쥐스킨트의 작은 서재

Encrypting File System

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

EFS is available in all versions of Windows developed for business environments from Windows 2000 onwards. By default, no files are encrypted, but encryption can be enabled by users on a per-file, per-directory, or per-drive basis. Some EFS settings can also be mandated via Group Policy in Windows domain environment.

Cryptographic file system implementations for other operating systems are available, but the Microsoft EFS is not compatible with any of them.

Basic ideas

As long as the operating system is runningon a system without file encryption, access to the files will have to go through OS-controlled user authentication and access control lists. If an attacker gains physical access to the computer, however, this barrier can be easily circumvented. One way would be to remove the disk and put it in another computer with an OS installed that can read the filesystem, or simply reboot the computer from a boot CD containing an OS that is suitable to access the local filesystem.

The most widely accepted solution is to store the files encrypted on the physical media (disks, USB pen drives, taps, CDs and so on).

In the Microsoft Windows family of operation systems EFS enables this measure, although on NTFS drives only, and does so using a combination of physical media encryption and symmetric key cryptography to make decrypting the files extremely difficult without the correct key.

However, the cryptography keys for EFS are in practice protected by the user account password, and therefore susceptible to most password attacks. In other words, the encryption of a file is only as strong as the password to unlock the decryption key.

Security

-      Decrypting files using the local Administrator account: In Windows 2000, the local administrator is the default Data Recovery Agent, capable of decrypting all files encrypted with EFS by any local user. EFS in Windows 2000 cannot function without a recovery agent, so there is always someone who can decrypt encrypted files of the users. Anynon-domain-joined Windows 2000 computer will be susceptible to unauthorized EFS decryption by anyone who can take over the local Administrator account, which is trivial given many tools available freely on the Internet.
In Windows XP and later, there is no default local Data Recovery Agent and no requirement to have one. Setting SYSKEY to mode2 or 3 (syskey typed in during bootup or stored on a floppy disk) will mitigate the risk of unauthorized decryption through the local Administrator account. This is because the local user’s password hashes, stored in the SAM file, are encrypted with the Syskey, and the Syskey value is not available to an offline attacker who does not possess the Syskey pass phrase/floppy.

-      Accessing private key via password reset: In Windows 2000, the user’s RSA private key is not only stored in a truly encrypted form, but there is also a backup of the user’s RSA private key that is more weakly protected. If an attacker gains physical access to the Windows 2000 computer and resets a local user account’s password, the attacker can logis as that user (or recovery agent) and gain access to the RSA private key which can decrypt all files. This is because the backup of the user’s RSA private key is encrypted with an LSA secret, which is accessible to any attacker who can elevate their login to Local System.
In Windows XP and beyond, the user’s RSA private key is backed up using an offline public key whose matching private key is stored in one of two places: the password reset disk (if Windows XP is not a member of a domain) or in the Active Directory (if Windows XP is a member of a domain). This means that an attacker who can authenticate to Windows XP as Local System still does not have access to a decryption key stored on the PC’s hard drive.
In Windows 2000, XP or later, the user’s RSA private key is encrypted using a hash of the user’s NTLM password hash plus the user name – use of a salted hash masks it extremely difficult to reverse the process and recover the privative key without knowing the user’s passphrase. Also, again, setting Syskey to mode 2 or 3 will mitigate this attack, since the local user’s password hash will be stored encrypted in the SAM file.

From: https://en.wikipedia.org/wiki/Encrypting_File_System