Encrypting Data
 

Home

Contact us

Customer Analysis

Questionnaire Analysis

Technical Information

 

How to avoid making the headlines - simple and secure data encryption.

Dr Andy Pryke - The Data Mine Ltd

Not all publicity is good publicity, and in the last year, there have been many high profile cases of personal data being "mislaid" by government departments and private companies. These affect public confidence, bring possible legal actions against the organisation and leave the individuals concerned open to identify theft.

Data losses happen in a variety of ways, some, like resale of unwiped hard disks or posting of CDs could be avoided by strictly adhering to company policies. Others, like theft of a laptop or dropping a USB memory stick, could happen to anyone. So, if you have data which you wouldn't publish on the internet for anyone to see, then you should be encrypting it.

One important thing to note is that password protecting a laptop, an Access data base or a spreadsheet does not really encrypt your data, these methods can all be cracked in minutes and only give a false sense of security.

Although mathematically complicated, encryption is simply the scrambling of information so that it can only be read by those in possession of a "key". The history of encryption is a fascinating area, and "The Code Book" by Simon Singh is a very readable introduction. 

How to Encrypt Your Files

The best way is to set up what is known as an "encrypted volume". This is either a large file or part of a hard disk which can be used just like an extra disk. On Windows (and I'm afraid Linux users will have to read the manual here), it appears as an extra drive letter (e.g. "X:").

In my opinion, the best product for this is the open source TrueCrypt, which uses encryption methods approved by the US government for information at "Top Secret" level. Great thought has been put into the design of the programme to ensure that it operates in a secure way, and open source scrutiny guarantees there are no "back-doors".

You can download TrueCrypt . It is easy to install, and the documentation is clear.

What files should you encrypt? I'd recommend all your documents and any other data which you store. You should make a backup, test it and store it in a secure place before proceeding. You can always destroy this and make an encrypted backup once you're happy with TrueCrypt.

Setting up your encrypted volume is simple, just stick to the default values for formatting and encryption. The hardest question you'll need to answer is the size of your virtual disk volume. If you've plenty of disc space, make it big, as almost everything you store will end up in it. You can have as many encrypted volumes as you'd like, but generally one large one makes sense. Enter a password - and don't forget it, there is no other way to get access to your data!

Mount the container file from TrueCrypt, and move your data files across to the drive. You're now secure!

How to Encrypt Data for Distribution on CD

There are many factors other than encryption to consider when shipping databases containing confidential information. For example, what will the recipient do with the data? Will they keep it secure? The brief guide below shows you how to securely encrypt data in a way which means that however many copies you lose in the post, there's no security risk.

First, you create a TrueCrypt Volume containing the data, copy it to a CD, and post it off.  When (or if) it arrives, and is inserted into a PC, the user is prompted for the pass-phrase. You should supply this via another channel such as a phone call or perhaps a registered letter via a different courier. The encrypted files can now be read just like normal files.

Any adversary would need to intercept both the CD and the pass-phrase. If you're paranoid, you can use some form of tamper evident packaging for the CD, so that you can be sure that when (or if!) it arrives with the intended recipient, it has not been copied during its journey.

Tips:

  • TrueCrypt can start automatically when your machine boots, dismount the encrypted drives when you hibernate or shut down.
  • On Windows, you can move the location of your "My Documents" folder to the encrypted disk by right-clicking on it.
  • USB memory sticks can be encrypted and automatically start TrueCrypt when inserted, allowing you to transfer data safely.
  • For extra security, run a program to clean up your disk once you've encrypted the files.
 Dr Andy Pryke has been working in data mining since 1994. His company The Data Mine Ltd provides a range of consultancy and project services.