With the networked storage becomes a tendency of data storing, the data stored on storage device gradually
becomes the major goal of the malicious attackers, and the storage system becomes the final defense line to safeguard
data security. To strengthen the confidentiality of data, this paper designed a new cryptographic read/write flow for
networked storage system. On the base of the optimized data read/write flow, we implemented a Kernel-based
Cryptographic File System (short for KCFS). The cryptographic file system can overcome the inconvenience of encryption application and the low efficiency of user-level encryption file system, e.g CFS, so as to realize the encryption/decryption function at the kernel-level file system, providing the upper-level application a transparent storage
space. Additionally, the data is stored in cipher-text mode, so can protect the stored data from illegal exposure. In the
comparative experiment, the transferring rate of NFS+KCFS reduces between 9.2% and 13.2% relative to NFS, and the transferring rate of NFS+CFS reduces between 18.6% and 30.1%. The experiment shows that KCFS can reach better read/write performance compared to user-level encryption file system.