Keep your data from prying eyes - an encryption solution for the Pocket PC
| 2008-04-02 | By: PEE KAY, Bangkok Post |
As an information security freak, I protect my data/information religiously. Personal data files on my home PC as well as work data files on my thumb drive are encrypted using TrueCrypt. Information on my Pocket PC, however, did not enjoy the same level of security. PIN codes were kept secured using Illium's eWallet and personal notes were encrypted within PhatNotes. But the rest of data files on my Pocket PC were not in any way protected from prying eyes.
From reading Bruce Schneier's book Beyond Fear (http://www.schneier.com/book-beyondfear.html), I understand the risks and threats quite well. A Pocket PC is a device you carry with you almost anywhere, and hence is likely to be lost or stolen. When such misfortune happens, your information - some of which can be personal or proprietary in nature - can fall into wrong hands. (Even in the case of a repair, your information might be subject to a nosey repairman as well.) For many people, myself included, effective and easy-to-use data encryption on a Pocket PC is more than welcome. Enter Aiko Solutions' SecuBox, on-the-fly encryption software designed specifically for Windows Mobile devices. (See sidebar for an explanation of on-the-fly encryption.)
SecuBox packs quite a punch when it comes to data security. It implements AES-256, one of the strongest (and most popular) data encryption methods currently available in the civilian world. According to TrueCrypt's web site, the algorithm is so secure US National Security Agency announced that "the design and strength of AES-256 are sufficient to protect classified information up to the Top Secret level."
To enhance security even further, SecuBox offers a File Wiping feature, which makes recovery of deleted data virtually impossible. The wiping methods used by the software conform to US Department of Defence data sanitising specifications. (Since file wiping is slow and cannot be turned off, if you don't need this level of security, you can freely delete your encrypted files using Windows Mobile's File Explorer.)
SecuBox's user interface is quite straightforward. It simply lets you create, mount, and explore. The application supports up to a 2GB encrypted storage volume, 10 of which can be created on either the device's internal memory or an external SD card. You can enter up to 128 characters for your password. SecuBox even provides a password meter to let you know whether the one you are entering is secure enough.
Besides its easy interface, SecuBox is designed with practicality and convenience in mind. For example, it is smart enough to turn itself off before SPB Backup on my device starts its operations. You can auto-run it at Startup, enable its system tray icon, and dismount encrypted volumes on sleep as well as on exit. Such options as well as the application's close integration with Windows Mobile's File Explorer make SecuBox practical to use in daily life.
Although SecuBox can be a godsend for security conscious people, there is still room for its improvement. One of its few disadvantages is speed - naturally due to the fact that reading from or writing to encrypted volumes takes more time. For example, it takes SecuBox about 150 seconds to copy a 2.7MB file from an SD card to the encrypted area of the same SD card. To put things in perspective, this is about 10 times slower than normal file writing operations. (File writing into an encrypted volume can become even slower, much slower in fact, if SecuBox's Error Logging is enabled. So avoid enabling this setting unless you really have to.)
The application is quite slow at creating encrypted volumes as well. In the tested version (Beta 1.5), creating a 10MB encrypted volume took about one minute while creating a 300MB encrypted volume took almost 30 minutes. You can also opt to encrypt files in the less-secure "quick mode". This creates a 300MB encrypted volume in about five seconds: It's a case of trading security for speed.
The problem with slow operational speed is that, besides having to wait longer, these slow file creation and file writing operations consume a great deal of battery power. Fortunately, this problem is likely to be one-time rather on-going.
As such, the problem mentioned is not as severe as it might have been if the mounting operation were slow. (In such a case, you would encounter the problem much more often.) As it is, having your device on AC power during a long copy or while creating an encrypted volume (or when copying large files from a PC directly to SecuBox's encrypted volume via a USB link) seems to be an acceptable solution, at least until Aiko Solutions optimise SecuBox to make it speedier.
As well as a speed improvement, I have another wish for SecuBox. Normally, the only way for a Pocket PC user to know the available memory on the device/SD card is via Windows Mobiles' Memory utility (Start>Settings>System>Memory). The catch is that you need to know this information before you can create an encrypted storage volume. So making such information available in SecuBox's user interface would ease the creation process a great deal.
SecuBox will help you keep your important personal information from prying eyes. Even if (when) you lose your device, you know that your data will not fall into the wrong hands. This security will definitely give you added peace of mind. The software can be downloaded for trial from www.aikosolutions.com/products/secubox-for-pocket-pc/. The registration fee is $39.95 (1,260 baht). And I feel obliged to mention that Aiko Solutions provides some of the best technical support I've experienced in a long time.
What is 'on-the-fly encryption'
On-the-fly encryption is a kind of storage/disk encryption that allows a user to create and access encrypted information transparently. The process starts as a user creates an encrypted volume, protected by a password (or sometimes a pass-phrase). The user then mounts this encrypted volume - using the password/passphrase, turning it into a virtual storage (a disk or a folder, for example).
As long as it remains mounted, files saved into the encrypted volume will be encrypted automatically while files read from it will be decrypted automatically, rendering all encryption process transparent to the user, and hence the name "on-the-fly encryption".
Since contents on the encrypted volume - residing on hard disk/storage card/thumb drive - remain encrypted at all time whether the volume is mounted or not (when mounted, the encrypted data is read into computer's memory and then decrypted for use), your data residing on the volume is always secured.
All on-the-fly encryption software I've used can be set so that their encrypted volumes are dismounted every time the machine/device is rebooted/reset - ensuring that only you (armed with corrected password/passphrase) have the power to access the encrypted information.
My favourite on-the-fly disk encryption for PC is TrueCrypt, free open source software available at www.truecrypt.org/downloads.php.
Learn more about SecuBox PDA card encryption | Windows Smartphone version of SecuBox
RSS feed
