Encryption Tools for Workstations and Laptops
Linux Workshop presentation 27-May-2009
On January 7, 2009, Dr. Stead broadcast an email message in which he discussed the importance of protecting sensitive information. (William W. Stead, M.D. is Associate Vice Chancellor for Strategy/Transformation and Director of the Informatics Center at Vanderbilt University Medical Center. He serves as Chief Information Officer of the Medical Center and Chief Information Architect for the University.)
"The Information Privacy and Security (IPS) Executive Committee ... has been monitoring the increasing risks associated with accidental loss or intentional theft or breach of Protected Health Information (PHI), Research Health Information (RHI), or other individually identifiable personal information on end-user and mobile devices.
Vanderbilt University Medical Center is committed to protecting the privacy, security, and integrity of
confidential information created, maintained, used, or disclosed in the course of conducting its health care, education, research, and business operations. To that end, the Medical Center adopted policies in 2008 defining expectations for protection and security of Protected Health Information and Research Health Information. Given the wide-spread use of electronic data and technology, it is no longer
reasonable to assume that the information will remain stored only on centralized servers in protected data centers. Even a computer that accesses the VUMC networks for email use may very well have PHI or RHI saved to the hard drive through automatic caching. Over the past six months it has become clear that the risk exposure has begun to exceed the costs of mitigating solutions. ... "
We have to assume that there will soon be policies in place that dictate how we handle data that contain PHI or RHI. Encryption will no doubt be a part of that policy. In this presentation I will discuss some open source software products that encrypt data.
What is encryption?
"In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted)." [from
http://en.wikipedia.org/wiki/Encryption]
In our case, we are talking about using encryption to make certain computer files unreadable in the event the files somehow end up not in our control. This can happen if a computer is stolen or a flash drive is lost. It can also happen if a computer is accessed by some unauthorized person. A file is certainly not in our control when we send the file to another party using email.
Why? Policies and Advice
The HIPAA References and Resources page (
http://www.mc.vanderbilt.edu/root/vumc.php?site=HIPAA) is the starting place for information about Vanderbilt's policies and requirements concerning protected health information and research health information. We are required to understand what constitutes information that must be protected and how to protect it. ("HIPPA" means "Health Insurance Portability and Accountability Act of 1996")
The best way to avoid revealing protected information to not have any on your computer! See
http://en.wikipedia.org/wiki/Protected_health_information for a list of what is considered protected health information. Removing this information from a data file will usually result in a file that does not need to be protected. For more a detailed discussion see
Research Repositories, Databases, and the HIPAA Privacy Rule from the
National Institutes of Health.
Personal File Encryption
Next we will look at two programs that can be used to encrypt files stored on our personal computers and laptops. bcrypt runs on Linux and Windows computers and TrueCrypt will run on Linux, Windows, and MacOS platforms
bcrypt encrypts and decrypts files using the blowfish algorithm.
Blowfish is one one many encryption algorithms. Others include
Data Encryption Standard (DES) and
Advanced Encryption Standard (AES). Please excuse all the Wikipedia links, but it does have good introductions to these topics.
- If you are running Ubuntu Linux, bcrypt can be installed easily using a package manager like
apt-get
or aptitude, etc. Here is the first part of the man page for bcrypt.
- The next three screen captures show an example of bcrypt in use. Let's say we have a file called "file_full_of_protected_information.csv". The bcrypt command causes a new, encrypted version of the file to be produced and the un-encrypted version is deleted. Note one problem here: I was editing the file before I encrypted it and my editor left behind a backup version. I have to make sure I deal with things like that.
- The encrypted file has the extension ".bfe". Using the bcrypt command again on that file give back the original file (assuming we remember the password!).
- The restored file:
Encrypting and decrypting files this way can be awkward. Also, one has to be careful about backup files and work files left behind by editors and other programs. Still bcrypt can be useful, especially for protecting files that you will take away from work on a CD or flash drive. All you need is the same program installed at work and on your other computer.
According to the TrueCrypt documentation:
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system encryption (e.g., file names, folder names, contents of every file, free space, meta data, etc) is supported for Windows, but not for Linux.
TrueCrypt is free, open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux. The main features of TrueCrypt are:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides plausible deniability, in case an adversary forces you to reveal the password.
They make a big deal of this last point, but I don't think it is a big issue in our environment. Although...
XKCD on Security
- TrueCrypt doesn't have a package that can be installed using, for example,
apt-get
. An installer has to be downloaded from http://www.truecrypt.org/ and then run on your computer (i.e. sudo ./truecrypt-6.2-setup-ubuntu-x86
. Once the program is installed, it can be run with the truecrypt
command. In Linux open a command windows and type the command "truecrypt" or use use Alt+F2 and type "truecrypt" in the command box. The TrueCrypt windows look much the same on Linux and on Windows. There is excellent documentation at http://www.truecrypt.org/docs/.
