Authentication and Authorization

Authentication and authorization are two vital information security processes that administrators use to protect systems and information. Authentication verifies the identity of a user or service, and authorization determines their access rights.

Authentication

Authentication is the process of proving that you are who you say you are. This is achieved by verification of the identity of a person or device. It’s sometimes shortened to AuthN.

Authorization

Authorization is the act of granting an authenticated party permission to do something. It specifies what data you’re allowed to access and what you can do with that data. Authorization is sometimes shortened to AuthZ.

Authentication and authorization using the EaseFilter File Security SDK

The EaseFilter File Security Filter Driver simplifies authorization and authentication for application developers with the identity information. When an application accesses a file, the EaseFilter will provide the developers the user’s identity, provide you the user SID which allows you to get the user name, the process name and process Id. Based on the access control policies in the filter rules configuration, you can authorize or deny the file access in your application.

How to authenticate a trusted process?

Authenticate a process by the process name or process Id is not easy, since a  malicious application can hack your binary file, or replace the executable file with the same file name of the  malicious binary file. How to assure a process is a trusted process?

Using Microsoft Authenticode to sign the executable binary file can solve this problem. Code signing accomplishes both with a digital signature and a hash function. The digital signature authenticates the developer, the hash serves as a checksum to ensure the integrity of the software hasn’t been compromised. Quickly, from a technical standpoint, the code signing certificate and the code itself are both hashed together and then the resulting hash value is digitally signed with the certificate’s private key.

Verify the digital code certificate

When a user receives the software, their system will first repeat the hash value that was created when the certificate and code were both hashed together during the signing. No two disparate inputs can create the same output in hashing, so if the values match, you can safely assume the software’s integrity is intact.

Then the system takes the public key that was presented alongside the code signing certificate and uses it to verify the signature.

When done properly, the result is this:

authenticate and authorization

If not done properly, the user gets warned instead:

untrusted process

To implement the authentication and authorization in your application, the EaseFilter File Security Filter Driver provides the APIs to support the process authentication and authorization. You can setup the filter rule to block the file access by default to any processes, only the trusted processes can access your files.

How to verify the trusted processes in EaseFilter?

When your file was accessed by a process, the EaseFilter will intercept the file I/O operation, before the I/O goes down to the file system, the EaseFilter will verify the digital signature of process’s binary file, if the signature is good and the digital code certificate was from your trusted publisher, it meant the process’s binary has not been tampered, it is a trusted process, then the EaseFilter will allow the file I/O operation goes through to the file system.

//Add the access rights to the trusted process which was digital code signed by the trusted publisher.
FilterAPI.AddSignedProcessAccessRightsToFilterRule("c:\\protectedFolder\\*",certificateOfTrustPublisher, (uint)certificateOfTrustPublisher.Length*2, FilterAPI.ALLOW_MAX_RIGHT_ACCESS)

For more information, you can go to the page “setup the trusted process“.