IT Security Lab The Playground for IT Security Specialists and Pentesters

22Jul/100

Secure Data Transfer Over USB Drive

Prelude

All right kids, how many of you have lost your USB drives with some sensitive data on it? Rise your hands. You feel the pain, don't you? Once you realized what happened and after the first "oh my God" you was sitting trembling and desperately thinking:

  • What exactly was on that damned pendrive?
  • Considering the point above: what is the potential impact of this loss?
  • Trying to imagine who is touching some parts your private life right now...

Perfect nightmare scenario, isn't it. And try to picture the situation when you are working in a certain organization (with-the-name-never-be-mentioned) where you must from time to time to hold on pendrive very private and very sensitive data, which (this is really bad) does not even belongs to you. And you may be sure: if this tiny thingy will occasionally be lost - you are literally (and very practically) toast. The question is: how to prevent such situation? Considering you are not CIA, NSA or any weird .gov, etc. this is what you can do:

  1. Do not use USB pendrives at all. I don't think it is possible in long-term perspective. Not this year yet, oh no...
  2. Buy an additionally strengthened pendrive: magnesium alloy body, high-quality on-board encryption, biometric reader, etc. In this case either you or your company have to spend additional couple of quids which would not make happy you, your boss and especially your company's accontant. So think twice.
  3. Use some of the closed-sourcecode tools you may find in Internet to create encrypted container on your pendrive. Well, this may be interesting option indeed, but ask yourself: do you really trust the vendor of this software? What do you know about their encryption techniques? How safe your data really is? Are there any backdoors? Is it a good value for money?
  4. Use some free and opensource tool you may find in Internet like well-known TrueCrypt. It is continuously tested by the community of some picky computer geeks, so you have some guarantee that it is safe. You'd rather not be expecting any backdoors intentionally placed there, for sure. Happy days?

Well, this solution, in my opinion, has some annoyances and complications.

  • You should manually mount encrypted container and dismount manually each time you want to use it.
  • You should manually dismount (eject) the pendrive after you dismounted the encrypted container and before pulling out the pendrive from the USB port, otherwise your precious data may be corrupted.

Let's face it: if you want quickly and efficiently (and often) transfer any data between several computers using such approach - of course this is doable, but... it will be classic "pain in the [...]". Hmm... So how the ideal scenario may looks like?

Light at the end of the tunnel

Scenario:

COMPUTER 1:

  1. I insert the pendrive into a USB port. And wait. After couple of seconds I have additional (fixed) drive letter appeared in my computer (e.g.: letter X:) , giving me access to the content of the encrypted container.
  2. I am copying my very secret data from the Computer 1 to the encrypted container .
  3. I press some magical "eject" button and a) the encrypted container is dismounted, then b) the USB device is automatically "ejected". Now it can be safely pulled out from the USB port.

...Now I go to the Computer 2...

COMPUTER 2:

  1. I insert the pendrive into USB port. And wait. After couple of seconds I have the same (fixed) drive letter appeared in my computer (X: drive again), giving me access to the content of the encrypted container.
  2. I am copying my very secret data from the encrypted container to the Computer 2.
  3. I press some magical "eject" button and the encrypted container is dismounted again, then the USB device is automatically "ejected". Now it can be safely pulled out from the USB port.

Keep in mind: we should meet one important requirement: never keep the key for the encrypted container on the pendrive, so if it's lost - your data are safe. And here comes the small magical application which does all of this!

Secured USB

Binaries: Secured USB
Status: Freeware.
Prerequisites: Latest TrueCrypt installed.
Installation: Just unzip the files to the target location.

So how this thing works.

1. Use the TrueCrypt and create encrypted container of any size you want directly on your pendrive. Read the TrueCrypt's manual if you don't know how to do it. After you have it done -unmount it and remove the pendrive from USB port.

2. Unpack the content of the ZIP file to any target folder on your Computer 1 (you repeat configuration steps on Computer 2 later). Double click the file "TrueCryptAutoMount.exe" and run it. See the new icon in your system tray. Right-click it and select "Settings" from the menu.

3. Configure the settings on the next screen. Positions are self-explanatory (I hope). Provide the name and path to your encrypted container (file) and the password.

Alternatively you may manually edit the file "TrueCryptAutoMount.ini" (do not touch "truecrypt_key" section, as the password will be stored here in encrypted form when you enter it on "Settings" screen).

[settings]

;-------------------------------------------------------------full path to the TrueCrypt.exe
truecrypt_exe_path=C:\Program Files\TrueCrypt\TrueCrypt.exe

;-------------------------------------------------------------filename or relative path of the encrypted container on a pendrive (WITHOUT a drive letter), example: encrypted_data\secured.dat
truecrypt_mobile_container_filename=secured.dat

;-------------------------------------------------------------target drive letter for the encrypted container to be mounted (without ":")
target_drive_letter=t

;-------------------------------------------------------------key needed to access encrypted container
truecrypt_key=h5xfTf36zdxV6NRrIfzA62fbYH8Pmy6z6D5suFaTW7+9efSjpnE04JIfE6/zwFJHieHesIwbfKIEGaCHP/j7xgMRmb/NdjTRpOc=

;-------------------------------------------------------------auto run windows explorer for the mounted Truecrypt drive (yes/no)
auto_run_explorer=no

4. Now insert the pendrive into USB port. If everything is configured correctly you will see the following icon blinking in the bottom-left area of your screen:

...and then...

When the icon disappeared - it means the TrueCrypt secured container is successfully mounted so you may copy everything you need to the drive T:.

5. Once you finished your work with the secured container - double-click the program's icon in the system tray and... do nothing :)

(well, wait couple of seconds when the TrueCrypt container will be unmounted and the pendrive will be automatically "ejected").

6. Now you can safely remove your pendrive from USB port.

Once everything is set up the same way on Computer 1 and Computer 2 (and Computer 3, Computer 4, etc.) you may easily transfer your files and after some time you can find this tool very very handy.

More good news: program may be executed without Admin privileges and still works. Program also correctly handles multiple pendrives used.

Additional credits: This program utilizes 3-rd pary module for fast USB drive ejection called USB Ejector http://quick.mixnmojo.com/usb-disk-ejector. IMHO this little tool is very good by itself, so highly recommended. USB Ejector is open-source, but I did not want unnecessarily duplicate the code and copy the functionality "one-to-one" to my application (ok, I am also too lazy). So my Secured USB has USB Ejector kind of embedded and calls it when needed. The USB Ejector can also be directly executed from the Secured USB menu:

Well, any feedback and impressions would be highly appreciated... :)

Tagged as: , , , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


CAPTCHA Image
*

No trackbacks yet.

« Password Hashes Without FGDump Playing With Cache Plan in MS SQL »

Recent Posts

Popular

Archives

Categories

Affiliated websites

Contact