- The first thing to do is to create a file that will hold the encrypted file system. TrueCrypt uses a file to act as a virtual file system to hold the encrypted files. This file then gets mounted and can be used just like any other directory on the computer.
- The defaults seem to be OK in most cases.
- Here's where we tell TrueCrypt the name we want to use for the container file. In this case, I am using a file called "my_secret_data" in my home area.
- Again, the default choices seemed to be OK. There is a lot to learn to be able to make intelligent choices about kinds of encryption. I decided to go with the government approved default.
- I decided to make a 1 gigabyte container file. 2 GBs would be the limit for most file systems, but there are ways to make an encrypted partition that wouldn't be restricted by file size limits.
- Make sure you remember this password!
- Since I am going to use this encrypted container exclusively on my Linux system, I picked a Linux file system type. There are others that can be used if sharing with Windows computers is needed.
- I picked the "only on Linux" option (regardless of what the screen shot shows).
- The virtual file system then gets created inside the container file.
- Now we are ready to mount the encrypted file system so that we can use it to store files. You are asked for the password selected earlier. You might also be asked for your root password so that the mount can proceed.
- Now the encrypted file system is mounted in "slot 1". If this was running on Windows this slot would be a drive letter like E: or H: or whatever. There are no drive letters in Linux so the program uses this "slot" notation. "slot 1" refers to /media/truecrypt1/, "slot 2" is /media/truecrypt2/, etc.
- Here is a directory listing that shows the truecrypt1 mount point.
- We can now copy some files to our encrypted file system.
- As long as TrueCrypt is running it will have an icon on the task bar. Clicking on this icon brings up the TrueCrypt window where we can create and mount other encrypted file systems.
TrueCrypt has a number of other modes of operation. It can create encrypted file systems in a complete partition or on an entire disk and it can be configured to start when the computer is booted so that all the set up steps run automatically.
Here are a couple of "how-to" sites that talk about TrueCrypt:
Encryption for files that are transferred to others
bcrypt and TrueCrypt are good choices for encrypting files that reside on your computer or are being stored on hardware that you control. Protecting a file that is to be sent to another party requires a different approach.
GNU Privacy Guard (GnuPG) is probably the best known and most widely used software for this situation. GnuPG is a complete and free implementation of the
OpenPGP standard (PGP stands for "pretty good privacy"). GnuPG allows you to encrypt and sign your data and communications, features a versatile key management system as well as access modules for all kind of public key directories.
PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. "Signing" a file or email message allows the recipient to be sure that the sender is who they claim to be. PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an e-mail address. The
Wikipedia article on Pretty Good Privacy has a helpful description, with references, of how public key cryptography works. See also
GNU_Privacy_Guard (Wikipedia article) for a description of the implementation being recommended here.
There are a lot of steps involved in installing and setting up GnuPG and the plugins needed. It is not too complicated, but it does require some time and attention to detail. These links point to pages that have good descriptions of the steps necessary.
https://help.ubuntu.com/community/GnuPrivacyGuardHowto
http://www.ubuntu-unleashed.com/2008/02/beginners-guide-for-gnupg-in-ubuntu.html
http://ubuntuforums.org/showthread.php?t=680292
http://ubuntuforums.org/showthread.php?t=220629 (concerning multiple e-mail addresses)
- I have GnuPG and the Enigmail Thunderbird extension (http://enigmail.mozdev.org/home/index.php) installed on my computer. Enigmail is a security extension to Mozilla Thunderbird and Seamonkey In Thunderbird we can see the additional OpenPGP menu that indicates that I got the installation done right.
- Besides letting me encrypt and sign my email, Enigmail lets me do some key management from withing Thunderbird. Here I am displaying the various keys I have defined.
- Here I am composing a message that I want to encrypt and sign. I clicked on the OpenPGP icon and then I could make my selection.
- Then I clicked on the Send button to send the encrypted and signed message. I have to enter my password so that the program can retrieve the recipients public key and use it to encrypt the message. The recipient, called Adele, is an automated mail box that we can use to test our configuration. Adele will decrypt the message and send us a reply.
- The reply from Adele is encrypted using our public key. Since I am logged on and properly authenticated, the message get decrypted automatically so I can read it.
- Here I am viewing the same message using Outlook Web Access. There is no decryption being done by OWA so I see only the encrypted version of the message.
Vanderbilt links
Information Privacy & Security Website : Information about Vanderbilt policies, HIPAA, and information security
Vanderbilt HIPAA References and Resources
Other links
Public-key cryptography (wikipedia article)
Enigmail OpenPGP
http://www.wisegeek.com/what-is-public-key-encryption.htm
KGPG
See
"What to Protect and Where?" for some additional tips.