Transparent file encryption on a PC using Cybersafe File Encryption
We’ve added a “transparent file encryption” function to the new version of CyberSafe. In this article, I’ll describe how this function works and its basic abilities, as well as its advantages over EFS, the standard data encryption system of windows.
How does “transparent encryption” work?
CyberSafe’s transparent encryption feature executes a special driver of the file system, which carries out decryption of files when certain applications request it, as well as reencryption after the application is finished with the files. The driver also encrypts all new files added into a secure folder.
The encryption process looks like this:
• the file is first encrypted using the AES algorithm and a 256 bit symmetric key generated randomly by the program;
• the symmetric key is RSA encrypted via the user’s Public Key, which can be up to 8192 bits in length and is stored in an alternate NTFS data stream.
When an appropriate program is used to open the file, it is automatically decrypted like this:
• the symmetric key stored in ADS is decrypted using the user’s Private Key
• the desired file is decrypted using the symmetric key
The biggest fundamental advantage of “transparent encryption” is how much easier it makes working with secure files. Encryption and decryption are carried out automatically (transparently from the user’s perspective) and do not require the user to do anything extra.
In that CyberSafe uses alternative data streams to store encrypted symmetric keys, transparent encryption is only possible in the NTFS file system.
Working with CyberSafe encrypted folders
All transparently encrypted files are stored in special folders.
To create one of these folders, open the program and select File Encryption > Transparent encryption and add any empty folder on the computer. To designate an open/closed Key Pair to be used for encrypting and decrypting files, click the Keys button.
To use already existing files or to add new ones, you must click the Enable folder on button (you’ll have to enter the password for your Private Key).
All files added to a folder after it’s been turned on are automatically encrypted. Any file in one of these folders is encrypted and decrypted automatically (transparently).
When you’re done working with a given folder, it must be Disabled. After that, access to encrypted files is unavailable to any folder: no one can see, edit or delete these files. This is also true if CyberSafe is not working.
After encrypting files with CyberSafe, their cached copies may remain findable in Windows. For this reason, files in a secure folder may be shown as nonencrypted, though this is not true all the same. In fact, they are encrypted but Windows is showing their cached copies. Because of this, when using transparent encryption in the current version of Cybersafe 2.1.34 you have to perform an additional clean-up by restarting your computer. In the future, this bug will be corrected.
The Applications tab allows you to set applications as trusted, which means they will be allowed to work with encrypted files. By default, all applications are listed as trusted. This means that no mater which application requests access to the files in a folder that’s been enabled, these files will be decrypted by the driver and available to that application for editing, copying or deletion.
All the same, with the goal of limiting access to confidential information for malware, you can make a list of trusted applications. In this case, only trusted applications can get access to the files in an encrypted folder, and all others cannot. After you’ve created this list, the remaining applications are automatically placed in the list of not trusted and will not have access to the files.
For example, if you have only text documents in your secure folder, it would be totally logical to allow only the applications you use to work with text documents to access them, for example Word, Excel, Notepad ++ or other text editors and keep all other applications in the not trusted list.
Non-trusted applications cannot get access to confidential information even when a trusted application is working with said file; that is, even when a file is decrypted and vulnerable, non-trusted programs cannot access it. This is how we limit access to confidential information against spyware, malware and other dangerous software.
In addition you can also create a list of applications that are allowed only to copy secure files.
The trusted and non-trusted lists are stored on the transparent encryption driver. The driver works with secure files and allows or forbids access to them for any application in accordance with the settings (rules) set for it.The driver’s work algorithm is illustrated below:
Advantages over EFS
Using tokens as an additional security measure
By and large, file encryption in EFS leads to one thing: knowing your password and user name. Any user that knows that password can get access to all encrypted files. It is well known that at present, one password alone cannot provide effective security. If it is weak, it can be figured out. There are ways of tracking what has been typed on a keyboard for example. In CyberSafe we have introduced a system of tokens (any flash drive can be used as a token), which is why even if an intruder is able to get ahold of your password some way or another, files encrypted by CyberSafe will still not be available to him.
“Transparent Encryption” for network folders
It’s well known that EFS does not support the encryption of files sent over a network, and that doing this requires additional security methods, such as IPsec or WebDAV. CyberSafe has no such feature gap and it can be used effectively to transparently encrypt folders in a corporate environment with the need to provide access to the same encrypted folder to several employees. You can read more about network folders in the next section.
Protecting folders from being deleted
In EFS, any user that has access to your user name can delete a folder with encrypted data. If you don’t have a reserve copy of the encrypted file, you lose all that valuable information. In CyberSafe after a secure folder has been disabled, it is additionally protected from deletion from the hard disk by other users.
As already stated above, transparent encryption in Cybersafe is carried out by a special driver of the file system. During reading and recording of files it encrypts or decrypts them, which it can do remarkably quickly.
The Trusted Applications System
If your computer is somehow infected with spyware, confidential information protected by EFS can potentially be reached. CyberSafe solves that issue with its Trusted Applications System – only programs designated by you yourself can have access to a secure folder and the confidential data stored in it.