in which cannot be associated with activity in the private directory, including the write operation or reading, cannot be determined.
Finally if you are interested in knowing more about it or be able to test this filesystem, you can check the details in the following link.