As previously discussed, portable storage (e.g., USB

PenDrives) has changed the way that we move our data, but it brings the issue

of potential data loss firmly into the forefront of our security strategy. These

devices are very small, and they are all too easy to misplace (or have stolen),

so how do we go about making sure that the data stored on these devices is

secure and can only be accessed by those who are authorised to do so? 

Some device manufacturers like SanDisk offer encryption /

protection software, which is CruzerLock in its

case. The basic features offered by these packages are pretty much equal across

the board. The free version of CruzerLock includes both file encryption and

compression: 

  • Encrypt entire directory

    structures, folders, or drives files from a PC hard drive, or from the flash

    drive, into the CruzerLock-protected archive using an integrated MS

    Windows Explorer utility

  • Upgrades encryption to 448
    bit Advanced Encryption Standard from current 56 bit
  • Powerful compression engine

    (PKZip) built into the software, compresses data up to one tenth of its

    original size

  • Integrated password
    recovery

Upgraded versions of the software are available; some of the

additional features offered by these include the ability to assign permission

rights (view, copy, delete etc.), use integrated filesharing, and lock content

to specific machines. To be honest, I don’t think it’s worth paying up to $100

for the upgraded features—I simply want to lock my files away so they are

protected if I lose the device. I currently use a small USB key to store a

backup of my financial records. This is protected by the manufacturers’

included software, which is easy to use and portable, as the unlock program is

run straight from a small unencrypted partition on the key. There is, however,

one reason why I have not used encryption on my main 2GB USB key: very simply,

it’s that the manufacturers’ programs never support Linux. I keep copies of

letters, e-mail and bookmark backups, photos, etc. on my key (not exactly top-secret

military documents, but I would rather not have people looking through them if

I lost it). I am in Linux often, so if I want to update my bookmarks to put

them in sync with my Windows bookmarks—my key is encrypted by the Windows

software, and I have no chance of getting to the bookmarks file while in Linux.

Of course, if I set up an encrypted filesystem on the key from Linux, I can’t

access my data in Windows. 

Well, now I have found a solution—an Open Source project
called TrueCrypt.

Not only is TrueCrypt available for Windows, but I was

delighted to see that Linux packages are available in many flavours: Fedora

rpm, Debian/Ubuntu deb, plus SuSE rpm. Add to that the source code for both the

Windows and Linux applications, and the only major OS lacking is Apples OS X. A

future release is apparently planned. So what are the main features?

  • Creates
    a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts
    an entire hard disk partition or a device, such as USB flash drive.
  • Encryption
    is automatic, real-time (on-the-fly) and transparent.
  • Provides

    two levels of plausible deniability, in case an adversary forces you to

    reveal the password:

    1. Hidden
      volume (steganography – more information may be found here).
    2. No

      TrueCrypt volume can be identified (volumes cannot be distinguished from

      random data).

  • Encryption

    algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES,

    and Twofish. Mode of operation: LRW (CBC supported as legacy).

The documentation is very complete. It seems there is also a

traveller mode for Windows use—this installs an application which can automatically

launch the unlock program and then, once supplied with the password, it will

mount your encrypted drive. It would be nice to have this functionality for

Linux too, but I can’t see it happening (due to differing Kernel versions etc.).

Next week we’ll take a look at setting up TrueCrypt in Windows. How well will

it work?