Schneier on Security
A blog covering security and security technology.
« Privatizing Registered Traveler |
| The NSA on How to Redact »
February 1, 2006
Risks of Losing Portable Devices
Last July I blogged about the risks of storing ever-larger amounts of data in ever-smaller devices.
Last week I wrote my tenth Wired.com column on the topic:
The point is that it's now amazingly easy to lose an enormous amount of information. Twenty years ago, someone could break into my office and copy every customer file, every piece of correspondence, everything about my professional life. Today, all he has to do is steal my computer. Or my portable backup drive. Or my small stack of DVD backups. Furthermore, he could sneak into my office and copy all this data, and I'd never know it.
This problem isn't going away anytime soon.
There are two solutions that make sense. The first is to protect the data. Hard-disk encryption programs like PGP Disk allow you to encrypt individual files, folders or entire disk partitions. Several manufacturers market USB thumb drives with built-in encryption. Some PDA manufacturers are starting to add password protection -- not as good as encryption, but at least it's something -- to their devices, and there are some aftermarket PDA encryption programs.
The second solution is to remotely delete the data if the device is lost. This is still a new idea, but I believe it will gain traction in the corporate market. If you give an employee a BlackBerry for business use, you want to be able to wipe the device's memory if he loses it. And since the device is online all the time, it's a pretty easy feature to add.
But until these two solutions become ubiquitous, the best option is to pay attention and erase data. Delete old e-mails from your BlackBerry, SMSs from your cell phone and old data from your address books -- regularly. Find that call log and purge it once in a while. Don't store everything on your laptop, only the files you might actually need.
EDITED TO ADD (2/2): A Dutch army officer lost a memory stick with details of an Afgan mission.
Posted on February 1, 2006 at 10:32 AM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I don't buy the remote deleting option. It might work for loss but for intentional theft the thief will just ensure the device doesn't have access to the network, wireless or otherwise; not a difficult thing to do and the data is still accessible.
On the other hand, something I've considered for my encrypted laptop is to clear the encryption key from memory (or take other meaningful action) if the laptop comes out of hibernation and doesn't find a wireless access point from some preconfigured list. Same idea but default off (unaccessible) rather than default on (accessible).
problem might be:
if you can delete your harddrive remotely, in case someone else steals it, there is quite as well the possibilty that *someone * else deletes *your* drive, while you have it.
Of course, you'll have that access point secured, but if there was absolute security, there'd be no need for this blog. I'd think twice about going on a business trip with all my data on a device which has a remote-delete function already built-in.
I don't need bulletproof security, so I may be whistling Dixie out my butt. Let me run this past everyone here. If I have to carry sensitive data with me, what if I carry the data encrypted, but split it in half onto two different thumbdrives? Sort of like a striped drive. If I forget one of the thumbdrives somewhere, then both thumbdrives are worthless. It's something like a safe deposit box that requires two keys.
Depending on what exactly you mean by "split it in half". To do it right, what you need to do is fill one thumbdrive with random data, and the other with the XOR of the secret data and the random data from the other drive. That way, either is useless without the other.
Filling a thumbdrive with cryptographically secure random data is left as a (non-trivial) exercise to the reader.
While this might work in some situations, the fact is that you're still carrying both drives with you and they both have to be present when you wish to access the data. If you're going to forget one drive, what's to stop you from forgetting two?
This also has convenience issues, because both drives must be present (demanding at least two free USB drives) and, somehow, their content must be combined in some way. Unless the encryption program natively supported splitting up the encrypted data across drives/locations, recombining the files from both drives every time you wish to access something might prove obnoxious. Ultimately, ff this feature were not left up to the user to perform manually, it would stand a much greater chance of being successful.
Does anyone have any feedback for products like OTFE? (url http://www.freeotfe.org/ ) -- I'm not a cryptographer, just interested in tools and any reviews that you guys may have.
"and since the device is online all the time..."
no sir. the moment i lift your pda, it goes into my louis vuitton faraday satchel, for me to extract its secrets later, offline.
"The second solution is to remotely delete the data if the device is lost."
Or delete the data after n failed attempts to access it. One of the cool things about remote devices is that they are regularly 'synced', so wiping the data after five or six failed login attempts is not as extreme as it might normally seem. Remote-control is weaker since it's subject to connectivity issues, as others have pointed out above.
Incidentally, one thing I continuously find with the isolated encryption solutions (converters, partitions, etc. as opposed to whole-disk) is that people often forget to secure-erase the original docs after they have moved them to the secure format. The non-secure/slack space used by the system doing the encryption is often a treasure-trove on its own, obviating any need to break the encryption itself to get what you need...
>>Or delete the data after n failed attempts to access it.
The blackberry deletes if 5 failed attempts to logon are made.
For laptops, perhaps a tripwire would be useful, where the user must input an unprompted key sequence within so many seconds of start up, or else sensitive files are quietly overwritten.
