USB pen drives and safe cryptosystems (looking for references)

We are working on forensic cryptology and computer security expert
witnessing in Spain.

Right now we need a list of freeware cryptosystems for USB pen drives,
as well as comments or cryptoanalysis of standard ones. For instance,
we would like to know about Microsoft XP encryption options in
"properties" (we are very interested about any case or news concering
Microsoft help to Courts of Law or Police in order to crack their own
standard cryptosystem for USB pen drives), or manufacturers utilities
to allow partitioning, make the drive bootable and have a password
protected security area.like VFUEL_Security.exe you can download for
free at http://vfuel.net/driverstool.aspx

Our idea is to publish a Website in Spain with links to free downloads,
advice and news about risks on USB pen drives specially for lawyers.

I shall appreciate any help technical help, news and "off-the-records".
There is a lot of work to be done in Spanish speaking countries on USB
pen drives security.

Miguel A. Gallardo, cryptologyst (engineer and criminologist) at
www.cita.es

Miguel A. Gallardo en http://www.cita.es

"Miguel A. Gallardo en http://www.cita.es" <>
wrote in news: ups.com:

> We are working on forensic cryptology and computer security expert
> witnessing in Spain.
>
> Right now we need a list of freeware cryptosystems for USB pen drives,
> as well as comments or cryptoanalysis of standard ones. For instance,
> we would like to know about Microsoft XP encryption options in
> "properties" (we are very interested about any case or news concering
> Microsoft help to Courts of Law or Police in order to crack their own
> standard cryptosystem for USB pen drives), or manufacturers utilities
> to allow partitioning, make the drive bootable and have a password
> protected security area.like VFUEL_Security.exe you can download for
> free at http://vfuel.net/driverstool.aspx
>
> Our idea is to publish a Website in Spain with links to free downloads,
> advice and news about risks on USB pen drives specially for lawyers.
>
> I shall appreciate any help technical help, news and "off-the-records".
> There is a lot of work to be done in Spanish speaking countries on USB
> pen drives security.


FreeOTFE (www.FreeOTFE.org) and TrueCrypt are pretty popular (and free!).
Both can be run from a USB drive and allow transparent encryption...

fred

"Miguel A. Gallardo en http://www.cita.es" <>
wrote in message
news: ups.com...
> We are working on forensic cryptology and computer security expert
> witnessing in Spain.
>
> Right now we need a list of freeware cryptosystems for USB pen drives,
> as well as comments or cryptoanalysis of standard ones. For instance,
> we would like to know about Microsoft XP encryption options in
> "properties" (we are very interested about any case or news concering
> Microsoft help to Courts of Law or Police in order to crack their own
> standard cryptosystem for USB pen drives), or manufacturers utilities
> to allow partitioning, make the drive bootable and have a password
> protected security area.like VFUEL_Security.exe you can download for
> free at http://vfuel.net/driverstool.aspx
>
> Our idea is to publish a Website in Spain with links to free downloads,
> advice and news about risks on USB pen drives specially for lawyers.
>
> I shall appreciate any help technical help, news and "off-the-records".
> There is a lot of work to be done in Spanish speaking countries on USB
> pen drives security.
>
> Miguel A. Gallardo, cryptologyst (engineer and criminologist) at
>
www.cita.es
>

TrueCrypt is the best! I swear by it.



--
Posted via a free Usenet account from http://www.teranews.com

Widget

"Miguel A. Gallardo en http://www.cita.es" <>
wrote in message
news: ups.com...
> Miguel A. Gallardo, cryptologyst (engineer and criminologist) at
> www.cita.es

I decided not to comment on this for a while, but I find it sufficiently
problematic to call attention to it. Basically, a "cryptologist" who has no
clue about cryptography. The fundamental problem here is that a mining
engineer has decided that he's a cryptologist without any of the knowledge
or experience that goes into actually being one.

This would of course explain the complete lack of quality in all the
responses. Perhaps Miguel would have better luck with admitting he has no
clue, then his questions might actually get some decent answers.
Joe

Joseph Ashwood

Widget wrote:

>
> "Miguel A. Gallardo en http://www.cita.es" <>
> wrote in message
> news: ups.com...
>> We are working on forensic cryptology and computer security expert
>> witnessing in Spain.
>>
>> Right now we need a list of freeware cryptosystems for USB pen drives,
>> as well as comments or cryptoanalysis of standard ones. For instance,
>> we would like to know about Microsoft XP encryption options in
>> "properties" (we are very interested about any case or news concering
>> Microsoft help to Courts of Law or Police in order to crack their own
>> standard cryptosystem for USB pen drives), or manufacturers utilities
>> to allow partitioning, make the drive bootable and have a password
>> protected security area.like VFUEL_Security.exe you can download for
>> free at http://vfuel.net/driverstool.aspx
>>
>> Our idea is to publish a Website in Spain with links to free downloads,
>> advice and news about risks on USB pen drives specially for lawyers.
>>
>> I shall appreciate any help technical help, news and "off-the-records".
>> There is a lot of work to be done in Spanish speaking countries on USB
>> pen drives security.
>>
>> Miguel A. Gallardo, cryptologyst (engineer and criminologist) at
>>
> www.cita.es
>>
>
> TrueCrypt is the best! I swear by it.


