Slovak University of Technology in Bratislava
Faculty of electrical engineering and information technology
Degree Course: INFORMATICS
Author: Miroslav Halás
Thesis: Protection of data files
Supervisor: Doc. RNDr. Otokar Grošek, CSc.
Pedagogical Supervisor: Ing. Miroslav Galbavý
May 1997

The aim of this work was to design and implement a system to keep data files secret using the IDEA cipher algorithm. Additional project considerations included the following: the support for automatic protection of data in the computer, authentication of stored data files, wiping disk space multiple times, and additional capabilities related to the usability of the computer system once the software has been installed.

The source code for the data file protection system is available for review. It was implemented using the C programming language, the Microsoft Visual C++ language and development environment, the i386 processor assembler, Microsoft Win32 SDK, and Microsoft Windows 95 DDK. The application is available for IBM PC compatible computers running Windows 95 operating system.

The primary design and implementation supports a multi-user environment through the use of user profiles. The system's primary function is the automatic and transparent (on- line) encryption of data files from specified directories on the disk. The core of the system for the automatic encryption of files is a virtual device driver for the Windows 95 operating system that can control and modify an application's or operating system's file requests. The system contains various programs to support all necessary procedures such as logging on to system using a user's name and password, changing the password, changing encrypted directories, etc. Another part of the system is a standalone utility program for the automatic encryption of files, authentication of files, removal/wiping of files, and wiping of empty disk space multiple times to ensure data security. This program can be transferred among computers together with data files and can be used without the need to install the entire data encryption system.

All parts of the application associated with keeping the data files secret are designed to be independent from the cipher algorithm used. This is also true of the one-way hash function used for the authentication of the file's contents. The system contains facilities to change these algorithms without changing the source code of programs. Currently, the system utilizes the IDEA cipher algorithm and the MD5 algorithm regarding one-way hashing.