On the subject of disk encryption; maybe Bruce could qualify for some of that DHS open source review money and do an analysis of some open source disk encryption systems. FreeBSD's GBDE and GELI come to mind. I can hope, can't I :-)
On my GNU/Linux laptop I use encFS, a pseudo file system running under FUSE. It is convenient enough while giving me a lot of peace of mind: a directory tree is used to store the encrypted data as files (I don't have to set aside an entire partition) and by mounting this tree (with a password that's distinct from the login password) I get access to the plaintext files. I can backup the encrypted file tree with normal copy or backup tools without revealing the plaintext versions. And an inactivity timeout on encFS can unmount the plaintext filesystem to reduce the chance that an intruder gets to the plaintext data while I'm off to get more coffee.
Yes, number of files and directories, modification dates, file sizes, and approximate lengths of names can be gleaned from examining the encrypted file tree, but none of those things are of concern to me.
Can anyone recommend a good USB drive with thumbprint encryption?
I tried the lexar, but it only lets you encrypt individual files - you can't keep the whole drive locked down with the thumbprint for access.
Has anyone tried the new Pretec 4GB thumbprint drives?
Howdy! Thanks for sharing this info...this is my first visit and you caught my attention right away!
In schools, I've been worried about how easy it is to do what you describe--theft of laptops, usb drives, whatever and losing potential data.
To help out, I wrote this article on the subject of protecting privacy. It's entitled "Free Tools to Ease Data Loss/Theft Concerns." It cites software for Windows, Mac, and Linux that you can use. No subscription or payment required to read it...here's the web site:
And you can leave comments via the blog at http://www.mguhlin.net/blog
it seems there's two issues- protecting the data and restoring it in the event of a loss. clearly HD encryption and remote wipe capability are not the entire solution, you need to have solid backup procedures in place as well. i'm not advocating having the data ONLY exist on your laptop- you should do incrementals as often as necessary dependent on the value of the data you're protecting. you should probably also do a periodic full backup in another location on another medium if you're really paranoid about losing stuff.
i think he was speaking more for the scenario that he only ever uses his laptop online and therefore, the encryption process he ideally wants should have to retrieve a token from somewhere else to ensure that the laptop has a connection in order to be used. in this scenario, he has the ability to issue a remote wipe as soon as it's stolen and can rest assured that the contents cannot be accessed until it has a connection again (ie. it must have the ability to check to ensure that a wipe directive has not been issued before it can ever be accessed).
I know the people at Absolute.com (with whom i have no connection other than I wrote the article above and their technology won) have been working with the OEMs to get their lojack technology embedded in the Bios. currently it resides on the HD and therefore can be subverted by swapping out the HD. When it's at the bios level, at that point you'd have to do some soldering on the motherboard to kill it.
It could still be subverted by swapping out the HD. Simply put the device's HD into a computer that doesn't have a self-destructing BIOS... and boot off a LiveCD, in case the self-destruct code is on the HD as well.
I've moved to backing up most stuff on an iPod and a networked file share (using Apple's Backup 3). It's a solid configuration and pretty fast after the initial backup; but, nothing's encrypted.
Anyone find any decent backup application that also encrypts? I don't want to install kernel extensions or write a shell script for this; I've got real work to do.
@otfe evaluator: See http://en.wikipedia.org/wiki/... for a starting point. I've looked at many of those tools and like TrueCrypt the most.
@jammit: if you use TrueCrypt, then you have a solid security program and your second drive could contain a key to decrypt the first drive
I am a big fan of TrueCrypt (mentioned by Sean above). The security seems very solid and it is a breeze to use. It allows you to create a virtual encrypted disk within a file, and then mount it as a real disk. TrueCrypt can also encrypt an entire partition or storage device/medium (e.g., USB thumb drive).
I wrote a SLAX module for TrueCrypt, which allows you to access your encrypted data with nearly zero risk of any sensitive data being cached/written to an unencrypted hard drive. Boot up in SLAX (Linux Live CD), then access any CDs, DVDs, or USB drives without touching the computer’s hard drive. (See http://tinyurl.com/8u2vk for the SLAX module)
I'll throw in another vote for TrueCrypt. Very nice program. Easy to set up a hidden partition on a removable drive. Lose the drive and no one can even see the hidden partition, so they can't even begin to decrypt it.
"Remote delete" is new? Go rent the movie "Blue Thunder" (http://imdb.com/title/tt0085255/). It's a 1983 movie, and it has that concept (and, no, it didn't work there either).
The one issue I have with remote delete is that it is easily circumvented. Had I stolen a cell phone specifically to get at the information, the first thing would be to bring it to my byasement, where no cell phones have reception, and where I could copy and analyse the data as long as I wanted to. Similarly, snapping off the antenna of a remote-killable laptop would work, I assume.
