Computer data is physically nothing more than ones and zeros; yet the information that those ones and zeros represent can prove to be vastly important. On a very personal level it could represent our life’s saving in a QFD (Intuit Quicken) file or it could be something a little more dramatic such as the design plans of a Blackhawk helicopter! Either way we wouldn’t want to let the information get out into the wrong hands. There are many ways to protect our data, certainly in the case of the Quicken data file, Intuit allows for password protecting the file. Microsoft Office files and Adobe PDFs both have their own password protection schemes. BUT is your data truly safe? In the case of the later two… It’s a fairly trivial task to crack the passwords. So what’s a person to do? Well you could always hide things in plain sight using any number of steganographic tools! BUT all you’re really doing is hiding your data in much the same way a pirates burying their booty! No… want we want (and many governmental agencies need… HELLO VA!) is whole disk encryption. There are many companies that provide encryption scheme for the boot partition… enter a password and boot your computer. This type of protection can get a bit expensive and problematic from an IT management perspective. In fact we really don’t need to encrypt the entire disk… in actuality… we only need to encrypt the partition that contains our data. And for that we don’t need to spend a lot of money! Enter Truecrypt.
Truecrypt is an open source, cross platform disk encryption tool. You can use it to create encrypted files. It will even do traditional boot disk encryption of a Windows partition! But as I mentioned earlier we’re looking to just encrypt a single partition that houses our important data. Truecrypt uses AES-256, Serpent, and Twofish encryption algorithms and it provides plausible deniability! During the Iran-Contra Hearings, Senator Sam Nunn (D-Georgia) provided a perfect definition for plausible deniability…
Everybody I’ve talked to in the intelligence community and around town . . . tells me that the definition of that term is that when you set up plausible deniability for someone . . . they know the facts in question, but they can deny the knowledge, and that the denial is believable.” (Schwartz, 1987)
WOW it doesn’t get any better than that! SO how do we use this tool! First you can download the application from http://www.truecrypt.org/downloads. Once downloaded the first thing I would do is make sure that I indeed downloaded the correct software by validating the PGP key provided by the developers! We’re talking about protecting your trusted data… Take the extra step!
Install the application… Double-click to launch the executable!
We want to encrypt a USB thumb drive with a hidden volume… The default window should look similar to this.
Click on Create Volume. You’ll be prompted through a bunch of questions. In our case select because we are encrypting an entire USB thumb drive we should be selecting…
Next select because we want plausible deniability select the second option… If it was good enough for Ollie North it’s good enough for me!
You’ll next be asked to select a disk to encrypt. You will be asked to provide the password of an administrator of the system you are working on. This is needed because Truecrypt will eventually be formatting out the disk and this requires administrative permissions.
Select the Encryption and HASH algorithms you prefer…
Select OK and Truecrypt will begin the process of encrypting your thumb drive. This could take some time… In the case of a 2GB thumb drive, this took about 15 minutes.
The one gotcha is that you will need to populate the outer volumes with files that look important NOW! We do this so that if you are forced to compromise the password… when “they” unlock the drive and it will look as if they got what they want. So make those files look good without giving away the farm!
After the process has finished, you will be prompted to create the hidden volume.
Creating the hidden volume is very much similar to the outer volume! You’ll be prompted again to select which encryption and hash algorithms you prefer to use on your hidden partition. Next you’ll be asked how much space to allocate to your hidden partition… In my case I chose to allocate 3/4 of the space in half!
You’ll be asked to select a file system for the hidden volume. In my case I chose FAT as this gaves me the most options with regard to the OSs I can use the thumb drive with!
When the process is finally completed you’ll be presented with the following disclaimer…
Congratulations… You’ve just created you encrypted plausibly deniable USB thumb drive!
Resources:
Schwartz, J., (1987, July 22), PLAUSIBLE DENIABILITY Series: The Iran-Contra Hearings: The Tenth Week of Testimony, The Washington Post
Comments
Leave a comment Trackback