Minifilter File Encryption | Minifilter source code | Transparent File Encryption | APIHook File Encryption | On-the-fly File Encryption

Professional Development Tookit About
Transparent File Encryption
Runtime Application Self Protection

ETEFS_Mini - Transparent Encrypted File System

1 Introduction

ETEFS_Mini is a transparent file encryption SDK based on minifilter technology. It runs in ring 0 mode. ETEFS_Mini can encrypt those files containing sensitive data generated by the selected applications, such as Microsoft Word, Excel and Power Point. All files are stored in encrypted form on the disk. The encryption progress is executed at background on-the-fly, and does not change the normal operation behavior of the end user. It is easy to integrate ETEFS_Mini into your software product in a short development cycle. Besides of the core transparent file encryption functionality, ETEFS_Mini also provides some extension functionalities that are very useful in developing data security related software product, including a file access control module and an operation event monitor module. With the help of ETEFS_Mini, software developers can rapidly build various document security products from scratch, including DLP (Data Loss Prevent) system, document right management system and document operation auditing system, etc. 

2 Product Benefits 

  • Easy to use

The API set of ETEFS_Mini is comprised of several functions programming in “C” language exported by a DLL library. By using these functions, it’s very easy to build a basic transparent file encryption system. These API functions can also be called from other programming language, like “C#” and “VB”.

  • Cut down the development cycle

Developing a driver is difficult. Developing a file system driver is even more difficult. If you want to create an engine from scratch, this may take a long development cycle and cause the loss of marketing.

  • Provides useful extension modules 

ETEFS_Mini includes a file access control module and an operation event monitor module. The file access control module is used to restrict the operation on the currently opened file issued by the user according to the access control policy. The operation event monitor is used to capture the user’s action on the encrypted file, such as “file opened” and “file closed” event, etc. 

  • Suport for encryption with per process access restriction

To create a minifilter encryption driver is not easy, to create a driver suport encryption with process access restriction is more complicated. ETEFS_Mini deos suport this feature. ETEFS_Mini does not use file redirection or hidden files to suport this feature. All I/O requests operate on the same raw on-disk file. There are two cache views for the encrypted files, plain data cache for trusted process, encrypted data cache for untrusted process.

3 System Architecture

The following diagram shows the architecture of ETEFS_Mini:

  • Applications

The applications diagram represents the selected executable to be encrypted, such as Microsoft Word, Excel and Power Point. The document files generated by these applications will be encrypted automatically.

  • Control program

The control program diagram represents the process sending the policy to the transparent file encryption system core and receiving the file operation event log. If this program exits, all policy set by it will not take effect.

  • Policy configuration

The policy configuration diagram represents the module that receives the policy from control program. It stores the policy data to a file mapping object. Other modules can get the corresponding policy by reading the file mapping object.

  • Event report

The event report module receives the operation log data from the capture module and pushes these log data to the control program. It uses the named pipe as the data transport mechanism.

  • File event capture and access control

ETEFS_Mini supports capturing common file operation event, such as “open”, “close “and “print” etc.ETEFS_Mini supports controlling the access right of the file, such as “read-only”, “disable save-as” and “print” etc.

  • Transparent file encryption core

This is the key component of ETEFS_Mini. It implements transparent file encryption by a file system minifilter driver. It decrypts data while an application loads data from disk and encrypts data while an application writes data to disk.

4 Product Features

  • Adding an extended file header per each encrypted file

ETEFS_Mini supports adding a file header data segment at the front of the encrypted file. One part of this data area is reserved by ETEFS_Mini, another part can be used by user of ETEFS_Mini freely.  

  • Implementing in kernel mode

The core module of ETEFS_Mini is implemented in kernel mode. The minfilter framework is highly recommended by Microsoft. It is very convenient to intercept the file I/O requests and insert encryption module on file system stack. 

  • Random file encryption key

ETEFS_Mini supports the random file encryption key mechanism. After enable this feature, ETEFS_Mini will allocate a random file encryption key for each file. Using this method to encrypt file is much more safety than using fixed file encryption key.

  • Custom data binding

ETEFS_Mini adds an extended file header data to each encrypted file. A part of this header data is reservedly used by ETEFS_Mini itself to save some basic information about encryption. Another part of this header data is free for developer. Once this area of header data is set by the developer, it is firmly bind to the encrypted file forever by ETEFS_Mini. While editing the file, this custom data is still bonded with the encrypted file. The kind of data can be used to save the extended control information for the encrypted file.

  • Manually encryption

By default, once an unencrypted file is opened by a user, it will be encrypted by ETEFS_Mini automatically. If the developer enables “manually encryption” policy, ETEFS_Mini will not encrypt the file automatically. Users must use the encryption tools, for example a shell menu item, provided by the developer to convert the file into encrypted state.

  • Save-as encryption

When a user saves a currently opened file to a new file, the newly created file will be encrypted by ETEFS_Mini if the currently opened file is encrypted. This mechanism is used to keep the file containing sensitive data is always in encrypted state.

  • File event capture

ETEFS_Mini supports capturing common file operation event, such as “open”, “close “and “print” etc.

  • File access control

ETEFS_Mini supports controlling the access right of the file, such as “read-only”, “disable save-as” and “print” etc.

  • Faked exe checking

ETEFS_Mini identifies the process to be encrypted by the name of the process. This mechanism is not perfect. Because some skillful users may rename an executable file to the name of the target process, these faked executable are able to get the plain data of the encrypted file. ETEFS_Mini provides an extension feature to identify these faked executable files. To achieve this, ETEFS_Mini checks the MD5 of the faked executable files or the digital signature if any. Once a faked executable is detected, the transparent file encryption core will stop encryption and decryption services for this faked process. 

  • Application support

ETEFS_Mini supports transparent file encryption feature for any type of process. ETEFS_Mini can support most common applications by sending correct policy. It may require some debugging works for these complicated applications.

  • File system support

ETEFS_Mini supports any type of file system only if the file system is available in windows. The supported file system list includes fastfat, ntfs, network file system, cdfs and udfs. ETEFS_Mini is compatible with the encryption and compression feature in ntfs.

  • Cipher support

ETEFS_Mini integrates the XTEA and AES encryption algorithm into the transparent file encryption core. ETEFS_Mini can support any type of block encryption algorithm by customized development.

  • OS support

32-bit (x86) and 64-bit (X64) architectures of Windows XP and later. 

4 Support and Services

  • License type
    Clients can evaluate ETEFS_Mini for 1 month. ETEFS_Mini supports two kinds of license term.
    1.    SDK license
    The SDK package includes these items shown in the flowing list:
         Executable binary files for both x86 and x64 Windows OS
       Header and lib files for compiling and linking
       A full source code demo project that describes the usage of ETEFS_Mini API
        ETEFS_Mini SDK reference.pdf
        ETEFS_Mini user’s guide.pdf  
    2.    Full source code license
    The full source code package includes these items shown in the flowing list:
       Executable binary files for both x86 and x64 Windows OS
       Full source code for all modules of ETEFS_Mini.
       ETEFS_Mini SDK reference.pdf
       ETEFS_Mini user’s guide.pdf
      
    3.    Both SDK and source code license are no limitation on number of copy installation.
    Technical support
    License of ETEFS_Mini includes one year of technical support, including questions, bug support, and access to framework maintenance updates. Licensees will also have options to secure major updates (functional enhancements) and OS upgrades as well.
    Custom development
    Some clients may want to customize core components of ETEFS_Mini to meet their product needs. In addition to providing full source license, we can be engaged to provide custom development services to modify ETEFS_Mini to client specifications.

Please publish modules in offcanvas position.