Page 396 - DCAP103_Principle of operating system
P. 396
Unit 13: Input/Output and Security of Windows
To decrypt a file, the encrypted 128-bit random file key is fetched from disk. However, to decrypt Notes
it and retrieve the file key, the user must present the private key. Ideally, this should be stored
on a smart card, external to the computer, and only inserted in a reader when a file has to be
decrypted. Although Windows 2000 supports smart cards, it does not store private keys on them.
Instead, the first time a user encrypts a file using EFS, Windows 2000 generates a (private key,
public key) pair and stores the private key on disk encrypted using a symmetric encryption
algorithm. The key used for the symmetric algorithm is derived either from the user’s login
password or from a key stored on the smart card, if smart card login is enabled. In this way,
EFS can decrypt the private key at login time and keep it within its own virtual address space
during normal operation so it can decrypt the 128-bit file keys as needed without further disk
accesses. When the computer is shut down, the private key is erased from EFS’ virtual address
space so anyone stealing the computer will not have access to the private key.
A complication occurs when multiple users need access to the same encrypted file. Currently the
shared use of encrypted files by multiple users is not supported. However, the EFS architecture
could support sharing in the future by encrypting each file’s key multiple times, once with the
public key of each authorized user. All of these encrypted versions of the file key could be
attached to the file.
The potential need to share encrypted files is one reason why this two-key system is used. If all
files were encrypted by their owner’s key, there would be no way to share any files. By using
a different key to encrypt each file, this problem can be solved.
Having a random file key per file but encrypting it with the owner’s symmetric key does not
work because having the symmetric encryption key just lying around in plain view would ruin
the security — generating the decryption key from the encryption key is too easy. Thus (slow)
public-key cryptography is needed to encrypt the file keys. Because the encryption key is public
anyway, having it lying around is not dangerous.
The other reason the two-key system being used is performance. Using public-key cryptography to
encrypt each file would be too slow. It is much more efficient to use symmetric-key cryptography
to encrypt the data and public-key cryptography to encrypt the symmetric file key.
Self Assessment
Multiple choice questions:
1. The I/O manager is on intimate terms with ...................... manager.
( a) plug-and-play (b) play
( c) plug (d) none of these
2. Windows is based on ...................... system.
( a) character base (b) graphics base
( c) event (d) none of these
3. Windows 2000 supports most important file which are ...................... .
( a) FAT 16 (b) FAT 32
( c) NTFS (d) All of these
4. Windows 2000 NTF is used in ...................... file system.
( a) vertical (b) hierarchical
( c) both (d) none of these
LOVELY PROFESSIONAL UNIVERSITY 389
