Give the Gift of Security and Privacy on a USB Drive

by Ming Chow

USB drives are popular Christmas gifts. They are portable, relatively inexpensive, and extremely useful to store electronic files. My graduation gift from the Tufts Computer Science department in 2004: a 32 MB USB drive. My gift for a security presentation last year: a 128 MB USB drive. Now, you can get a 1 GB USB drive for roughly $20.

The prevalence of electronic data and portable devices, including USB drives and laptops, have spawned a huge data security problem. Devices are easily lost or stolen, and the data is unencrypted. I'm sure we all remember the story of the missing laptops at the Department of Veterans Affairs (VA) earlier this year with thousands of personal records. Or the news of US Army USB drives being sold on the streets of Afghanistan. It is hard to read the news these days without seeing a story on a data security breach somewhere.

Some USB drives will come with data encryption software while many will not. Do yourself or someone else a favor and encrypt the data on the device. TrueCrypt will accomplish this, and it is not difficult. Todd Ogasawara mentioned this last week on his list of open source software for Microsoft Windows. Here are the steps to create an encrypted data volume on your USB drive on Windows:


  1. Backup any existing data on the USB stick onto your hard drive.

  2. Erase the USB drive.

  3. Download and install TrueCrypt (will install to C:\Program Files\TrueCrypt by default).

  4. Copy the TrueCrypt program (C:\Program Files\TrueCrypt\TrueCrypt.exe) onto your USB drive. It is a small program (only 603 K as of this writing). The reason for this is that if you use the USB stick on another computer, it will likely not have TrueCrypt installed, but you can open your encrypted data volume using the TrueCrypt program that is on your USB stick.

  5. Open the TrueCrypt Format program (C:\Program Files\TrueCrypt\TrueCrypt Format.exe) and choose "Create a standard TrueCrypt volume"

  6. Enter the location and file name of the encrypted volume. Say that your USB drive is "E:" and you want to call your encrypted volume "Things", then enter "E:\Things.tc" (where .tc is the file extension of a TrueCrypt volume).

  7. Choose your encryption algorithm (AES is fine).

  8. Enter the size of your encrypted volume. The screen will display the amount of free space that you have on your device. Make the size of your encrypted volume less than the total available to allow for wiggle-room for some purpose (e.g. emergency, configuration file). Say that it shows that I have 118.70 MB free on my USB drive, a 100 MB encrypted volume would be fine.

  9. Create a password for the encrypted volume.

  10. Move your mouse cursor around the screen for a few seconds to randomize the pool. Then format the encrypted volume, and exit the TrueCrypt format program.

  11. Your USB drive should now have two files: the TrueCrypt program and the encrypted volume file (in this case, Things.tc). You can double-click on the file Things.tc. The TrueCrypt executable (that is installed on your computer, not the one on your USB drive) will open, and notice that the Things.tc is ready to be mounted.

  12. Now double-click on a drive letter, any drive letter listed. These are all the unused drive letters available on your computer. Let's choose "Z".

  13. Enter the password for the encrypted volume.

  14. On successful entry of your password, your encrypted volume will be mounted, and it will show as your "Z:" drive under your list of hard drives.

  15. Move any files that you want to be encrypted onto your "Z" drive.

  16. Remember, you need to dismount the encrypted volume before you eject your USB drive. To do this, go into the TrueCrypt program (or double-click on the TrueCrypt icon on the lower-right corner of the screen next to the clock), and click "Dismount"



So now you have created an encrypted volume. But what about privacy on surfing the Internet? Look at the mess that occurred when AOL released the search data for over 500,000 users --yes, the searches can be traced back to the user. One piece of software that will allow you to surf the Internet anonymously is Torpark (again, open source). It is a portable version of the Firefox browser with Tor. Download Torpark and install onto your encrypted volume. Run the Torpark program (e.g. Z:\Torpark 1.5.0.7\Torpark.exe). The Tor connections will be established and a customized version of Firefox will load. Torpark is currently available only for Windows.

There are businesses that sell encrypted/privacy USB devices, or "computers on a stick." Now, you can build one on your own. Remember, this is not a foolproof solution to the data security or privacy problems. For general computer users, this is a good start and good practice. One can still (attempt to) crack the password to your secured volume. But isn't having the data encrypted using some universal method better than absolutely no encryption at all? You are still not completely anonymous on the web using Tor (e.g. you reveal your identity on forms). But it does protect the transport of data from one computer to another pretty well, and that is important.

4 Comments

johan
2006-11-28 09:56:16
TrueCrypt seems like a nice tool, too bad it does not work on OS X and the BSDs. I am mostly using OS X and FreeBSD, I guess the best solution if you want be able to move between Windows, Linux, OS X and the BSDs is using OpenSSL or PGP (GPG).
Mason
2006-11-28 13:34:46
I have been doing the same thing with my iPod Shuffle and an encrypted disk image (created with Apple's Disk Utility) for about 6 months now, and it works great. I also use iPod Launcher to both backup (via applescript) and launch the disk image when the Shuffle mounts.
Sean
2007-10-04 14:32:41
I have been playing with this "truecrypt" program for a couple of days now and I can't get it to work. I have done everything you mentioned in your "how to" but when I try and take my jump drive to another computer, click on my "file.tc" I get an error:


TrueCrypt driver not found!!!


Please copy files 'truecrypt.sys' and 'truecrypt-x64.sys' to the same directory where the application is located.


I have done that and still no luck. It really would be nice to have accurate information on how to set things up. Each thing I read about setting up truecrypt is a bit different from the one before and each time I can't seem to get it right. Are these things really so complicated that there can't be a "standard" this is how you do it and IT WILL WORK!!!

Father McDonnald
2008-03-05 13:29:23
Are these things really so complicated that there can't be a "standard" this is how you do it and IT WILL WORK!!!


WHOOOWEE!! A LITTLE "TESTY" NOW AREN'T WE BE GETTIN NOW LAD...YOU HAVE TO CALM DOWN NOW JUST A WEE.