Portable encryption systems – keeping your USB / flash drive data safe

Flash drive securityUSB-based flash drives are a part and parcel of everyone’s life these days. Not only they are dirt cheap, they provide  substantial storage, making them extremely handy tools for carrying around large amounts of data, including personal  and official  information of sensitive nature.

What’s worrisome is that the data on an average flash drive is grossly unsecure and can prove to be a tremendous source of data leakage both from the personal front and an organization network if the drive falls into wrong hands.

Because of their tiny sizes these devices are prone to being lost or misplaced or worse yet – easy targets for thieves.  Both TechRepulic and PCWorld provide lengthy discussions on the kind of damage such an action may cause to an organization.

Good news is that there are numerous commercial and free / opensource solutions (both software and hardware based) to securing your flash drive data. This article attempts to provide brief overviews of the most well-known ones with an emphasis on those which are free and readily available to everyone. In each case, portability is the key criteria, as that’s what USB drives are for.

Hardware

Hardware ChipTo begin with,  hardware-based data protection systems (for flash drives) aren’t all that prevalent yet with not many viable (read inexpensive) options for the mass consumer market. For most part, these devices are targeted towards the SMB (Small and Medium Business) and Enterprise market.

Although dubbed “hardware-based encryption” these flash drives employ a dual layer of software and hardware to secure your files.

These drives come with two partitions – a normal partition for publicly viewable data and an encrypted one for all your sensitive information, with the ability to set the size of this partition (as a percentage of the total flash drive capacity) at will. All data flowing in and out of the latter is encrypted / decrypted on-the-fly using AES-256 by an encoder chip (hardware) built into the flash drive. To access this special partition one needs to provide a password. This authentication mechanism is where the software part comes into play. The whole process is transparent to the end user and doesn’t cause any noticeable loss in data transmission speeds.

Note that the authentication software (in most cases) is Windows compatible only! Hence, on other platforms (Mac, Linux etc.) your encrypted partition cannot be accessed.

Did you know…

even if you ever lose your USB stick it will take someone with a very powerful computer at least 100 years to decrypt the data using brute force?

The drives also sport automated self-destruct systems that securely wipes out  data on the encrypted  partition after a certain number of attempted break-ins. This effectively counteracts any brute-force cracking attempts, although you can give up all hopes of recovering your data. But then again – “Better safe than sorry”.

Some of the vendors offering hardware encryption based USB Flash drives are:

Among these, the drives from Kingston, SanDisk and Verbatim have been awarded the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST), which validates the USB drives for use with sensitive government data. Recently, a potential security hole was discovered in the drives from all three vendors – but that was primarily due to poor coding of the software counterpart. The actual encryption system still remains stands strong. Besides, patches have already been rolled out by all three vendors rectifying this problem.

If you’re the  paranoid kind and / or are strong on security these are the drives for you. But be prepared to shell out a thick wad in the order of $100 – $500 depending on the make and capacity of the drive.

Software

The pure software encryption systems have a couple of distinct advantages over their hardware counterparts:

  • They can transform any given USB disk into a secure storage location
  • Most such systems allow you to set a preferred cipher (encryption routine). Besides the default AES Blowfish, Twofish, DES, Tripple-DES etc. are also offered.
  • And finally, they come much, much cheaper than the hardware variants. The price range starts from “free” and goes up to $50.

As far as modus operandi goes, both hardware-based and software-based systems are virtually alike – except that, for the latter, the functionality of the hardware encoding chip is taken up by an additional layer of software. The same software that handles authentication is also responsible for encoding / decoding of the encrypted partition and a portable copy of the same is usually placed on the USB drive in order to avoid re-installation issues when working on a different PC.

USB EncryptionAnother added advantage is that one can create multiple encrypted partitions on the same USB drive. These so-called encrypted partitions aren’t “real” partitions, per se. Rather they are encrypted files that serve as containers for your data and are mounted as separate partitions by the software on-demand. Hence, it is possible to create as many of these partitions as you wish – each dedicated to a different kind of content (or as you see fit) – the only limitations being the total capacity of the flash drive and the availability of drive letters (on Windows). Like the hardware version, these data can be read from / written to these partitions on-the-fly.