On the Dutch news two cases broke recently:
Both of the cases revolve around Dept. of Defense USB sticks left in rental vehicles.
Both contained sensitive data.
There is something I don't understand about truecrypt's steganographic feature. This feature ostensibly allows you to plausibly deny the existance of a hidden truecrypt drive inside another truecrypt drive because the encrypted data are completely random. Isn't this proof that the truecrypt drive exists? My unencrypted drive is not full of completely random data; even after the OS writes and rewrites the disk, remnants of the original (non-random) data should still be there. What am I missing?
The problem with adding any sort of remote delete or any sort of delete-on-fail scheme to a device with persistant storage would be power. If I want to get the secret data off of someone's laptop I just stole, the first thing I do is separate the battery from the hard drive. Unless you get a hard drive with a hidden backup battery built in, how can it wipe itself, via remote control or otherwise?
You're missing the fact that the hidden drive is occupying the free space inside an already encrypted drive, which is usually filled with random data anyway (see http://www.truecrypt.org/hiddenvolume.php). If the encrypted data is truely indistinguishable from random data, then you can't find it (or at least you can't prove you found it) unless you know the key.
Unfortunately Truecrypt requires administrator access on Windows.
Actually BlackBerry does support a remote kill operation (all user data is deleted).
Also data is deleted after 10 failed password attempts.
Cheburashka: I used PGP Disk to create an encrypted segment on a Lexar drive. It uses most of the space on the Lexar, leaving only a small percentage for non-critical files I want to more easily move around. Works great.
As far as securing PDAs goes, I have been using TealLock, which allows me to use Blowfish on my Palm. As usual, the security is only as good as the passphrase. But it's a whole lot better than the built-in system, which does not encrypt at all but only locks the Palm at start-up.
Chebaruashka: The SanDisk Cruzer Profile is a good fingerprint-secured USB device. It has a partition that is keyed on your fingerprint and is always encrypted. Perfect for Joe User, just don't lose your fingers.
> Unfortunately Truecrypt requires administrator access on Windows.
Not if an admin installs it for you. Also, all on-the-fly disk encryption programs need a device driver. And only admins can install drivers on Windows (which is good).
> Can anyone recommend a good USB drive with thumbprint encryption?
I've worked with kanguru (http://www.kanguru.com) drives recently. They have a built in crypt container that essentially splits the drive in half and uses 256-bit AES.
consider to reduce the risk by separate them: the possibility to lose a note book and a flash disk at the same time is lower.
So how about to let them work only with each other.
Some security mechanisms can also be built in the flash disk like items.
As a software engineer working on PDA's (writing an email client no less) I regularly receive questions about adding some kind of 'remote erase' feature you suggest.
We have not, nor are unlikely to implement such a feature at any time in the future because of the potential for abuse by malicious third parties.
I wonder if this sort of feature could ever be implemented securely, reliably and most of all silently (presenting no user interface prompts) on any device?
In terms of protecting hard disks of Windows computers, I recommend SecureDoc by WinMagic. I bought the "Personal" edition from TigerDirect for only $68CDN ($50US). A great deal considering it is just a mildly limited version of the Professional edition extensively used by US gov't agencies.
There was mention of the Lexar USB memory stick with fingerprint "protection". I have one and it's rubbish, don't waste your money. The problem is you have to save the file unencrypted on the USB stick then encrypt it. The original file is "deleted" but can be recovered. Making the encryption useless.
I use Truecrypt to encrypt the entire USB memory stick, there's no chance of leaving a file unencrypted on the USB stick as the whole device is encrypted at all times - a much more secure solution.
Hello Mr. Schneier,
I am looking for a program that is a security vault "folder" with a password protection... in order for anyone to access the information or folder... they must enter the password... and it must also be encrypted for security purposes...
I really would like to know your recommendation...
Best of Health,
Here's one from an old sci-fi story I never got beyond outlining. A computer operator is asked to produce 50 questions with one word answers. What was the name of the girl that... or what color was your bedroom wall when you were 10 years old? The kind of unrecorded trivia we all have in out heads. The master program in the computer has the questions and answers and selects a question based on time of day, date, air temperature etc. The operator has ten seconds to answer the question. If the person accessing the computer misses two questions in a row the computer erased itself. No password to remember or write down (or steal) because the "password" is something the owner already knows, yet it is never the same twice because once used a password-question set is locked out for a preset time. The Bad guys studied the victim intensively, but missed the only thing his pet dog refused to eat (onions) and then missed the first kid he ever won a fight with (first name).
So can this be done with modern storage media-sure. Can it be made practical? probably. Can it be made MARKETABLE? Good luck. If you get it working can I have one?
TrueCrypt can create the type of thing you are asking for.
Can anyone tell me the answer to the following question? I have this on my test and I can't seem to find any info.
Which of the following would erase the files saved on a thumb drive?
A. Magnetic Field
D. High Voltage
Any help is appreciated.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.