A study of HSM based key protection in encryption file system.

Encryption file system is designed to protect sensitive data stored on storage media. However, file encryption key is normally saved in memory with plaintext in the current known solutions. This brings potential security vulnerability such as the cold boot attack which can steal the file encryption key and in the end the encrypted file can be decrypted by the stolen key. This paper studies the current widely used encryption file systems, and proposes a key protection solution based on the Hardware Security Module (HSM) and our experiment on top of Linux Ext4 file system.