How to prevent access of users to read and extract my binary files

0

I have set of binary data files among one of my applications and for security issues I should encrypt and decrypt files for every use. This is quite well but the process is killing. I use Blowfish to perform ciphering and it's really slow in both functions. I can understand that if someone wants to extract my data from the binary files, he/she should have a recognition about my file pattern but I'm afraid that would be nothing hard to guess.

Is there any way to lock access for users to read binary files with use of encryption or other things?

MahanGM

Posted 2012-10-06T10:24:20.577

Reputation: 145

would taking away the right to read in linux permisions do? – Bartlomiej Lewandowski – 2012-10-06T10:32:03.973

I'm not on Linux but you mean by setting OS permissions on files, it wouldn't happen? What about if someone use for example the .net itself to access and read files? Because I archived my data into these files by .net's BinaryWriter. – MahanGM – 2012-10-06T10:44:37.003

Answers

0

The general rule is that whatever you give to the user is not yours anymore. When you encrypt the data, you keep the encryption key within your application and the key can be extracted. The only relatively reliable solution is to put the key to the hardware device (USB cryptotoken) but this is not acceptable in many scenarios. And it's only relatively reliable, as the data can be captured and there exist attacks on some USB tokens.

If you only want to protect the data from the average Joe, you can use encrypted ZIP as a container (double encryption would drive away more users). And you need to replace the algorithm - Blowfish is really very slow. AES would be faster.

If the amount of data is large, then it's better to employ on-the-fly encryption-ecryption, i.e. you should encrypt or decrypt only those blocks of data which are used and not the complete stream. This makes the task more sophisticated. Or you can use a virtual file system which supports encryption on lower level (our Solid File System is one of examples, and there exist some others).

Eugene Mayevski 'Callback

Posted 2012-10-06T10:24:20.577

Reputation: 379

So agree with all points except that AES would be better. You want decryption to be slow, as it takes longer for someone to decrypt the data. – Woot4Moo – 2012-10-06T18:20:45.157

I've tried Cast-128 algorithm and I'm getting on somehow. I appreciate your idea. – MahanGM – 2012-10-07T17:43:58.487

@Woot4Moo 10 ms "longer"? :) Decryption would be done with a known key which will be extracted from the application so slowness doesn't add anything to protection strengh. – Eugene Mayevski 'Callback – 2012-10-08T06:18:24.910

Well it is dangerous to suggest cryptographic solutions without a deep understanding of how they work. You want decryption to be as slow as possible. Let's assume i don't have the key and am brute forcing your app – Woot4Moo – 2012-10-08T13:50:41.793

@Woot4Moo there's nothing to assume here - in discussed scheme the key IS known (it's on user computer, embedded into the software). – Eugene Mayevski 'Callback – 2012-10-08T14:21:24.407

Reading the OP's question at no point does it say the key is embedded anywhere. I think you are making assumptions. – Woot4Moo – 2012-10-08T16:33:46.520

Asked: 2012-10-06T10:24:20.577

Viewed: 127 times

Active: 2014-08-11T20:29:24.107