Information Security For Travelers - Drive Encryption Part 2

Now that I've identified my threats and vulnerabilities and encrypted my netbook hard drive, it's time to look at storage on my other devices.



Nokia Quad-Band "Dumb" Phone

I have my contacts and call history here.  Unfortunately, I am not aware of any encryption or strong access control available for a device like this.  I'll disable the SMS history but otherwise I'll leave it as is and accept the risk.

Android Tablet (aka TruckPuter v3)

I'm using an inexpensive Archos tablet as my car stereo.  There may be encryption options for Android 4 but I don't intend to use this device for anything but playing music.

It's a good idea to keep your security controls proportional to the sensitivity of the data at risk.  In that light, I'm not going to spend any time on logical security controls for the tablet.  I'll just keep it physically locked up when not in use.

If you're traveling to a place where your choice in audio books, podcasts or music could cause you trouble it would behoove you to find and employ a suitable option.

Portable USB Flash Drive


Sometimes a wi-fi network won't be available or my netbook won't be handy and I'll be using someone else's computer.  Perhaps the netbook has been stolen and I need access to a scanned jpeg of my passport.

I'll use a portable USB flash drive to hold copies of my sensitive data (passport, driver's license, vehicle registration, contact list).  It will also have a portable app suite but I'll get into that later.

Because of the sensitive data, I definitely want this device to be encrypted.  I could encrypt it myself with TrueCrypt but TrueCrypt requires administrative rights in Windows.  I can't guarantee I'll have admin privileges so I'm going to use an off-the-shelf IronKey USB stick that I have from a previous project.

The IronKey will work in any Windows machine with USB ports.  It has two partitions - an unencrypted one with a Windows executable with the IronKey utility and a second one that can only be accessed by entering a password into the aforementioned utility.  That password unlocks a key which decrypts the partition.

IronKeys aren't perfect but since I have one on hand it will do.

Password File

Typing a password into an untrusted machine is a risky activity.  There are all sorts of malware that can capture the keystrokes between your fingers and your web browser, evading most of the security controls employed by web applications.

One way to mitigate this risk is to store your passwords in a vault or protected file.  With the right software, the password vault can enter the password into a login form for you, thereby evading malware that monitors keystrokes.  It also has the advantage of not requiring you to memorize all your passwords.

I prefer to use KeePass 2.  It is available for Windows and Linux.

KeePass is a GUI front-end to an encrypted password file.  It is easy to install.  Filling it with usernames and passwords can be a bit tedious but the payoff is worth it.

I keep the "master" password file on my netbook.  If I add a new password, I put a copy of the password file on my IronKey drive as well as on a plain unencrypted SD card.

The file itself is strongly encrypted provided you use a good password, so it can be safely stored on an unencrypted drive.  I can use this copy if my IronKey is unavailable or it doesn't work in a particular internet cafe's computers.

This concludes my precautions for data protection in storage.  In the next posts, I'll talk about confidentiality of my personal data when it is in use and when it is in transit.

2 comments:

  1. Another option is to keep your important stuff in the cloud, but do it safely and free. Here is a good write-up on a couple options:

    http://thelostgeeks.blogspot.com/2012/02/datalocker-vs-boxcryptor-dropbox.html

    ReplyDelete
  2. I plan to add cloud-based file sync / backups to the mix so I'll have to check this out.

    ReplyDelete