 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / December 2003secure files
There is a device called a thumb drive that holds 8 to 128 MB. It looks a bit like a keychain. A customer wants to use this as a way of protecting his files. He wants it that if anyone stealing a laptop, so long as the thumb drive is not inserted, will find the files are all gibberish. This means some sort of software has to act a bit like a device driver getting between the disk and the browser decrypting on the fly using a password from the thumb drive. I don't see how you can go about protecting files on a disk that are intended for browser use without writing some hairy C++ platform specific code. Is there another approach? My actual job is a bit more complicated. I need to transport these files (in compressed form) securely as well. I could handle that in Java fairly easily with these thumb drives, but that would leave all the received files decrypted and naked. Perhaps there is canned software everyone already uses for this? The secret information is medical research, and medical companies are always spying on each other. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > There is a device called a thumb drive that holds 8 to 128 MB. > > It looks a bit like a keychain. A customer wants to use this as a way > of protecting his files. He wants it that if anyone stealing a > laptop, so long as the thumb drive is not inserted, will find the > files are all gibberish. An interesting problem; if I understand correctly, the laptop contains the data, and the thumbdrive contains the key. I've seen similar systems, but usually involving an encrypted filesystem on the thumbdrive, using a password-based key (mounting the thumbdrive to read the data). > This means some sort of software has to act a bit like a device driver > getting between the disk and the browser decrypting on the fly using a [quoted text clipped - 3 lines] > intended for browser use without writing some hairy C++ platform > specific code. Is there another approach? Can't think of a *simple* solution off the top of my head; one approach (assuming Java-based, since your post was here) might be: 1) Install a standalone servlet container/web server on the laptop (accessible only from localhost). 2) Customize/implement a WebDAV servlet (there are a few, Tomcat comes with one) to serve up the "c:" drive (assuming a Win-based laptop). 3) Have your customized WebDAV servlet obtain the key from a specified location (e.g., the thumbdrive mounted on "d:"). 4) Have your customized WebDAV servlet decrypt/encrypt files on the fly using the obtained key. Effectively, the WebDAV servlet would act as a proxy to the hard drive, decrypting file downloads and encrypting uploads. You would then open http://localhost/webdav using a WebDAV-enabled client (i.e., Windows web folders) and copy files to/from using Explorer. You could also implement a pseudo-filesystem inside a single file, and serve that up (rather than "c:"); essentially all encrypted data would reside in a single file, accessible through the WebDAV servlet. This would be a lot more work, but you could then burn the encrypted file onto a CD and transfer it easily from system to system. You could also make the web server accessible remotely over HTTPS, so the user could start the web server, insert the thumbdrive, and have remote clients access the data securely over HTTPS (authenticated, perhaps via client SSL certificates). This is actually pretty interesting; I might look at implementing something similar myself. Eric >1) Install a standalone servlet container/web server on the laptop >(accessible only from localhost). That is great because it can be done in a platform independent way. I could get it to work on Mac Laptops as well. I could serve PDF and html with the exact same code. It is bit heavyweight for a laptop that may not have a lot of spare disk space or RAM. Thanks for the idea. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > Can't think of a *simple* solution off the top of my head; one approach > (assuming Java-based, since your post was here) might be: > ... This is elegant! I like it. > This is actually pretty interesting; I might look at implementing > something similar myself. Let us know if you do, and if you need some help. I'm at net.makefile@hansg -Hans >2) Customize/implement a WebDAV servlet (there are a few, Tomcat comes >with one) to serve up the "c:" drive (assuming a Win-based laptop). Does this webdav mechanism let you just serve some directory tree? or does the user have to create a separate partition? -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > Does this webdav mechanism let you just serve some directory tree? or > does the user have to create a separate partition? That would depend on the particular WebDAV implementation; WebDAV is an extension to HTTP to support distributed authoring of web sites (RFC 2518). Most implementations simply provide access to a directory tree, but you could use anything as a backend so long as you "speak" WebDAV. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.