Research And Implementation Of Transparent Encryption System Based On Double Cache Filter Driver

With the rapid development of the information construction in recent years, the confidential information of a company is stored in electronic documents, it is very important to encrypt and protect the vital data. The transparent encryption is approval since it is easy to use and has mandatory encryption without changing the user's habit. There exist mainly two methods to implement transparent encryption, one is Hooking API, and the other one is file filter driver. Hooking API method is highly related to upper application, so it is difficult to ensure compatibility and efficiency. The transparent encryption base on single cache filter driver works in system kernel level, has no relationship with upper application and has high efficiency, good compatibility and strong security. But in order to meet the requirements that authorized and unauthorized programs access encrypted files at the same time, it needs to change the data status (encryption and decryption status) in cache frequently. So that it greatly reducs the buffer utilization efficiency, and also caused some compatibility issues.In order to eliminate the limitations of transparent encryption system based on single cache filter driver, this paper proposes to use double cache. That is to create two caches for a file, one is called encryption-cache which be used to save encryption data for unauthoried applications accessing, the other one is named decryption-cache that is available for authoried applications visiting, while both are independently of each other. In addtion to studying the related theory and technology of double cache filter driver, this paper also conducted a detailed design of the system to achieve, and apply it in Trending Data Loss Prevention system. The test indicates that transparent encryption base on double cache filter driver could enhance system performance and compatibility are improved significantly.This paper has accomplished the following tasks:①It analyzed the importance of data encryption and current status of the development of transparent encryption technology. it proposed solutions to the issues of current transparent encryption technology.②It researched the relevant technical and theoretical basis, and built solid foundation for the feasibility of transparent encryption based on double cache filter driver.③Firstly, it investigated how to break the single cache restrications of Windows Cache Manager to create double cache and data synchronization between the two cache and life-cycle control. Next, it researched the process identification based on authorized and unauthorized programs, and how to ensure the process does not forgery and tampering. At last, it analyzed and studied the file reading and writing methods in system kernel to ensure all data operations can be blocked by fileter driver.④It Researched and analysised how to identify encrypted files, and how to store and protect the encryption identity flag. At the same time, it investigated encryption algorithms and selected the encryption algorithms for the encryption system to ensure the balance between the efficiency and security.⑤According to the enterprise information security requirements, it designed a transparent encryption system based on double cache filter driver. It highlighting introduced the filter driver architecture and module design ideas, and implemented Trending Data Loss Prevention System. The function, performance and compatibility test results indicated the introduction of double cache filter driver could enhance system performance and compatibility is improved significantly.