EaseFilter File System Encryption Filter Driver SDK

Download EaseFilter Transparent Encryption Filter Driver SDK Setup File
Download EaseFilter Transparent Encryption Filter Driver SDK Zip File
Understand EaseFilter Filter Driver SDK Programming


Today, data leakage is the one of the main problems of data security for most enterprises. There are many technologies about the solutions of the information security. Intrusion detection, firewalls and private networks are traditional methods in information security. But these methods are difficult to prevent data leakage because they are suitable for dealing with network and malicious code attack.EaseFilter File System Encryption Filter Driver provides a reliable protection for data leakage by using transparent file encryption technologies. The processes of encryption and decryption are executed in file system filter driver and are completely transparent to users. By leveraging this transparent approach, your organization can implement encryption, without having to make changes to your applications, infrastructure, or business practices.

Windows File System Filter Driver

A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. File system filtering services are available through the filter manager in Windows. The Filter Manager provides a framework for developing File Systems and File System Filter Drivers without having to manage all the complexities of file I/O. The Filter Manager simplifies the development of third-party filter drivers and solves many of the problems with the existing legacy filter driver model, such as the ability to control load order through an assigned altitude. A filter driver developed to the Filter Manager model is called a minifilter. Every minifilter driver has an assigned altitude, which is a unique identifier that determines where the minifilter is loaded relative to other minifilters in the I/O stack. Altitudes are allocated and managed by Microsoft.

Encryption Algorithm

Encryption is the process in which data (plaintext) is translated into something that appears to be random and meaningless (ciphertext). Decryption is the process in which the ciphertext is converted back to plaintext. A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key (a number, word, or phrase) to encrypt and decrypt data. To encrypt, the algorithm mathematically combines the information to be protected with a supplied key. The result of this combination is the encrypted data. To decrypt, the algorithm performs a calculation combining the encrypted data with a supplied key. The result of this combination is the decrypted data. EaseFilter Encryption Filter Driver is using Rijndael (256-bit key) algorithm which is a high security algorithm created by Joan Daemen and Vincent Rijmen (Belgium). Rijndael is the new Advanced Encryption Standard (AES) chosen by the National Institute of Standards and Technology (NIST). AES is a cryptographic algorithm approved by FIPS. At present, there is no way to break any of these algorithms, unless to try all possible keys. If one billion computers were each searching one billion keys per second, it would take over 10*10ˆ24 years to recover information encrypted with a 168-bit algorithm (the age of the universe is 10*10ˆ9 years).

Transparent File Encryption and Decryption

Transparent file encryption (TFE) performs real-time I/O encryption and decryption of the files in any block data with 16 bytes. The encryption uses a 256 bits symmetric key to encrypt or decrypt the data with AES encryption algorithm. TFE protects data "at rest", meaning the data and files. It provides the ability to comply with policies which can be applied by users, processes and file type. This allows only authorized users and processes to access the encrypted files, unauthorized users and processes can’t access the encrypted files.

Encryption On The Read

Encryption on the read enables you to automatically encrypt the file on the fly when the black list processes to read the files, the file only will be encrypted in memory, the file on disk is not encrypted. This is the extra protection of your files, enable you to encrypt all your files before they were copied out from your computer. For example you want to automatically encrypt your files when the email outlook.exe application sends an email with your attached files, or web browser application uploads your files, or the Windows explorer tries to copy your files out of your computer.

The Isolation Mini Filter Driver

An Isolation Mini Filter Driver is a Windows file system Minifilter driver that separates the view(s) of a file's data from the actual underlying data of that same file. EaseFilter Encryption Filter Driver is a typical Isolation Layer Filter Driver, it can create two views of the access data, one is encrypted from the local storage, so your data is always encrypted in the local disk, the other one is decrypted to the authorized user, for every file open, the filter driver will create an unique memory cache, so the users or processes won't see the same view of the data if they have different permission. When the process or the user was authorized to access the encrypted file, the filter driver will decrypt the data in memory during the read request, so the authorized process can get the plain text back, or it will get the ciper text. When the encryption filter driver is turned off, the encrypted file can’t be accessed, when the application opens the encrypted file, it will get cipher text, so no one can read the encrypted files without the encryption filter driver enabled.

Isolation Filter Driver

The application based encryption supports the unique view of the data,  the isolation filter driver can determine on a per-application basis whether decrypted data or encrypted data should be provided to the application when it does a read.  For example, the Isolation Minifilter might automatically decrypt data from an encrypted document when accessed by authorized application Microsoft Word.  However, when that same encrypted document is accessed from an unauthorized applications, for example a backup application, the Isolation Minifilter could provide the raw, encrypted, contents of the file.  The well-designed EaseFilter Isolation Minifilter could allow both views, the decrypted view of the file’s contents and the encrypted view of the file’s contents, to different applications reading the file simultaneously. 

