- "Therefore do not worry about tomorrow, for tomorrow will worry about itself. Each day has enough trouble of its own" - Matt. 6:34
-
Recent Comments
Chee Meng on A Year Since- Kuan Hing on A Year Since
- Chee Meng on A Wealth of Networks
- Hikaru on A Wealth of Networks
- Kuan Hing on I’ll just give up!
Locking USB Drives
In this day and age USB flash drives (or thumb drives as they more commonly called) are the new floppies. What I find amusing is, people are very surprised to find out that I carry a handful of USB drives around. They has just gotten so cheap that everybody has one. Ah! Back to the floppy part of the story, floppies were the main vector in malware infections particularly worms and Trojans in the old days and now they have jumped over to USB drives. I must say, the IT infrastructure in educational institutions are a malware haven, especially here in M’sia. The last time plugged a drive into a university computer, I found myself a copy of the Conficker worm variant A. I think, if I were to go poking in flash drives in a couple more comps I could have collected the whole family of the Conficker worm variant. Not just the university computers I’m afraid, student’s computers too. sigh Where is the basic computer security education?
So why do I care about this? I run 3 different types of systems; Mac, Linux and Windows. Mac and Linux are virtually unaffected by these viruses. My Windows box is always patched up-to-date and pretty much locked down and I use a Mac for most of my work now, Windows’ viruses doesn’t concern me. Not directly though, (despite all the zombies machines on the web) there are still real humans using Windows, unfortunately. Well this article is to help you guys, how to secure your thumb drive, a method that I’ve personally used and found quite effective.
Disclaimer: this is sort of a hack, meaning the it wasn’t designed originally for this purpose so, it may work now but may or may not work in the future. [Why?]
Ah my roommate, Chris also has written up a blog post of his on this after I taught him how to do this, faster than I could write this article up, one of the many things that I’ve been procrastinating to complete since ages ago. I’ll point out that, I’m not much of a linguist myself, my explaination here may too technical for you. I’m pointing you over to the less technical guide, on Chris’s blog.
Overview
To Get Started:
A few things that you’ll need A USB flash drive (of course) TrueCrypt – an open source encryption tool [see note 2]
Okay the simple idea this hack is all about is to create a truecrypt file container as large as possible and then we’ll fill up the entire drive with data such that the drive is 100% used not a single byte of free space left. Assuming the non data destructive nature of most modern worms and Trojans (They rather stay hidden than make themselves discovered quickly, or rather you wont know that it’s there until your computer is crawling slower than a turtle). Zero free space means there will be no room to add any data to the drive, so you cannot copy some data on to the drive, can you?
Getting Started:
Step 1: Obviously, insert your Flash Drive in USB port
Step 2: Launch Truecrypt. Run the Traveler Disk Setup via the Tools Menu
Step 3: Move along the setup process, with the options ‘Create an encrypted container’ and ‘Standard TrueCrypt volume’. The Volume should be created at the root of your USB drive.
eg. H:\volume [drive letter]:[filename]
It doesn’t matter what you name the file and its extension to be. But just my recommendation to avoid *.exe and other executable extensions because an antivirus software may interfere and cause performance issues.
Step 4: Next. Defaults for Encryption options should suffice for the novice users. AES when used properly in conjunction with a good encryption key (password) is robust against the toughest brute force attacks. So later, pick a good password.
Step 5: You reach a point where it asks you for the amount of space to allocate for the TrueCrypt volume. You should set it to approximately take advantage of all of the remainder free space left on the drive. Eg. if your USB drive in question have 3.8GB of free space you can set it as 3700MB.
Note: the input fields cannot accept decimals, therefore you’ll have to use the lower size limit selector (MB) [note 3] I’ll discuss filling up the extra space in the next few steps.
Usually when setting the volume size, you will not be able to nail the all of the free space for use. I recommend to not set it up too tightly. Once its set the size of the container cannot be modified. If you wish to change the size you’ll have to delete the volume and start creating all over again. There are circumstances where you may need the extra free space outside of the container. eg. You may want to update [note 4] the TrueCrypt program on the drive when a new version comes out.
As for Volume Formating, the defaults should do fine, leave the dynamic check box unchecked and file system as FAT [note 5]. It will take a while to do a full format on the drive.
Step 6: The trick here is nailing all the free space on drive. Create a dummy file which occupies the all of the free space. To do that you need to do something on command line. Launch Command Prompt in windows by pressing Windows + R on the keyboard, Type in ‘cmd’ without the quotes. Click OK/Hit the Enter key. [Alternate method [note 6]: It can also be accessed by the ‘Start menu,’ through ‘Accessories,’ ‘Command Prompt’]
The key command is ‘fsutil file createnew [filename] [lenght]‘. Size in bytes may be determined by checking the drive’s properties [right click] on drive at ‘My Computer’. Type the appropriate corresponding values for your drive.
Step 7: [A Counter Checking Step] Remove your drive from the USB port and reinsert it in. Check the free space again just to be sure. Sometimes there are some more free space left. Repeat Step 6 if necessary.
Using the Drive
You access the drive via TrueCrypt, on a computer where its is install you can launch TrueCrypt directly. Or on computers without TrueCrypt, simply access it from the TrueCrypt folder on your USB drive.
In TrueCrypt simply select a drive letter to mount the volume as.
eg. I prefer to select last drive letter Z:\ and mount my Volume there.
Click the ‘Select File…’ button to specify the file you wish to mount (volume which you have created previously on the drive). And click ‘Mount’. Enter your password and voila!
Additional Notes:
1 Why? This method takes advantage of the fact that today’s viruses, worms and Trojans do not delete files. If a volume is already full and you do not delete files it’s impossible to copy anything onto the volume. Hence preventing worms and viruses from jumping on to your drive. As long as worms and viruses stay ‘dumb’ not being smart enough to delete off some files in order to fit itself into the drive, this method described in the article works. There is a alternate method that will always work, that is full partition encryption but it lacks the portability. Nothing on the device partition can be read at all. Which means you need have access to TrueCrypt through other means. eg. TrueCrypt on an extra flash drive or having it preinstalled on the computer that you intend to use the encrypted drive.
2 TrueCrypt is great piece of open source software and it has many more useful functions other than mentioned here. Do go through the documentations in TrueCrypt’s help section if you do want to know more about TrueCrypt.
3 The actual conversions for the sizes between every 103 of units is 210 or 1024 (eg. 1GB equals 1,024MB, 1,048,576kB). If you want precision in size convert them to kB. But MB should be good enough.
4 Updating TrueCrypt on the disk: Assuming you have read the whole article, simply remove the dummy block and delete the old TrueCrypt folder on drive. Run the TrueCrypt Traveler disk creation in the updated version of Truecrypt to create the new Truecrypt files and folder. Then recreate the dummy block.
5 If you intend to put files larger than 4GB on your drive, format it as NTFS. (Do it both in TrueCrypt and Windows) This also applies if you drive is larger than 4GB and you intend to create a TrueCrypt volume container which occupies most of its space (that is >4GB)
6 Administrator privileges are required. If somehow you are denied access, logon as an user with administrative privileges or in Windows Vista [right click] and look for ‘Run as Administrator’
Possibly related posts: (automatically generated)