Research And Implementation Of Transparent Encryption File System

With the increasing amount of data stored on computers, the requirement of data security is also raised continuously. Transparent encryption file system has been proposed to solve the current security problems of company's internal network. It is closely related with operation system and adds the self-defined processing in system processes of files. It can encrypt or decrypt the important files automatically without changing the habits of users. It is an efficient and convenient solution of data security and become inevitably the future trend of file encryption software development. Based on the achievements of predecessors, this article designs and realizes a secure and stable transparent encryption file system. The main works and results are described as follows.1. Combining cryptography and the computer technology, the paper constructs the transparent encryption file system based on the C/S pattern structure. The server is responsible for configuring parameters of the system and monitoring the running state of the client. According to parameters which are configured by the server, the client provides a comprehensive protection for the file security.2. The client implements the function of file protection. And it includes two parts:(1) Using the filter driver technology, the system can encrypt and decrypt important files automatically with two kinds of encryption algorithms. The data of secrets-involved file is encrypted by stream cipher algorithm, and every file has its own key which is generated randomly. The random key is encrypted by an algorithm with higher encryption intensity and stored in a specific file. (2) According to the different processing mechanisms, we choose the corresponding methods to monitor clipboard, drag-and-drop and screen capturing with the hook technology. Monitor the clipboard and screen capturing in kernel layer and monitor the drag-and-drop in application layer. It can prevent the leak of file content through operations through clipboard, drag-and-drop and screen capturing. Hence it can enhance the security of file content which exists in plaintext in memory.3. In order to avoid the loss caused by the missing of private key, we adjust the Gentry IBE algorithm and propose a dynamic threshold key escrow scheme based on bilinear pairings. This scheme is charge of such characters:(1) the private key of a user is generated by the user and PKG together, so PKG can not recover the private key; (2) Part of the user's private key is delivered with threshold processing to more than one custodian so that the key escrow process is robust and secure.