Design And Implementation Of File System Based On File Filter Driver

With the development of information technology, information sharing brings great convenience to users. Users can frequently transmit and store file data among different computers through the Internet and mobile storage devices. But the consequential problem is how to protect the security of file information, and this becomes an important research subject.Current file information protection programs focus on the following three categories:First is Hardware encryption. Second is Encryption in the application layer. Third is adopting the file filter driver technology to encrypt the file information by using the symmetric key which is stored in the hard disk or USB key. However, there are still some safety or convenience problems in the above mentioned programs. For example, the high cost of hardware encryption, low encrypting security in the application layer, USB KEY is not convenient to carry.After analyzing those problems, this paper designed and implemented a secure file system based on file filtering technology in the case of general level of security. The aim is to enhance the security of user's file information and improve the simplicity of operation.The system, which is based on traditional file system filter driver framework "sfilter" and combined with the file filter technology, has functions of filtering and encrypting/decrypting important documents. The encryption key which is encrypted by user's password stores in the head of files so that the encryption key and the ciphertext are stored together. When the file is transferred, the encryption key also will be transferred. Thus, when reading the file, legitimate users can read the encryption key from the file header, and then decrypt the ciphertext.This system has the following specific functions:1. Users can log in the system, and only after the user logs in the system, the system can process the operations of filtering and encrypting file data normally. This is because that the encryption key is encrypted by user's password. Without right user password, other users can not get the encryption key.2. After logged in the system, users can control the encryption services on or off; and set the encryption path and the encryption key.3. In the NTFS and FAT32 file system, our system can encrypt\decrypt files with notepad or wordpad formats.4. The system is compatible with NTFS and FAT32 file system to carry out encryption and decryption. If files which are protected by the system are copied to normal OS or there is no legitimate user's password, the files will become ciphertext.Finally, we tested each function and the stability of the system, and the performance of encryption and decryption. Those achieved the expected goals.