Secure Your Portable Device
Portable memory has become a mainstay of modern computer usage. Executives, employees, government officials and individual users have a range of reasons to protect the data on their portable devices. Two basic security measures include password protecting the data, and encrypting it. Many portable device manufacturers, such as Buffalo Systems or Kingston, have versions of portable memory devices that offer in-built encryption and/or password protection. This is achieved through the agency of software that comes pre-installed on the portable device itself. Such devices are marginally more secure than the methods described below. These software are pretty straightforward to setup and use. Invariably, such software allow users to protect a section of the data stored on the portable device, or all the data stored on the device. The methods described below will allow you to use some simple tools for effectively disallowing access to your files.
PicoCrypt is a small encryption and decryption tool. It can be used to encrypt any kind of file. It is a small programme (16 KB) that runs without an installation, and can be carried around on a USB drive. When used to encrypt a file, the file will be visible, but not readable. An image or a text file will appear garbled or as gibberish. Some kinds of extensions cannot be opened at all. However, the thumbnail of the document will be visible if Windows has the thumbnail saved before the file was encrypted. Also, users can delete the file from the system if they want to. To encrypt a file, simple drag and drop it into PicoCrypt. A window will ask you if you want to encrypt or decrypt the file. Click on encrypt. You will be prompted for a password, and a confirmation. If you drag and drop multiple files into PicoCrypt, you will be prompted to enter a password and confirm it for each of the files dragged into PicoCrypt. To view the files again, start up PicoCrypt, and drag and drop the files you want to decrypt, then enter the passwords for each of them in turn. Now the files can be opened and edited on programmes.
Another simple way to protect files is to put them in an encrypted archive. This is essentially the same as the above method, but the extension is changed to archive format, such as a ZIP file. We will be using a free and open source archiving software called 7zip. 7zip stores archives in the .7z format by default, but also works with BZip2, GZip, TAR and ZIP formats. WinRar is a great software for handling archive files, but you have to purchase the full version before you can password protect your archives. Once you install 7zip, the archiving operations show up in the context menu when you right click on a file or folder you want to archive. Right-click and select “add to archive”. In the Encryption field, enter a password, and enter it again. If you check the “Show password” checkbox, you don’t need to enter the password twice. In the Archive Format drop down menu, select the archive format you want to use. 7zip portable and one of the more obscure formats, will discourage casual snoopers. If anyone wants to access the contents of the archive, they will need the password. This is a great way of sharing files over public hosting services, such as yousendit or rapidshare.
People can still delete the archive if they want to. To circumvent this, archives can be hidden inside other kinds of files, such as an image or a text file. To do this, once the archive is created, you will have to navigate to the folder using the command prompt. Go to Start>Run>cmd and hit [Enter]. First, copy an image file to the same folder as the archive. Then use cd or cd.. to navigate to the relevant folder. Once there, enter the following command.
copy /b image.jpg + archive.7z image2.jpg
The image2.jpg will be the image file with the hidden archive. To extract the archive, change the extension of the file from image2.jpg to archive.7z. Note that you need to remember the format the archive was originally in. Using a .zip extension for a .7z archive won’t work. The image2.jpg file can be opened in image viewers, and even in image manipulation programs. The archive will get corrupted only if the image file is overwritten with changes.
Sometimes it is necessary to hide or lock away entire folders. When working regularly with files, the above methods are not of much help, and are pretty laborious.
TrueCrypt is a great open source encryption software for such purposes. When installing TrueCrypt, there are two options available. A disk installation will install the software on the hard drive. An extraction, will however place the software on an external drive, and can be run from there. This is essentially a portable version of TrueCrypt, but this version is limited in capability. After you encrypt a drive in TrueCrypt, the computer will recognize a plugged in drive, but not allow you to access it. Instead, any computer will prompt you to format the drive before you can use it. TrueCrypt can be used to mount the drive, which means that the same drive will occupy to drive letters. The default one will be inaccessible and the mounted drive will be available only after you enter the password in TrueCrypt. TrueCrypt is available for Linux and Mac systems as well, so your encrypted drive will be truly portable.
To encrypt a drive, plug it into the computer, start up TrueCrypt, and go to Volumes>Create New Volume. A volume is a location where encrypted and password protected data can be stored securely. This starts up the TrueCrypt Volume Creation Wizard. There are three possible locations for the data to be stored. The first option is to create an encrypted file container. This option allows you to create an image file, which stores all the data encrypted; you can write any kind of data inside this image file. This image file can be carried around in portable devices. The second option lets you secure an entire portable device, including USB drives and portable hard drives. This option is Encrypt a non-system partition / drive. The third option is to encrypt an entire partition or a system drive. Choose the second option and click on next.
The wizard then offers you two options for the type of volume. The first option is a Standard TrueCrypt volume, the second option is a Hidden TrueCrypt volume. The Hidden TrueCrypt volume adds another layer of security. If for any reason, anyone finds out that you have encrypted your portable drive, and force you to reveal it using a password, then the Hidden TrueCrypt volume will come to your rescue. You can hide sensitive looking data in the TrueCrypt volume, but the real sensitive data will be stored in the hidden volume, which leaves absolutely no traces as it is located invisibly within the encrypted volume. This is for advanced users, and not really necessary in most cases. Simply select the Standard TrueCrypt volume and proceed.
The next step is to select the drive or device that you want to encrypt and password protect. Click on Device, and select a device from the list that appears, then click on Next. The next step allows you to either format the device and encrypt it, or encrypt the partition in place. The first option simply erases all the data on the partition, then encrypts it. The second option, encrypts the drive, moves the data around, and encrypts the data as well. The second option is very time consuming, and it is faster to copy the data to a secure location, format and encrypt the drive, then copy the data back to the volume. Select Create encrypted volume and format it, then click on Next.
This is where things get a little geeky. You get to choose from a range of encryption ciphers. There are a range of options available. Generally speaking, the more the time displayed, the more secure the ciphers are. See box for more details. Once an encryption method for a drive has been selected, it cannot be changed later on. Click on Next.
The size prompt box now appears. This is useful only for creating containers, or volumes hidden within a file. The size of the drive will show up in this window, and you cannot change the values. Click on Next. You have to enter a password and confirm it at this stage. If you use anything less than a password of 20 strings in length, TrueCrypt will prompt you to choose a more secure passwords. A ten character password or so should be beyond what a casual snooper can crack using a brute force method, which is trying every possible combination of letters and numbers as the password. Next you will be asked to move the cursor around the window in a random way. This just generates random strings of data that will be used in the encryption. Click on Format after this is done.
If there is data on your device, you will be prompted about the loss of the data. Note that the drive will be formatted, and all the data overwritten using garbage values. Even a file recovery software cannot recover your data after you proceed. Click on Next to continue. TrueCrypt will now erase all the data, and encrypt the external drive. Even with the default formatting, and the fastest encryption algorithm, the process will take about five minutes for each GB. It is a good idea to leave the process overnight, if you are encrypting a portable hard drive. The portable version of TrueCrypt can mount volumes, but not create them. To mount a volume, select a drive letter from the list of available drive letters. Then click on Mount, and select the drive as it shows up in the system’s drive list. You will be prompted for a password, which you have to enter at this point of time. Now the drive will show up in explorer. You can use it as any other drive, copy and paste data from it, but without TrueCrypt, and your password, it cannot be opened by anyone else.