[Cryptography] Open source encrypted file system for cheap IoT device?

[Henry Baker]

At 10:30 AM 12/28/2017, Natanael wrote:
>Den 28 dec. 2017 18:58 skrev "Henry Baker" <hbaker1 at pipeline.com>:
>
>Why is this so hard?
>
>IoT = very cheap, very low power, very small memory.
>
>As I said, I want to access files on a uSD card or a USB stick,
>so the encrypted file system is on a *passive* device.
>
>I want to be able to do this from either the $10 device (not as
>powerful as a Raspberry Pi, because Pi's take too much power),
>or a larger machine -- e.g., Linux/MacOS/Windows.
>
>FYI, to access it both from PC and the IoT device, there's three main options;
>
>1: Make the device the interface to the storage, which requires emulation of a FAT32 filesystem or similar protocol that all three major operating systems supports. This may be too much for a tiny microcontroller, or just too slow. You'll need a somewhat powerful CPU in your device to handle this well if you have megabytes of data, close to an RPi.
>
>2: Use a memory card with a FAT32 filesystem, put an encrypted container on it, which can be read from a PC with usermode software. Adds some overhead during normal use.
>
>3: Use an encrypted filesystem on a memory card, cry salty tears over the file system drivers you'll need to install on Windows / Linux / Mac to make it work.
>
>Only #2 is practical if you want it really cheap, but I would prefer #1.

Let's assume that the IoT device has only *root*, so it implement the file system directly on the SD/USB device.

When accessing the SD/USB device from Linux, we need to set permissions on the device driver to access the raw device.

What I'm looking for is simple filesystem code which implements an *encrypted* file system on the SD/USB device.

Obviously, one could read out the entire encrypted file system off the SD/USB device as a long file; decrypt the file; access (read and/or write) the plaintext data; re-encrypt & rewrite the data back to the SD/USB device.

Clearly, this is terribly inefficient if one is accessing only one file, which is why encrypted file systems have more complex encryption capabilities, to enable rewriting only O(1) or O(loglogN) or O(logN) fractions of the total storage when accessing O(1) portions of the data (instead of O(N)).