Of the stego encryptors, TrueCrypt hidden volumes on Windows systems fail
against a thorough forensic analysis. So do FreeOTFE hidden volumes, and I'm
pretty sure all the rest do too. It's not a failing in the crypto, it's an
environmental failing - Windows is just not reliably secureable that way.

Although I must add that I somewhat blame the crypto writes for not making
this obvious. Sorry Sarah, not the best way to win friends and influence
people!

In fact almost _all_ encryption systems for Windows fail against such
analysis, which is why Microsoft are putting native encryption into Vista.
Windows leaves too many temp files and similar traces.



Worse, none, repeat none, of the disk cleaning utilities reliably find all
this data, never mind sucessfully overwriting it.

Paper (from PET again): One Big File Is Not Enough: A Critical Evaluation of
the Dominant Free-Space Sanitization Technique
Simson L. Garfinkel and David J. Malan
at http://petworkshop.org/2006/preproc/preproc_08.pdf

Best way is to copy all your files to another disk and overwrite the first
disk completely. This still doesn't catch reallocated sectors though.. and a
sort-of reallocation* happens with USB drives too.



However, if you use a USB drive for encrypted files created using FreeOTFE
or TrueCrypt from a BartPE CD boot environment, with a seperate key for each
file, you have a chance - leaves no on-disk traces

Or m-o-o-t, of course, but I shouldn't advertise

Or Curtains ... details to follow ...


*load balancing - the USB drive may decide that a sector has been
overwritten more often than it wants it to be, and instead of overwriting
that sector it allocates another free sector when a write is made, leaving
the original sector unchanged.


--
Peter Fairbrother

Peter Fairbrother

Peter Fairbrother wrote :
> Or m-o-o-t, of course, but I shouldn't advertise

Was it released?

Kind regards
Ludovic

Ludovic Joly

Opera Portable One-Use 9.00
All settings, history, cache etc are completely destroyed after running.
This is suitable if you run Opera Portable from LAN shares, CD/DVD, or
other non-writable media.

http://www.kejut.com/operaportable

Or without overwriting the files automatically but keeping the settings
(less secure):

http://www.opera-usb.com

-----------------------------------------------------



> "Miguel A. Gallardo en http://www.cita.es" <>
> wrote in message
> news: ups.com...

Homachi

Ludovic Joly wrote:

> Peter Fairbrother wrote :
>> Or m-o-o-t, of course, but I shouldn't advertise
>
> Was it released?

Not yet - but probably soon now.

The Home Office have recently decided to bring the GAK law (Pt. III of RIPA)
m-o-o-t is designed to defeat into force, and m-o-o-t will be released the
day that happens. It has been on the books for six years, but has not yet
been brought into force.

The commencement process will take until probably early next spring.

Assuming that is that the Home Office manage to get it through Parliament of
course, which is quite likely, especially as it does not have to go through
the whole Parliamentary process, just a House of Commons Committee vote and
a full vote in the Lords - but it is still not impossible that it may be
rejected.

(the House of Commons could also decide to call a vote and vote against it,
which would be very unusual - however it's all tied up in terrorist politics
now, and almost anything could happen. The Home Affairs Select Committee
have finally begun to acknowledge that Pt III isn't going to actually catch
very many people, although they recommend that the Government implement Pt
III - however they _still_ don't seem to realise that it doesn't actually
work at all against suitable crypto)


I am in the process of updating the OS from OpenBSD 2.8 to OpenBSD 3.9, and
the crypto etc is, as usual, about half-done.


Of course I am also working on Curtains


--
Peter Fairbrother

Peter Fairbrother

Hi Peter:

"Peter Fairbrother" <> wrote in message
news:C0D16E64.CDB57%...

> In fact almost _all_ encryption systems for Windows fail against such
> analysis, which is why Microsoft are putting native encryption into Vista.
> Windows leaves too many temp files and similar traces.

But for a USB drive EFS is perfect. Usability impact may be not acceptable
though - access to the Windows profile is required to read the information.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

S. Pidgorny

S. Pidgorny <MVP> wrote:

> Hi Peter:
>
> "Peter Fairbrother" <> wrote in message
> news:C0D16E64.CDB57%...
>
>> In fact almost _all_ encryption systems for Windows fail against such
>> analysis, which is why Microsoft are putting native encryption into Vista.
>> Windows leaves too many temp files and similar traces.
>
> But for a USB drive EFS is perfect. Usability impact may be not acceptable
> though - access to the Windows profile is required to read the information.

??

I thought it was just a keyword.

If the attacker can only get access to the USB key and not to the computer
there are several programs which will be secure, in fact most reputable
encryption programs will - but I have no idea whether EFS is one of them,
the source is closed.

You would also be well advised to change the key every time you use the
stick - if not there might be stuff left there under the same key which you
do not want even a person you give the key to to know.


--
Peter Fairbrother

Peter Fairbrother