Monday, September 14, 2015

How Does Encrypted File System Work?

An Encrypted File System does data encryption in file level. It can encrypt files and directories selectively or all of them using encryption keys. So, It ensures data protection in file level granularity.

In an Encrypted File System, encrypting and decrypting files using asymmetric keys may take more time and degrade the performance of file system. So, a symmetric key is used for that purpose.

The symmetric encryption algorithm used in Encrypted File System varies with file systems and its version. Normally, a file symmetric key is used to encrypt and decrypt the files and the file symmetric key is again encrypted with the public key of the user.

When a user authenticates himself, the Encrypted File System component driver checks the digital certificate to retrieve the private key and then decrypts the symmetric key using that private key. All files and directories later are encrypted and decrypted using the symmetric key.

Folders or directories, whose contents are to be encrypted in the file system, are marked with a special field. If a folder or directory is marked to be encrypted, then all subfolders or subdirectories under it are marked to be encrypted.

If a file or directory is copied to a volume formatted with different file system, then the file or directory is first decrypted with the symmetric key and then copied. But, at the time of backup, normally the files are copied in encrypted form. The back up applications take care of that.

Vulnerabilities of Encrypted File System

There are mainly two vulnerabilities in an Encrypted File System.

  • Normally, the local administrator is the default data recovery agent. He can decrypt the encrypted files of all users. So, an attacker can hack the account of the local administrator and steal the data. But some Encrypted File Systems prevent this vulnerabilities by keeping no default data recovery agent. Instead, password file of all users are again encrypted with another key and that passphrase and key is kept safeguarded from the attacker.

  • The attacker can hack a user's account and reset the local user's password. This will enable him to gain access to the RSA private key and decrypt all the files. Some Encrypted File Systems prevents this vulnerability by encrypting user's private key with user's password as well as a salt. So, the attacker would still need the user's passphrase to get access to the user's private key.

So, Encrypted File System is good enough to ensure data protection. It can prevent your data from attackers well enough.

So, stay safe, protect your data!

No comments:

Post a Comment