Encryption - Examples
Contents

Home
Introduction
Basic Concepts
Randomness
Algorithms
Disk Structure
Strategies
Examples
Conclusion
Downloads

Current Page Contents
1Introduction
2The Specification
3Setting up the Disk
4BIOS Disk Routines
5System Area Encryption Routines
6System Area Decryption Routines
7Blowfish Encryption Routine
8Blowfish Decryption Routine
9File Fragmenter Routine
10Replacement DOS Commands
11Additional DOS Commands
12User Manual

1 Introduction
OK, so we're finally ready to develop our own encrypted storage system from scratch !

In this section we will be developing the code necessary to do this. Obviously if we wanted to develop such a system that could run on any hard drive/operating system etc, the code would end up massive.

We will be developing code for DOS using a specified hard disk, although there will be liberal use of comments wherever you will need to change code for your own drive.

Similarly, I'm sure you will be able to spot areas that would benefit from adding a little more complexity or subtlety, however we will be working to the specification we set out to ensure the code remains readable and concise.

Finally, we wont have much in the way of error trapping (other than critical) or a user friendly interface as this also adds massive amounts of code.

I can't emphasise enough how important it is to develop a specification to work from if you want to develop your own system from scratch. When developing such a complex system it is vital to develop a working specification and follow it. The specification we will be using has comments and suggestions as to what else you could change to increase security further, although even the current specification should be enough to prevent your data being read by anyone for the rest of your life !

Use this example as a template for your own routines. I'll leave it up to you to add the extra complexity, error trapping etc. You could buy a robust commercial version of a similar program from the company I work for, along with a plug in security card which works with Windows and has all of the extra bells and whistles if you can afford it :)

The Contact Info section has further details regarding this.

2 The Specification
  • We will be using a Quantum Fireball 4.3GB hard drive for this example.

  • The hard drive will be partitioned using DOS FDISK to create two DOS partitions of equal size, and a 10MB non-DOS partition.

  • The first partition will be drive C: and will have DOS 6.22 installed along with MSClient 3.0 configured for TCP/IP networking to allow the system to be connected to other PC's via a network.

  • The second partition will be drive D: and will be formatted using the DOS FORMAT command. However, we will then be developing an encryption routine that will encrypt the entire system area of this partition, and will then transfer the encrypted system area to the third partition. The entire encrypted system area (approximately 128KB) will be distributed randomly throughout the 10MB of space reserved for the third non-DOS partition.

  • A one time pad will be used to encrypt the entire system area using a 128KB random key which will be stored on floppy disk only. Obviously the floppy disk should be removed from the system when it is not being used to ensure it is not taken should your computer fall into the wrong hands.

  • The third partition (all 10MB) will be initially overwritten with a series of random bytes.

  • The general encryption algorithm for files will be based on Blowfish, and a suitable encryption/decryption program will be written.

  • A file fragmenter program will be written to ensure files remain fragmented on the disk to ensure contiguous sectors are never used for storing encrypted files.

  • Replacement DOS commands will be developed including MKDIR, RMDIR, COPY and DEL to enhance security. These routines will ensure slack space is overwritten, track where directory entries are held on disk (to ensure they can also be encrypted), ensure that dates and times are not stored with files and ensure that deleted files are actually deleted and removed entirely from the FAT.

  • Additional DOS commands will be developed including WIPEDISK, TRASH, FLUSH, ROOT and FMAT to provide additional security and the ability to recover deleted files on a session by session basis, remove all traces of dates and times in the root directory entry, write an a random sequence to the entire hard disk after using the FORMAT command, and clean slack space on the first standard DOS partition.

  • A comprehensive user manual will be developed to ensure secure use of the new filing system, and in particular, secure networking concepts to ensure encrypted files can't be found on the original PC on the network.

3 Setting up the Disk

4 BIOS Disk Routines

5 System Area Encryption Routines

6 System Area Decryption Routines

7 Blowfish Encryption Routine

8 Blowfish Decryption Routine

9 File Fragmenter Routine

10 Replacement DOS Commands

11 Additional DOS Commands

12 User Manual

The Rota

BlueCrab Ltd