Protect data on USB Flash Drive/stick

Discussion in 'other security issues & news' started by daTerminehtor, Jun 23, 2006.

Thread Status:
Not open for further replies.
  1. daTerminehtor

    daTerminehtor Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    9
    Location:
    Great White North
    I'm looking for pw protection rather than encryption. Encryption would require a virtual drive, and I don't want to use up the remaining space on the drive for this.

    Of course this won't be 'fool-proof' but it will certainly be a deterrent.

    Protect the folders?
    Enter a login to access the drive?

    Ideas?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  3. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Or how about write-protection. Does your usb flash drive have this security feature?
    http://www.flashdrive.com.au/
    When compared to a floppy drive, most USB flash drives do not employ a write-protect mechanism. Such a switch on the housing of the drive itself would keep the host computer from writing or modifying data on the drive. A write-protect switch would make the devices suitable for repairing virus contaminated host computers without infecting the USB flash drive itself.
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Well, truecrypt allows you to make a "traveler" version of its encryption. Your files won't take up any more space with or without encryption, you only need to worry about 3 MBs of space being taken up by the drivers and the exe. Then just copy all of the files off the usb onto your pc. Then delete all the files on your usb. Then create a truecrypt volume whose size should be about 5 MB less than the size of your usb drive. Then, mount the volume, then copy all of your files onto it. Then your entire drive is encrypted, and safe from unwanted users. One word of warning, truecrypt can only be run in traveler mode in administrative accounts since it has to install a driver.

    If you don't want to encrypt the entire driver, just find a portable encrytion program that encrypts single files such as Blowfish Advanced CS which is very good.

    Cheers,

    Alphalutra1
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Just went thru this myself as my 2 gb flash drive was just about to full for the use I have. Went pricing 4 gb fash drives, and discovered the Lacie mobile drives.

    A 1 inch by 3 inch by 5in drive 40g USB powered was half the price of the 4g flash drives. Neat thing is it wasn't password protected but it is finger print protected. Works great.

    If the size isn't an issue you might take a look.

    Pete
     
  6. daTerminehtor

    daTerminehtor Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    9
    Location:
    Great White North
    Thanks for some leads.
    I already own my drive (apologies if I didn't make that clear).
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Unfortunately, it is not portable since it has to be installed so it wouldn't work very well on a usb drive if the target computer doesn't have it installed (like a library, school, etc.). However, there is a portable beta version that he could try.

    Alphalutra1
     
  9. daTerminehtor

    daTerminehtor Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    9
    Location:
    Great White North
    Read up on it and, technically still in 'alpha' phase, not sure I want to use an alpha to encrypt. :D

    Does look very promising though, thanks.

    Also trying to avoid those apps that require a driver to be installed. Not very portable in that sense. Perhaps this is just not possible yet.
     
    Last edited: Jun 23, 2006
  10. CyGho

    CyGho Registered Member

    Joined:
    Sep 11, 2004
    Posts:
    35
    Location:
    The Netherlands
    I use dsCrypt on my USB stick. Works very well for me.
    I know, it's encryption but it doesn't require a virtual drive. Just encryption with drag&drop.
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    You make an exectuable encryption with axcrypt. Encrypt files and make them an exe. That way, you'll be able to open the encrypted material anywhere, provided it can run an exe file.
    Right-click on the target file (on a PC with axcrypt installed), then:
    AxCrypt > Encrypt to .EXE
    Mrk
     
  12. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    AxCrypt, Advanced Blowfish, all of these single-file encryption apps are nice and serve their purpose. But not for flash drives. At least not if it's sensitive information. You will want to stick with container/volume encryption like TrueCrypt. The problem is that with USB Flash Drives, securely erasing a single file is almost impossible. The reason is that flash technology utilizes a technology to prolong the life of flash drives called, "wear levelling." (Or wear leveling with one "l" depending on where you live.)

    Flash Drives have a life cycle of approximately one million read/writes at the maximum. To attempt to prolong the drives to reach this maximum, the wear levelling distributes data across the file system. To try to make this somewhat understandable in lay terms, unlike a regular hard drive, when you write a file, it is not in (example) blocks 123456....it may be in 135689.

    So, when using a program like AxCrypt, you decrypt onto the flash drive and then after viewing, you keep the encrypted file -- but must do something with the decrypted file if you don't want it to remain in the clear. Most people would do what? Erase the file using Eraser, etc. But the problem with flash drives is wear levelling. Eraser doesn't know exactly which blocks are being used by that file. When "erasing" that file, it merely deletes it for all practical purposes. It is elementary to put back together.

    So secure erasure of flash drives is extremely tricky and almost impossible on a flash drive when trying to erase single files. The obvious way around this is to delete or erase the file the best you can and then do a free space wipe - which can still be done securely as you are starting at "A" and ending at "Z" (so to speak) and the drive can be securely wiped. The problem, however, is that bugaboo of the read/write cycle. Erasing free space on a flash drive will severely shorten the life of your flash drive.

    The solution with encryption and flash drives is volume encryption. Truecrypt will open the volume as its own drive letter with OTF crypto. You close the volume when you are done and there are no decrypted files left to deal with, as you would with Axcrypt, dsCrypt, etc.

    If you're dealing with sensitive information - understanding of wear levelling and flash drives is crucial.

    ----securityx----
     
  13. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    Came here to Wilders today to find information on this very subject. I had heard usb drive and erasure could be problem. Now I know why. Thank you.
     
  14. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    You're most welcome. Careful is the watchword.
     
Loading...
Thread Status:
Not open for further replies.