Many platforms.
One encrypted file system.

Server, Workstation, Mobile, IoT.
Windows, MacOS, Linux, Raspbian.
Local storage, cloud storage.

Versatile and interoperable

ScramFS has been designed to work on many different computing platforms, operating systems, and with both local and cloud storage.

Our implementation has been carefully designed to be cross platform friendly.

This makes ScramFS very versatile, and great for users, system administrators and developers on all platforms.

Ciphertext portability: encrypt over here, read over there…

Portability of ciphertext is a key design tenet of ScramFS. We want a user to be able to create, read and write encrypted files from any device, and store their encrypted files anywhere.

With ScramFS, it’s possible to encrypt a file on one device, copy the encrypted file to another storage device, and open it up on another device. ScramFS makes it as simple as it sounds, automatically catering for differences in platform, operating system, and storage file system.

A good example of the portability of the ciphertext data is shown in the example below:

Tool Storage Task
SCRAMFS CLI
EXT4 Create encrypted files using the ScramFS CLI on a Linux system, and store them to a local ext4 partition.
Copy those encrypted files from local hard drive to WebDAV cloud storage using any file transfer program
SCRAM EXPLORER or other
WebDAV client
WebDAV
Download the encrypted files from WebDAV cloud storage onto a separate Mac system, and read and modify those files locally using the ScramFS API.
SCRAMFS API
HFS
Mac finder or cp command
Copy the encrypted files to a USB device by dragging and dropping from Mac Finder.
SCRAM EXPLORER
exFAT Plug the USB disk into a Windows machine, and decrypt and copy the files from USB device on a Windows system via Scram Explorer.
SCRAM EXPLORER
or
Google Drive
in web browser
Copy the files to Google Drive using the Google Drive web interface or via the ScramFS CLI.
SCRAMFS API
Google Drive Open, read, write files on Raspbian using the ScramFS API.
SCRAM EXPLORER
or
Google Drive client
Download the files to a ZFS partition on Linux, and mount the encrypted files using ScramFS Mount.
SCRAMFS MOUNT
ZFS Mount the encrypted files using ScramFS Mount and use the files normally, with ScramFS performing automatic transparent encryption and decryption in the background.

Example 1: IoT data logging with central analysis

ScramFS supports of Linux and Raspian. IoT device developers can use the ScramFS API to create data logging software that cryptographically protects data collected by IoT devices. ScramFS encryption will protect the privacy of the data, while the ScramFS authentication tag will protect against forgeries and sabotage.

  • IoT devices securely log data (e.g. telemetry, video surveillance, etc) to local flash memory, automatically encrypted with ScramFS.
  • Encrypted data is periodically uploaded to a central storage repository in the cloud. It remains encrypted in the cloud.
  • The cloud acts as a central repository for that data. If the cloud is attacked, there will be no danger of data breach because the data is end-to-end encrypted and the cloud is outside the trust boundary.
  • Processing occurs on a separate computer, which downloads the data from cloud storage. This data processing computer may run Windows, Linux or MacOS. Data is decrypted in real-time upon access, so plaintext is only present for the minimum amount of time.
  • After processing, the encrypted data can be moved into a cloud based archive data set.
  • Data is encrypted in transit and in storage – true “end-to-end” encryption for data at rest.
  • Depending on the usage scenario, each IoT device can encrypt using unique keys specific to that device, ensuring that one device cannot be used to forge data coming from a different device.

This scenario is possible because ScramFS supports:

  • Raspbian, Windows, Linux, MacOS
  • Real-time encryption and decryption of data
  • Local and cloud storage

Example 2: Evidence collection

ScramFS supports devices such as the Microsoft Surface. This enables software developers to develop applications that allow personnel to collect evidence, cryptographically secure the data and upload the encrypted data to a cloud based repository for later processing.

  • Teams of professionals gather data and evidence “in the field” using portable devices such as tablets – for example, police, insurance assessors, medical professionals, etc.
  • For security reasons, all data must be stored encrypted to mitigate against data leakage if the portable devices are lost.
  • Each device can encrypt using different encryption keys, so it is always possible to guarantee the authenticity of the data and trace back exactly which device it originates from.
  • “In the field”, access to the Internet is not always available, so data and evidence needs to be stored locally, before being uploaded to a central repository. ScramFS is used to encrypt data on local storage.
  • The ciphertext data can be directly uploaded from local to cloud storage when Internet becomes available. In many situations, cloud storage will be private cloud.
  • Processing the encrypted data can be done later.
  • Data cannot be faked – the forensic timestamps accurately reflect when the data was created and modified, regardless of whether cloud storage supports timestamping. The ScramFS Integrity Tag ensures the integrity and authenticity of data at all times.

This scenario is possible because ScramFS supports:

  • Tablet devices such as Microsoft Surface running Windows 10
  • Real-time encryption and decryption of data
  • Local and cloud storage, including support for private cloud
  • ScramFS authentication tag, and forensic timestamps

Send us a message

The field is required.




Cant read the image? click here to refresh