Well-known commercial tools for this task are:

  • Encrypt-Stick – Employs Polymorphic Encryption. $40/license.
  • WinEncrypt CryptArchiver – Can choose between AES and Blowfish. $18 to $50/license depending on edition. A free edition – which limits volumes to 25MB – is also available.
  • I-Secure Key – Pricing and features are not clear from their website, but a fully functional trial version is available for download. This isn’t an encryption software per se and utilizes TrueCrypt behind the scenes to create and maintain the encrypted volumes.
  • Master Voyager – Apart from creating encrypted volumes on USB drives, this tool is also capable of creating encrypted CDs and DVDs. $70/license.
  • Discryptor – A pretty robust application with a strong set of features (and a lot of excess baggage like Parental Control, Employee Monitoring etc.) Licenses can range from $85-$2500 depending on edition. A free but limited Basic edition is also available.

And finally, onto the free and opensource ones.

  • TrueCrypt – Perhaps the best that there can be in this category in terms of features (and pricing). This utility offers support for unlimited encrypted volumes (as long as there are drive letters to mount on) and can encrypt entire existing partitions. The recent versions support something called Hidden Volumes where your actual data resides with a Fake counterpart stuffed with junk data to provide you with “plausible deniability” – in case you are forced to give-up your volume password to an adversary. Supported algorithms: AES, Twofish and Serpent. Probably, the only one to work on both Windows & Linux. Here is an excellent tutorial on using TrueCrypt. Advanced users will benefit from this tool.
  • Rohos Mini Drive – Easy to use portable application targeted at newbies. It creates hidden, encrypted volumes and can run on a guest computer without Administrative rights using File Virtualization technology. Caps the storage volumes at 2GB. Has virtual keyboard for protection from keyloggers. If it’s your first venture into the world of encryption, I recommend this utility.
  • SafeHouse Explorer – Another great utility with a similar set of features as Rohos. This tool presents you with an ever-familiar Windows Explorer like interface which you can use to drag & drop files and folder into the “private storage vaults”. Sports a graphical password strength meter to help you choose a good master password. A cool feature is the creation of self-executing click-and-run encrypted volumes. Recommended for basic users.
  • USB Safeguard – A free, lightweight and portable utility that works in drag & drop mode. Also features a safe-surfing mode that one can use while browsing from an internet cafe. Also a good recommendation for basic users.
  • FreeOTFE – A no frills yet powerful and portable opensource utility that supports numerous hash (including SHA-512, RIPEMD-320, Tiger) and encryption algorithms (including AES, Twofish and Serpent) in several modes (CBC, LRW and XTS) – providing a much greater level of flexibility than a number of other (including commercial!) OTFE (on-the-fly-encryption) systems. Has support for Linux volumes (Cryptoloop “losetup”, dm-crypt and LUKS). Works on PCs without no Administrator rights and has a PDA version too. Intended audience: both basic and advanced users.

Before I end, I’d like to mention this one other way which helps you encrypt data in a similar fashion without the aid of any third party software. This system utilizes the native data encryption mechanism of NTFS and works only on Windows-based computers. Online Tech Tips has a step-by-step tutorial on this. Be advised that this method limits your read / write activities to the encrypted partition on the originating computer only unless you are ready to export and carry around your EFS certificates.

Safe computing 🙂

How to send executable (.exe) files as attachments in Gmail

Encrypted Email AttachmentGmail (and many of the major free email service providers) normally don’t allow you to attach executable (.exe) files and send them over to someone, because of security reasons – i.e. by barring this file type, they restrict the spread of various Worms and Trojans to a large extent. Even script files like .bat are blocked. This holds true even if you  rename such files, zip  them all up and try sending – because even zipped archives can be scanned.

