Storing files at home securely with remote Truecrypt Mounts
There’s a dilemma I’ve had for quite a while:
- I want to store bank statements, documents, etc. securely at home
- I want them easily and immediately accessible to the family via a Windows share, without having to use passwords, etc
- But I want them to be irrecoverable by a thief if the hard drive is stolen
You can see the dilemma. How can I ensure that an encrypted drive/partition/whatever, is automatically mounted or accessible without any need for a password by family members – BUT is not by a thief, with exactly the same lack of interaction, by a thief? Whatever you have at home, the thief will also be able to take.
There are two solutions that I could see to this:
- We use the family member – the thief doesn’t have them (hopefully). Hence we need something they are, have, or know (the three factors). A sensible and seamless way would be their own laptop login – if you have a password on your laptop (we do – mine is on a work domain, my wife’s is system Truecrypted). When the member logs in, their laptop then trusts them. The laptop then needs to convey that trust to the encrypted data store – such as Windows domain, where the domain can check that the user has logged in successfully, and has a ‘ticket’ to access resources. Hence, if we encrypt the files using Windows encryption, and then allow access to those files to a logged-in user with rights to access them, we should be good to go!
Well, yes…. But this is full of ‘but’s. For a start, my laptop is on a work domain – I can’t add it to a home domain that easily (whilst still being logged into work via VPN). I don’t have a domain server at home, nor do I want one. And how about our iPhones / iPads – this means we can’t use them with the encrypted file share.
There’s also another question: “Why not just mount the truecrypt volume file over the network from the laptop?”. Well, yes. And No. Because it’s not possible to mount truecrypt volumes remotely over a Windows share (believe me, I’ve tried).
- We use some kind of temporary key – something that exists for everyday use at home, but is lost, or can be removed easily, if the drive is taken. For example, ideally a key on a network share somewhere else in the house where the thief can’t find it, or something that is lost if the server is unplugged and removed (I was thinking of a volatile-memory USB stick for this, but they don’t seem to exist).
Or – if we can’t make the key disappear automatically, perhaps we can at least easily remove it, if we have to, by knowing the drive is compromised
So – I’ve used the second approach. Although a determined, careful thief could thwart it, I’m working on the principle that 99% of them will just sell the drive as-is, and only 1% may even take a look and try to copy, let alone circumvent security.
What my approach does is this:
- Store the sensitive data in encrypted TrueCrypt containers on the server
- Encrypt the containers using a keyfile, which is temporarily copied to the server’s internal drive for the purposes of opening the containers, and then is removed as soon as they are open
- Copy that keyfile, at auto-login time, from a drive which is synced with an online file sharing system (Dropbox, Sugarsync, etc)
IF I find the drive has been stolen – I delete the keyfile (which is completely innocuous) on my own shared drive. Then:
- If the thief steals and turns on the server, the encrypted volumes (on an external drive) aren’t available anyway
- If the thief steals the external drive, they are useless without the keyfiles
- If the thief steals both server and drive, and connects them, AND also connects the server to the internet at any time before connecting the external drive and rebooting, the shared drive will sync, and the master keyfile will be removed, unavailable to open the volumes
- If the thief steals both drives, connects them together, does not connect to the internet at all, and boots the server with the drive attached – then the encrypted volumes will mount successfully and he’ll have access to my files
It’s a big IF, no?
AND… for as long as the thief doesn’t show, the server will boot, mount the files, and everyone at home will be able to immediately mount them at //server/share_dir.