1 Product overview
1.1 Product introduction
TTEFS (True Transparent Encryption File System) is a file transparent encryption development kit. Designed based on the LayerFsd model and implemented using file system filter drive technology. The goal of the product is to enable customers to quickly and stably develop TTEFS-based document security management systems, document anti-leakage systems, document authority management systems, etc.
2 Technical principles and advantages
Transparent encryption technology has more than 10 years of development. It is a file encryption technology that came into being to meet the needs of corporate file confidentiality. Transparency means that the encryption and decryption process will not be noticed to the user. When the user opens or edits a protected file, the system will automatically encrypt the unencrypted file and decrypt the encrypted file. Files are stored in cipher text on the hard disk, and plain text in memory.
Windows allows programmers to manipulate files at the kernel and user levels. Most transparent encryption schemes based on user level use API Hook. The kernel-level transparent encryption scheme uses file system filter drivers. According to the mode of file cache operation by the filter driver, it is divided into a flush cache model and a double cache model, that is, the LayerFsd model.
The working principle of ApiHook is to first copy the encrypted file to the temporary directory, hide and decrypt the file, and then return the temporary file to the process that opened the file. In this way, the application program opens the plaintext file on the disk, and the user program can perform normal processing; when the file is closed, the event is intercepted by the hook, and the hook encrypts the temporary file, and then copies it back to overwrite the original file. This kind of encryption is essentially realized through temporary files, and it must be low efficiency, low security, and poor compatibility every time the user saves the disk or the system automatically saves the disk.
The flushing cache mode is based on the file system filter driver. The filter driver can intercept all file system operations in real time, which has obvious advantages in efficiency. Because the file system and the memory manager and the cache manager depend on each other and there are many details, and the file system filter driver model cannot handle the interaction with the cache manager, the filter driver can only use violent methods to constantly clear the cache, resulting in a blue screen and system. damaged file.
The LayerFsd model is implemented based on the file system filter driver and the file system driver. Use the filter driver to intercept all file operation events. The file system driver normally interacts with the cache manager and the memory manager to maintain the normal state of the cache, avoiding the use of violent methods to clear the cache. The problem of system blue screen and file damage is solved in principle. The working principle diagram is as follows:
3.1 Function items
l Document transparent encryption
Transparent encryption means that the encryption action does not require human intervention and is automatically completed by encryption software. For example: when using WORD to create a document, the software can automatically encrypt the newly created file, which is completely transparent to the user and does not affect the user's operating habits. TTEFS has built-in common applications such as Office, WPS, CAD, Photoshop, and Solid Works.
l Safety software compatible module
The executable module of TTEFS is a kernel mode driver. Security software also uses a large number of kernel drivers to intercept events, so there is a certain degree of competition between security software and TTEFS. TTEFS has designed a dedicated compatible module to solve the problem of compatibility and coexistence with security software in principle. In practice, TTEFS has ensured compatibility with 12 security software. As shown in the following table:
| Serial number |
Security software name |
| 1 |
360 security guards |
| 2 |
360 antivirus software |
| 3 |
Rising Antivirus Software" |
| 4 |
Kingsoft Internet Security (Wukong) |
| 5 |
Jinshan Guardian |
| 6 |
Jiangmin Antivirus Software |
| 7 |
ESET Nod32 AntiVirus |
| 8 |
Symantec Endpoint Protection |
| 9 |
QQ computer butler |
| 10 |
Avira Free Antivirus |
| 11 |
Kaspersky Internet Security |
| 12 |
McAfee Anti-Virus |
l One text and one secret
TTEFS supports generating a random key for each file. The same document uses different keys to generate different ciphertexts. The advantage of using one text and one secret is to resist known plaintext attacks. Compared with the traditional single fixed key mode, the security has been greatly improved.
l Custom header data
TTEFS supports custom header data, and users can store document authority control information (such as expiration time, confidentiality, limit on opening times, and print control) into the custom data area. Custom header data can permanently reside in the file. For example, after the OFFICE file is edited, although the original file is overwritten by the temporary file, the custom data of the original file is still retained.
l Manual file encryption
In some application scenarios, users do not need all documents to be encrypted, but only hope that some important documents are encrypted. TTEFS supports manual encryption mode. Encrypted files are always in an encrypted state, and unencrypted files will be ignored by TTEFS.
l Custom application strategy
TTEFS provides an interface for adding applications, users can customize their own policies, and encrypt documents generated by proprietary applications.
l Custom encryption algorithm
TTEFS has built-in XTEA and AES algorithms, and users can embed custom encryption algorithms into TTEFS. Support stream encryption and block encryption mode.
l Folder whitelist
TTEFS provides a folder whitelist interface, and users can set a folder whitelist. Documents in such folders will not be encrypted.
l Drive active communication framework
TTEFS supports communication initiated by the driver and can notify the application of key events. The framework supports synchronous mode and asynchronous mode.
4 Cooperation methods and services
TTEFS supports source code and SDK level cooperation. And provide additional services until the customer completes product development. Specific details can be discussed in detail.
Contact QQ: 7_6_2_1_8_8_3_3_6
For more product information, please visit http://www.bytehorse.net