TrueCrypt: A Free, Effective Way To Protect Mobile Data

Protecting data on mobile devices is not an option. Every security manager knows this can be a hole in an organization's defenses. The best way to protect data on the move is encryption. However, providing the right tools is not easy--especially when cost is an issue. Any tool must be easy to use and one most, if not all, users are willing to integrate into their daily routines. TrueCrypt fulfills these basic requiremens, and then some.

I installed and tested TrueCrypt 6.1a (released December 2008) from the perspective of user and SMB security manager.

TruecCrypt is an open-source encryption solution provided by the TrueCrypt Foundation. It isn't new to the encryption market. Version 1 was released in February of 2004. According to the Web site, the following are the product's main features:

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly) and transparent.
• Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
  • Hidden volume (steganography) and hidden operating system.
  • No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
• Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

TrueCrypt also supports security tokens and smart cards.

Users can encrypt entire USB drives or create encryped areas for storage, called containers. Encrypted volumes can be auto-mounted via the TrueCrypt interface or via a script using command line capabilities.

Another great feature is TrueCrypt's requirement to backup the master boot record (MBR) before encrypting a laptop system disk. There is no way around it. No backup, no encryption. The backup disk provides a means to recover if the TrueCrypt MBR is corrupted.