I am trying to implement a simple encrypted file system for all usb storage devices (flash disks) on a specific PC. This is a matter of security and it would assure that flash disks formatted by other PCs cannot be used in this PC and vice versa. The OS of PCs are either Windows XP, 7 or Linux.
Now my question: what is the best approach for this? Where is the best point for implementing such system?
I have read the IFS documents in MSDN and it seems that miniFilters may be the best way to go. I can implement a miniFilter that attaches to all USB devices and encrypts write operations and decrypts the read operations. But I think that miniFilters cannot change the file-system tables. This means that all files and folders can be read by unathurized PCs and only the file contents will be encrypted.
An alternative would be a custom file-system but it seems much more difficult to implements.
1) Is there any way to insert a software processing layer between file-system data output and USB bus? In this way I can protect the complete disk data, no matter what file-system it uses.
2) Is there any way to manipulate the file-system tables in miniFilter level and make it unreadable for normal systems?
3) What is the best solution for linux?
You need a driver which would filter requests on disk level, rather than on file level. In Windows that’s possible, but I don’t know about Linux.
For a custom filesystem on the device you can use virtual disk components – for Windows there exist several products with different design approaches on the market (including our SolFS and CallbackDisk products) and I believe it’s the same for Linux. But custom filesystem probably won’t solve your task completely because while it lets you have custom-formatted and encrypted USB device, one still is able to insert FAT- or NTFS-formatted flash card or USB stick and use it.