Data stored in data stores such a file systems and object stores can be secured by employing access control, authentication or encryption technologies. Such technologies are susceptible to being compromised through attack, negligence or ineffective configuration.
For example, one technique for securing files stored in a file system is the Encrypting File System (EFS) provided by Microsoft. EFS provides for the encryption of files stored in a file system with access control managed by an EFS driver installed as part of, or as an extension to, an operating system. Files are encrypted using a symmetric key which is itself encrypted using an asymmetric key pair. A symmetric key is encrypted in this way because volumes of data can be encrypted more quickly using a symmetric key than using an asymmetric key.
The symmetric key is encrypted using a public key associated with a user for which file access is permitted, the user being authenticated based on normal Windows operating system user credentials. Subsequently, the file may be decrypted for an authenticated user by the EFS using the corresponding private key for the user to decrypt the symmetric key which is used to decrypt the file. Alternatively, the symmetric key may be decrypted for an authenticated special (super) user having administrator rights, whereby the EFS decrypts the file based on the symmetric key.
While this approach is effective for providing secure data storage for which access is controlled on a user basis, the approach of EFS and similar technologies suffers considerable disadvantages. In particular, the reliance on a single set of operating system credentials to provide access to encrypted data introduces a considerable weakness in the security mechanism. Essentially the only protection against complete encrypted data access is the user credential such as a user ID (not normally secret) and a password. Passwords can be stolen, intercepted, lost, discovered and are susceptible to brute-force attack. Further, the ability of a special (super) user, such as an administrator, to always decrypt user files introduces a further vulnerability in that two sets of credentials are available for attack or discovery in order to access secure data: user credentials; and administrator credentials. Indeed, compromised administrator credentials will potentially expose all secure data stored in a file system. Further, losing or forgetting passwords for a user and administrator can render secured data inaccessible.
It would therefore be advantageous to address these disadvantages with known secure data storage techniques.