Secure FileSystem

sSSSSs FFFFFFFFFF sSSSSs sSSSSSSs FFFFFFFFF sSSSSSSs sSs sS FF sSs sS SS FF SS sSs FF sSs sSSSSSSs FFFFFFF sSSSSSSs sSs FF sSs SS FF SS Ss Ss FF Ss Ss sSSSSSSs FF sSSSSSSs sSSSSs FF sSSSSs S e c u r e F i l e S y s t e m Version 1.20 Copyright Peter C.Gutmann 1993, 1994, 1995 "The right to privacy... is the most comprehensive of rights and the right most valued by civilized man" - Justice Louis Brandeis, US Supreme Court, 1928 Ever since Julius Caesar used the cipher which now bears his name to try to hide his military dispatches from prying eyes, people have been working on various means to keep their confidential information private. O...

Creating an SFS Volume Before SFS can use an disk volume, you will need to convert it from a normal DOS volume into an encrypted SFS one. The program does this is mksfs (Make Secure Filesystem), which is very loosely patterned after the Unix mkfs utility. mksfs takes a standard DOS volume (which may be either freshly formatted or may already contain files) and turns in into an encrypted SFS one. The encryption process is non-destructive, so you won't lose any information already on the volume, except for the (fortunately very rare) case of there being a power cut while the encryption is taking place (this means that power to the syst...

Advanced SFS Driver Options The SFS driver supports several advanced options which can be used to customize the operation of SFS. These include the ability to mount SFS volumes automatically when the driver is loaded, the ability to echo passwords to the screen as they are entered, and the ability to change the read/write status, disk access mode, auto-unmount timeout of mounted volumes, quick-unmount hotkey, and the password prompt used when mounting volumes. Mounting SFS Volumes at System Startup You can mount SFS volumes automatically when the system is started up rather than having to use the mountsfs program or SFS Control Panel...

Controlling SFS Volumes with Smart Cards Requiring the entry of a complex pass phrase to allow access to an SFS volume can be troublesome since not everyone will be able to remember, and want to type in, long complicated passwords. As a result, people may be tempted to write them down, or choose simple passwords which are easily guessed. In order to ease this problem, SFS supports the use of passwords stored in physical devices such as smart cards and cryptographic ignition keys or datakeys. The simplest way to store a password in a physical device is on a magnetic stripe card similar to a credit card or ATM card. Unfortunately these car...

The Care and Feeding of Passwords With the inherent strength of an encryption system like the one used by SFS, the password used for encryption is becoming more the focus of attack than the encryption system itself. The reason for this is that trying to guess an encryption password is far simpler than trying to break the encryption system. SFS allows keys of up to 100 characters in length. These keys can contain letters, numbers, spaces, punctuation, and most control and extended characters except backspace (which is used for editing), escape (which is used to abort the password entry), and carriage return or newline, which are used to s...

Politics Many governments throughout the world have an unofficial policy on cryptography which is to reserve all knowledge and use of encryption to the government in general and the elite in particular. This means that encryption is to be used firstly (in the form of restrictions on its use) for intelligence-gathering, and secondly for protecting the secret communications of the government. The government therefore uses encryption to protect its own dealings, but denies its citizens the right to use it to protect their own privacy, and denies companies the right to use it to protect their business data. Only a very small number of countr...

Design Details This section goes into a few of the more obscure details not covered in the section on security analysis, such as the encryption algorithm used by SFS, the generation of random numbers, the handling of initialization vectors (IV's), and a brief overview on the deletion of sensitive information retained in memory after a program has terminated (this is covered in more detail in the section "Security Analysis" above). The Encryption Algorithm used in SFS Great care must be taken when choosing an encryption algorithm for use in security software. For example, the standard Unix crypt(1) command is based on a software imple...

SFS Disk Volume Layout An SFS volume is broken up into two parts, the boot sector which is used to identify the volume and store assorted status information, and the encrypted volume itself. If a program tries to read the boot sector, the SFS driver will assemble a pseudo-boot sector in memory and return that instead. If a program tries to write to the boot sector, the SFS driver will skip the boot sector while still writing any other sectors which may be requested. All data on the boot sector, both plaintext and encrypted, is stored in big-endian format following the convention used by international cryptographic standards. Care should ...

Interfacing with mountsfs In order to facilitate the use of SFS with other software such as graphical front-ends, mountsfs has the ability to be run in batch mode in which it will accept abbreviated forms of the usual commands and output more complex results to data files instead of to the screen. External software can then parse the mountsfs output and report the results back to the user. This is how WinSFS performs the task of scanning for SFS volumes, since using direct disk access to do this under Windows is virtually impossible. Controlling mountsfs in Batch Mode You can enable the use of batch mode by giving mountsfs the keyword `b...