Support Hardware-Accelerated AES Encryption

EaseFilter Encryption Filter Driver supports AES-NI (or the Intel Advanced Encryption Standard New InstructionsAES-NI), at an algorithm level AES-NI provides significant speedup of AES. For non-Parallel modes of AES opeeration (CBC encrypt), AES-NI can provides 2-3 fold gain in performance over a completely software encryption. For parallel modes of AES operation( CBC-decrypt, CTR), AES-NI can provide 10x improvement over a completely software encryption.


Using EaseFilter Encryption Filter Driver

EaseFilter encryption filter driver includes kernel mode filter driver and user mode encryption and decryption APIs. The EaseFilter Driver includes the Access Control component, Isolation layer component and the encryption engine. The EeaseFilter APIs is the component to communicate between client application and the filter driver. The filter APIs expose the interfaces to the client application which can easily monitor or control the filter driver.

Encryption Policieswith the filter rule setting, you can create multiple encryption policies, based on the file types, folder or file name, process and user name, to control what files can be encrypted, what processes and users have the permission to decrypt the files. Every encryption filter rule, you need to assign an encryption key for that, the filter driver will use it to encrypt or decrypt the files, the key can be 16 bytes, 24 bytes or 32 bytes. When you create new files which meets the encryption filter rules, the filter driver will encrypt the file, and the filter driver always generates a unique 16 bytes IV for the new created file, so don’t need to worry about the IV was reused.

Transparent File Encryption – Integrated the encryption file system filter driver to windows file system, enables data-at-rest file encryption, users are unaware of the encryption and the decryption processes taking place.With the transparent file encryption, it won't affect the original data and programs, without any modification of existing applications to deliver data encryption, privileged user access control and security intelligence.

Encryption Performance – With on-access file encryption, there are no extra I/O operations needed, the filter driver encrypts the block data in the same write I/O, decrypt the block data in the same read I/O, avoid burdening the system with the extra I/O operations. You also can encrypt or decrypt the files with API “AESEncryptFile” and “AESDecryptFile”, use encryption API, you can set your own encryption key and IV, the IV is optional, if it is null, it will be assigned a unique 16 bytes ascii characters, for the encryption API, you have another option which you can add the IV tag or not, if you add the IV tag, the encrypted file can be recognized by filter driver, also make sure the encryption key you used for the encryption API must be the same as the encryption filter rule for filter driver. If you don’t set the IV tag, the file was encrypted but there are no any identification related to the encrypted file, it can’t be decrypted by filter driver, it only can be decrypted by “AESDecryptFile” API.

EaseFilter File System Filter Driver SDK Framework

To develop file systems and file system filter drivers, use the Windows Driver Kit (WDK),which is provided by Microsoft. Even with the resources available in the Windows Driver Kit (WDK) developing file systems is certainly a challenge. To simplify your development and to provide you with a robust and well-tested file system filter driver that works with all versions and patch releases of the Windows operating systems supported by Microsoft, EaseFilter Inc. offers the file system filter driver SDK which provides a complete, modular environment for building active file system filters in your application. With the EaseFilter file system filter driver SDK, you can develop your own filter driver application with c++/c# or other languages. EaseFilter File System Mini Filter Driver SDK is a mature commercial product. It provides a complete modular framework to the developers even without driver development experience to build the filter driver within a day. The SDK includes the modules from code design to the product installation, it includes all the basic features you need to build a filter driver:

1. The communication module. It implements how to set up the communication channel between the filter driver and your user mode application, send and receive the messages between them.
2. The debug and trace module. You can print or trace the debug message with WPP trace module, and you also can use the system event log to log the information from the filter driver.
3. The configuration module. This module implements how to manage the configuration setting for the filter driver, includes the managed folders.
4. The file context module.This module implements how to trace every file I/O request, with the user information, process information and file information.
5. The I/O request packet handler module. This module implements how to intercept the I/O requests, modify the I/O data. It means you can build your own custom filter driver easily based on the SDK.
6. The encryption module.This module implements the encryption and decryption of the data.

About EaseFilter Inc.

EaseFilter Inc. is a company who specializes in windows file system filter driver development. It can provide architect, implement and test file system filter drivers for a wide range of functionalities. It also can offer several levels of assistance to meet your specific needs: Provide consulting service for your existing file system filter driver; Customize the SDK to meet your requirement; Create your own filter driver with SDK source code.