Data Security without the Cloud

Data Security without Cloud ServicesThis post shows a simple solution to backup your most valuable documents on a USB-Stick in an hidden and encrypted form, such that the data is not easily recognizable and accessible for unauthorized users. Users connecting the Stick would just see an ordinary USB-Stick and have access to this drive. But the main part of the Stick will be ‘under the hood’.

This tutorial is based on OS X but it can easily be transferrerd to work on any kind of linux or with some additional efforts even to work on a Windows {X} client. If you transfer the tutorial for another platform, please let me know, so we can provide your solution here as well.

As for the encryption-part we go for truecrypt. This is an OpenSource solution for transparent and realtime File-, Container- or Partition-Based encryption.

Preparation: Get your Copy of TrueCrypt

Go to the downlad setion of the TrueCrypt Website and download the most recent version of TrueCrypt, currently this is Version – 7.1a. Then install it.

Step 1: Prepare your USB-Stick

Get a USB-Stick with enough space for your valuable documents, say 64 GB. We will split up the partitions into a smaller visible partition of 16 GB and a bigger invisible partition of 48 GB. Of course you can choose the visible partition to be smaller. Keep in mind, that the visible partition serves you to transport ordinary non-valuable information and can be used as a normal USB-Stick. When connecting the Stick to your Mac, only the visible partition gets mounted. This is cool, because when your stick gets lost, chances are good that the finder doesn’t even realize that there is another partition.

To partition your stick in that manner, run the ‘Disk Utility’ (or ‘Festplatten-Dienstprogramm’ in german) and create two partitions. Select ‘2 Partitions’ from the Partition-Layout dropdown:

Bildschirmfoto 2014-03-23 um 20.59.07Then define name and size of the first and visible partition. Here we selected 16 GB for the first partition, 48 GB for the second one.

Bildschirmfoto 2014-03-23 um 20.59.11

At the moment you don’t have to care about the partition properties and fileformat chosen for the invisible 2nd partition. Just make sure the partition sizes fit your needs. You can set the size of one partition, the other’s will then be calculated by the ‘Disk-Utility’ by subtracting some administrative data-blocks from the space left. Choose an appropriate filesystem for both partitions, i.e. MS-DOS (FAT):

Bildschirmfoto 2014-03-23 um 21.06.22Then press the ‘Apply’ – button and your USB-Stick will be partitioned in the selected manner. Depending on the size of your stick, this may take several minutes.

Step 2: Create your Hidden Encrypted Device

In this step we use the OpenSource Encryption Utility TrueCrypt to make the 2nd partition a hidden encrypted partition. To start, connect your previously prepared USB-Stick and launch TrueCrypt.

  • In the start window choose ‘Create Volume’
  • Then select ‘create a volume within a partition / drive

Bildschirmfoto 2014-03-23 um 21.37.12

Click next. In the following dialog choose ‘Standard TrueCrypt Volume’ and click next. On the now appearing  ‘Volume Location’ dialog click ‘Select Device’ and you should see something as follows:

Bildschirmfoto 2014-03-23 um 21.49.34dChoose the bigger partition of the stick (CAUTION: Make sure you don’t choose an existing Partition of your physical harddrive or another external device!) and click ‘OK’. Click ‘Next’ and accept the Warning on creating encrypted partitions instead of encrypted files. Concerning the Encryption Options, we suggest to make the following selection:

Bildschirmfoto 2014-03-23 um 22.03.26After clicking ‘Next’ you’ll be prompted to input your password. Make sure, you note down your password or password-hints and put it into your safe or tell it to someone you trust. Choose a password with the length of at least 32 characters, containing uppercase / lowercase letters as well as digits and special-characters. Then click ‘Next’ and make your choice on the next question (Files > 4GB allowed or not). Make your selection and click ‘Next’. In the following Dialog choose the fileformat (i.e. FAT, don’t check the fast format option) and on the following dialog move your mouse to generate random data to format the partition.

You’ll then get presented a dialog indicating, that device has been successfully created. Click ‘OK’, then ‘Exit’ to finish the process. Congratulations! You now have your hidden, encrypted partition on your USB-Stick.

Step 3: Mount your Hidden Encrypted Device

When you insert the stick into your laptop, you should now see only one device icon, representing the unencrypted partition of your USB-Stick. Use this device to store or transport data, which is not confidential.

To get access to your newly created partition, start TrueCrypt and click ‘Select Device…’ from the main-dialog. Again select your partition from the USB-Stick you have just finished setting up and click ‘Mount’. You will get propmpted for the password. Enter the password and click ‘OK’. The main-window will then indicate the mounted partition while at the same time a new device-icon appears on the desktop. This is your hidden encrypted device to store your confidential data.

Bildschirmfoto 2014-03-23 um 22.42.40After having finished your work with your secured device, don’t forget to unmount it by ejecting it in the ‘Finder’ and / or using the ‘Dismount’ button in TrueCrypt.

Now you have a secured portable USB-Stick to make your data portable. Depending on your needs, you might want to use your stick as a portable backup device, rather than to make your data available everywhere and work with it. It should probably replace the cloud, since – as this post is about – you don’t want to trust your data to the cloud, no matter if it’s encrypted or not. If this is your situation, go read on with this post!

Share on FacebookShare on LinkedInShare on Google+Tweet about this on TwitterEmail this to someone
PDF herunterladen
Posted in Data Security