However, there are genuine cases where you DO need to send over such files to your contact in a hurry, but due to the restrictions you’ve to opt for third-party file-hosting solutions like RapidShare or Box.net. And… invariably every time you’ve wished how convenient it would have been if you were able to zip them all up and send along with your mail. Would have kept everything in one place and to the context.

Well… here’s a quick tip that’ll put you right on track. As I’ve pointed out earlier zip files can be scanned and renamed .exe files can easily be caught by examining the file header. So how do you go about it?

Have you ever utilised a feature called Encrypt in WinZip? This is meant for storing sensitive and confidential data in the archive and locking it up with a password. What WinZip essentially does is to employ a industry standard encryption algorithm (you can take your pick) and entirely encrypt the contents of the archive using your password as the key phrase. The encryption renders the contents of the zip file unreadable and such encrypted files cannot be scanned properly by Gmail – thus letting your executable files slip through normally. All you need to do is send along the password in your mail to your recipient – so that he/she can successfully unzip the archive and extract the contents.

WinZip Encrypted Email Attachment

This trick hold true for almost any zipping software (other than WinZip) – for these days 99% of them come with the option of encryption. Say bye bye to attachment hiccups. Give it a shot yourself and see 🙂

Update: Google’s grown clever and now can see through this. However, if you use 7-Zip instead of WinZip you can still pull this trick off. Thanks to ces for providing this tip.

HomeCamera: Peace of mind away from home

HomeCamera LogoDo you always keep worrying about your beloved pet while at office? Has the thought of someone breaking into your home started affecting you work? Wouldn’t it be lovely if you had a way of keeping a constant vigilance on your home and be at peace of mind every time you are away?

Now, if you are willing to utilise the technological edge there are plenty of solutions which can help you out in this. And HomeCamera – which is a recent entrant in this field – happens to do just that. It’s a simple, easy-to-setup service that offers you complete remote monitoring facilities for free. No extra (and fancy) equipment required other than a normal webcam. In fact, with this aptly titled home camera based solution you can hook up as many webcams as you like and monitor every square-inch on your house. On the move and don’t have a net connection at hand? No problem with that either. You can share you camera feeds with any of your trusted buddies and let them take over the monitoring task for a while. HomeCamera offers an archive section, in case you ever need to go back and check on any of the earlier feeds. All of this is accessible from any corner of the world using a standard browser. Here’s a screen-shot of their web-interface.

HomeCamera Web Interface Screenshot

Registration with this service is free and requires only a couple of steps. You need to have a valid email address for this. Once registered you’ll have to download their client software, install and enter your registration details in it and you’re good to go. The client auto-detects all the webcams you’ve got attached to your computer and lists them for your convenience. You can assign names & descriptions to each -which show up in the web-interface next time you login. There’s a pretty slick & accurate motion detection feature that automatically turns on the recording whenever there’s some moving object in the camera’s focal cone. That way you don’t waste valuable disk space or bandwidth by sending out a continuous video stream. You can even specify the length (duration) of each footage that is to be sent out to the HomeCamera server. Cool thing is that the recording isn’t limited to videos – it’s also possible to send out snapshots (pictures). Here’s a screen-shot that shows the motion detection in action. I tilted my head just a little bit and you can see the detection frame zeroing in on that region.

HomeCamera Client Interface Screenshot

The motion detection feature also sends out alerts to your email address and mobile phone (if you choose to) along with a link which directly takes you to the video footage. The mobile messaging part is possibly the only feature which doesn’t come for free. When you sign-up first, you start with 25 mobile credits but you’ll have to purchase additional credits once you exhaust these.

Alternatively, you can disable motion detection and specify an interval (say 10 minutes) at which the footages are sent out on a regular basis. This is called time-lapse recording.

Another big plus point is that HomeCamera virtually works with any given webcam. It also works most CCTV and wi-fi cameras.

As of now, HomeCamera is in it’s open public BETA stage and if you sign-up as a beta tester you automatically qualify for a free lifetime subscription to the HomeCamera Lite service. Moreover, all beta testers are eligible for special subscription rates for various HomeCamera services in future.

