A simple guide to securing that collection of cute kitten movies that you don't want the man to get at. These, or similar, methods should be adopted by all grass root movements that work with sensitive data.
4. Concepts
Context
• Recently there have been court cases where e.g. pornographic material found on the
defendants’ laptops has been used to implicate the defendant, which stresses the
importance of taking data security seriously
Goal
• In the case of somebody gaining access to our computer (e.g. in case of theft, somebody
snooping around or by a court order) we want to ensure that our personal data remains
that way. Personal and secure.
• We want a password-protected safe place to put our collection of sensitive data. This
data could be anything from top secret documents, our emails (especially relevant for
people who use off-line e-mail clients), or simply our beloved collection of movies with
cute kittens.
• Also, we want a decoy, so that if we are somehow forced to reveal our password, we
can give a fake password that will activate the decoy instead of revealing our real data
Method
• We will use a program called TrueCrypt to create a special file on our computer. This
special file will contain all of our sensitive data in an encrypted format, and we will be able
to access our data, as if it was placed on a hard drive of its own. Also the special file will
contain the decoy files, that will be shown if the decoy password is entered instead of the
real password
6. Install TrueCrypt
• Download and install the program: TrueCrypt
- www.truecrypt.org
• For the rest of this guide, we
will assume that TrueCrypt
has been installed.
• To create a safe place to store
your data, Open TrueCrypt
and click on “Create Volume”
8. Create a secure container
• Select “Create an encrypted file
container” and click Next
• Select “Hidden TrueCrypt volume”
and click Next
9. Create a secure container
• Select “Normal mode” and click Next
• [1] Choose a folder to store the file
to use for our container (e.g. select
“Local Disk (C:)”) and [2] write a
name for the file (e.g. “x”) and click
Save
10. Create a secure container
• Confirm the location of the file and
click Next
• Click Next again…
• …and again (to confirm “Outer
Volume options”)
11. Create a secure container
• Now we have to select a size for our
container. This of course depends on how
much data you want to store in the
container (e.g. movies take up a lot of
space) and how much space you have
available on your hard drive. For this
example we will use 10 GB, which is
enough to store e.g. a lot of documents
and a decent collection of video material.
• Then we need to create a password for
the Outer Volume – this password is NOT
your real password, but simply a
password that seems plausible and that
you can afford to give up, in case
anybody is trying to extort you.
12. Create a secure container
• Select “No” to keep large files and
click Next
• Keep the standard options and click
Format to begin preparing the hard
drive for your data.
13. Create a secure container
• Now the Outer Volume has been
created. Click Next to continue
creating the real secret container.
• …and click Next again
14. Create a secure container
• Click Next to continue with the
standard options…
• Now we have to define the size of
our hidden container. This depends
on the size we chose for our Outer
Volume earlier and how much space
we want in the outer container. In
this case we will select 9500 MB as
the size we want.
15. Create a secure container
• Accept the warning telling us we
are using almost all of the space in
the outer container.
• Now create a password for the
hidden volume. This password
should be long, difficult to guess
and only known to you.
16. Create a secure container
• If you want to store files larger than
4 GB select “Yes”. However, if you
don’t need to store large files or are
using an external drive that you will
also use with Mac or Linux, select
“No”
• Click Next to continue with the
standard options…
17. Create a secure container
• Congratulations! Now we have created both a decoy container and our real
container to use for sensitive data.
19. Place dummy files in decoy container
• To be able to use our secure
containers, we need to first “mount”
them as a drive. Whether it will be
our “real” secure container or the
dummy container, that will be
mounted depends only on the
password that we enter.
• So, to mount the container, first [1]
select the drive letter you want (e.g.
“X:”) then [2] select our file (e.g.
“c:x”) and [3] click “Mount”
20. Place dummy files in decoy container
• Because we want to access our
decoy container (and put some
plausible dummy content there) we
enter our dummy password.
IMPORTANT: Then [2] click “Mount
options”
• In Mount options, put a checkmark
[1] in “Protect hidden volume…” and
[2] type in the real password. Then
[3] press OK, and OK again to
mount the drive. Finally click OK
again to the information pop-up.
21. Place dummy files in decoy container
• Now the decoy container has been
mounted as drive “X:” (notice the
“Outer” keyword signifying that is
our decoy)
• Then we can open the drive by
opening “Computer” and go to
Local Disk (X:).
22. Place dummy files in decoy container
• Of course the folder is now
empty, so we would like to create
some folders and also put some
innocent files and documents on
the drive (just to make it seem
plausible)
• For instance we can create some
folders such as
“Downloads”, “Documents”, “Pictur
es”, and “Videos” (make sure to
create these folders, as we will use
them in a later guide on how to
secure Windows)
23. Place dummy files in decoy container
• When we are finished putting dummy
content in the decoy container, we
will dismount it, so that we are ready
to mount our real secret container.
• To Dismount simply select the drive
in TrueCrypt and click Dismount
25. Start using the secure container
• Again: To be able to use our secure
containers, we need to first “mount”
them as a drive. Whether it will be
our “real” secure container or the
dummy container, that will be
mounted depends only on the
password that we enter.
• So, to mount the container, first [1]
select the drive letter you want (e.g.
“X:”) then [2] select our file (e.g.
“c:x”) and [3] click “Mount”
26. Start using the secure container
• Now enter the password you
created for the real secret
container and click OK.
• That’s it! Now you can store
your sensitive files on drive X:
(notice the “Hidden” label)
27. Start using the secure container
• To make it easier to use your new
secure location for data, you can add it
as a “favourite” in TrueCrypt, but first
selecting the drive “X:” and then go to
the menu “Favorites” and select “Add
Mounted Volume to Favorites…”
• Then you can give it a label [1] (e.g.
“personal”) and put a checkmark in [2]
“Mount selected volume upon
logon”, to make the secure drive X:
available every time the computer
starts. (it will then prompt you for a
password every time you restart your
computer. Notice that you can input
either your real password to access
your secure data, or the dummy
password if you are in a pickle and just
want to show some plausible data)