T 4.54 Loss of protection via the encrypting file system EFS

The Encrypting File System (EFS) in Windows Server 2003/XP and higher is an easy-to-use system to allow for transparent operation of applications and encrypted files. It is best suited for use on stand-alone user computers and exposed client computers that are sometimes used outside of the protected IT environment. The main intention with EFS is to protect the confidentiality of dedicated local data.

The threats mentioned in T 2.19 Inadequate key management for encryption can cause the EFS certificates used for encryption and decryption to be disclosed or lost in a number of ways. On a file server, this would then mean that large amounts of data are not confidential or not available any more, which can be fatal on a file server, in contrast to the situation on a single client computer. In turn, this means that data loss relating to copying or moving data also plays an important role on a server and can lead to the loss of or damage to large amounts of data. When administrators are not adequately aware of such effects or of the complex requirements, the higher level of security intended by the use of an activated EFS can easily be lost. If the users and administrators are also careless due to the assumed high level of security, then critical data may even be at higher risk than without activated EFS. In the following, some aspects of this problem are explained in more detail.

With EFS, it is impossible to guarantee the confidentiality of encrypted data on remote servers due to the administrators. An administrator has the ability to access encrypted data at any time using authorisations and the integrated data recovery procedure.

The EFS is completely transparent to users and applications. This means that each process and each application executed in the user's context has access to the encrypted files. EFS therefore does not provide any protection against malware like Trojan horses and viruses. EFS is not a replacement for careful administration of the NTFS access authorizations (e.g. of the Access Control Lists, ACL). Encrypted files can be deleted by users or applications regardless of whether or not they are protected by the EFS when the users or applications have sufficient authorisation in NTFS.

The transparency is so extensive that users generally do not know if the data is encrypted or decrypted. Note, though, that only the files on data media formatted with NTFS are encrypted. When these files are copied and moved to storage media using another file system, the files are stored in unencrypted form on the media.

Lack of control over EFS certificates

EFS requires defined central key management. If a Public Key Infrastructure (PKI) is not used, then self-signed certificates of the local computer (client or server) are used instead. This means there is a significant risk when using EFS of losing access to the encrypted files when a key is lost.

If data is encrypted on a server that is a member of a domain by a client using the EFS, then this server must request an EFS certificate on behalf of the client user. This is only possible when the domain account of the server is granted extended privileges. The server object is trusted in the domain for delegation purposes. This "representation" and "trust" can be obtained using the Kerberos protocol, but due to the design, the level of security of the Kerberos environment is lower. If the trusted server becomes compromised, the attacker can influence the data of the users. If the trust settings are not configured correctly and are restricted to the EFS-related services, then it is also possible for attackers to manipulate other areas of the server or domain.

If EFS certificates are created in the remote server or in the active directory, it will become more difficult to manage and protect the key material.

Using the EFS API

When an application needs to access encrypted files encrypted for several different users, the application must support the corresponding Application Programming Interface (API) that is available in Windows Server 2003/Windows XP and higher. Otherwise, the keys of the additional users will be removed from the files. No user other than the user who created the file will have access to the particular file any more. The use of backup, archive, and synchronisation tools from third party manufacturers also entails similar risks as soon as they are used to process the encrypted files.