Gary,
While I would agree with you if we were discussing a drive level filter,
disk level encryption does not solve the same class of problems as
per-file encryption. The simplest example I can give is: “how does this
protect your data on the network?”
In addition, our DMK implements far more than just simple encryption -
it allows different files (and even streams of those files) to be
encrypted with different keys and/or different algorithms. Files can
have additional attributes associated with them to implement added
security checks. Data can be compressed as well as encrypted. Files
are not decrypted on the server, they are decrypted on the client (so no
clear data over the network.) We provide support for streams on
non-stream-supporting file systems.
Looking forward, because we have a log structured file system involved,
we can actually provide transaction support for non-NTFS file systems in
the Vista timeframe.
There ARE issues for which disk level encryption (or volume level
encryption) makes sense - hibernation and crash dumps are two examples
that quickly come to mind.
Of course there’s the other issue I have with disk encryption - I can’t
seem to actually BUY it. I’ve tried. I’ve looked for a nice 100GB 7200
rpm for my laptop that supports encryption but nobody seems to offer
such a product. If you know of someone, let me know, because I’d use
that - but I’d still use per file compression/encryption for the very
reasons I cited above.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@seagate.com
Sent: Wednesday, June 21, 2006 10:01 AM
To: ntfsd redirect
Subject: RE: [ntfsd] Need advice on file encryption
Need I say that most if not all, of this can be more easily handled by
the
drive hardware. If he has not considered it the OP should consider an
HDD
solution that utilizes encryption logic on the drive; e.g. Seagate has
the
Momentus FDE, and Hitachi has an FDE drive as well.
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Wednesday, June 21, 2006 6:47 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Need advice on file encryption
The simple answer to your question is in fact covered in the archives
(as Ladislav suggested) because there are plenty of ways to “get around
the sharing violation” issue. In the scenario you’ve described,
however, you shouldn’t be getting a sharing violation since the file
isn’t in use.
However, I suspect there’s a whole class of issues that you aren’t
considering in your analysis:
- How are you going to handle failures while you are encrypting this
file? If you do “on the fly conversion” you risk leaving the file in an
intermediate corrupt state unless you have an explicit plan for dealing
with this.
- How do you want this to be visible to the user? If you do “convert
the entire file on the first write” that means the first user write is
going to take a LONG time if the file is of any size at all (e.g.,
imagine this is a 1GB file - hardly unusual these days.)
- How do you handle multiple concurrent access? You’re looking at ONE
application having the file opened. What will you do when two
applications open the file in succession (assuming sharing allows this?)
In our own work, we found this issue (what we refer to as “policy
change” because we’re moving from one encryption model to a second
encryption model) to be an interesting challenge on all these fronts.
We use sparse streams to perform asynchronous conversions of this type
(deciding to fetch the data from the correct stream based upon whether
it is present in one or the other.) This gives us a model for failure
recovery (we can resume conversion after failure without any data loss
or corruption.) Of course, only some file systems support streams, which
is why we chose to build a layered file system for other FSDs.
I hope this helps. Best of luck!
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tan Sin Lam
Sent: Wednesday, June 21, 2006 2:39 AM
To: ntfsd redirect
Subject: [ntfsd] Need advice on file encryption
Currently I am working on encryption filter driver. When a plain file is
modified (receive app write IRP), I would like to encrypt the whole file
(not just the current buffer in the write IRP), when is the correct way
to
do this?
I tried to encrypt the plain file during close/cleanup (after detecting
it
has been modified), i.e. delayed encryption, this approach sometimes
gets
sharing violation when trying to open file for encryption at that
moment.
The scenario of plain file modification using a test program is as
below:
a/ Open a plain file
b/ Modified it.
c/ Close it.
d/ Open it again
e/ Read the content
I tried to encrypt the content using a system thread between c/ and d/.
If I
get sharing violation status during driver file open, I will try again
in a
short while (0.5s). This approach does not work properly for my own test
program as the content is not encrypted when it reach e/. For normal
file
operation in windows explorer works fine. So this delay encryption is a
bad
approach.
Is it possible to do whole file encryption during the first app write
IRP
(not paging IO)? Can I use the File Object in app write IRP?
Thanks for any advice!
Regards,
SL
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