I’ve tested out this service thoroughly and as of now they seem to deliver every bit of their promise. This is a far more viable alternative to all the expensive hardware based monitoring systems available in the market. I highly recommend signing up for a beta trial. You can always take a tour of their site/services before you decide on signing up.

As a footnote I’d like to add that while this is a sponsored post, the views expressed here are entirely unbiased and based on personal experience of this service. In fact I’d been explicitly instructed by HomeCamera to express fair and impartial views.

Zoogmo – A new concept in free & unlimited offsite backups

Zoogmo LogoPast couple of days I’ve been consistently churning out reviews on file and video hostin / sharing services and through the comments left on one such post, I came to know about this brand new concept in distributed offsite backup named Zoogmo.

Almost any given file hosting / sharing / backup service operate under the same principles, i.e. you upload the file(s) to their storage servers under your account name and then distribute it as you wish by granting selective access to your friends, family & co-workers. Zoogmo – which is primarily designed as a backup facilitator – follows a completely different approach. With Zoogmo, you decide who and where your backup server is going to be. It could be anyone from a friend, a relative to a colleague – as long as they have a computer and a decent internet link. More than one person is allowed to participate in this venture and become your backup partner.

How it works

Online BackupWhat both of you need is to register for free at the Zoogmo site and get hold of their backup client. Once installed and run, this software performs a quick scan of your most used & critical documents and adds them to the pending backup list. Files and folders may be manually added too once the client of done with the configuration part. You also need to allocate some free space on any of your drives (HDD, USB etc.) or partitions. This space is going to act as the backup zone for the partner(s) in your network. The last step is to setup a list of your backup partner(s). If you know their nicknames a simple search will suffice. And that’s it. From then on, Zoogmo takes care of the rest silently in the background.

The very first time, a backup may take a good while for completion as there’s a lot of data to transfer (though the Zoogmo client employs a high degree of compression prior to transmitting your data). From then on only incremental backups occur, transmitting only the changes you’ve made to your files. The amount of data you can backup is only limited by the amount of free space allocated by your partner(s) on their computers.

The backups are performed using the idle CPU cycles – so your actual work shouldn’t be hampered at all. If your executable during the backup process, Zoogmo simply waits for it to be restored and resumes from the pending point.

Security

Encryption & SafetyAll you data is encrypted using a combination of Tripple-DES and AES 256 routines – rendering them pretty much useless to the prying eye. In fact, none of your backup partners are able to differentiate between any of the files stored on their computer. The data transmission too occurs through a secure channel between you and your partner(s) thus guaranteeing a high degree of security at all stages.

Chances of Viral Infection

Since all files are encrypted prior to transmission, any kind of file that is prone to a viral infection is rendered useless. Even if your backup partner’s system is infected, logically the infection shouldn’t be able to spread to your files.

Zoogmo recommends that you maintain a list of at least 3 backup partners so that your data is effectively replicated in multiple locations thus providing you with a redundant fall-back mechanism in case one of your partner’s computer goes dead.

Here are a couple of videos that explain the whole process in a lucid manner. Or you can always drop by at their site and go through the FAQs.

While replication servers in themselves aren’t a new concept, the whole idea of a free and open backup network certainly is very innovative.

Am off to find some suitable backup partners. How about you?

Update (15.12.2009): Sadly, Zoogmo is closing down. They will go out of operation end of this year (Dec 31st). I got a mail from them to the effect a couple of days back…

Valued Zoogmo Customer,

We would like to thank you for your loyal support.
Since we launched our backup service in August 2006 we have enjoyed serving you but the time has come for us to close our doors.
We plan to shut down our servers on 31st December 2009 at which point your backed-up data will no longer be available. We suggest that you check out www.mozy.com for unlimited online backup for just US$5/month. If you have any queries about our shutdown, please email us at info@zoogmo.com.

Thank you once again for using Zoogmo,

The Zoogmo Management

Another great startup venture that ‘s going down the drain, most likely because of not enough profitability when compared to the extremely high bandwidth and disk space consumption that a service like this requires.