/ Encryption

The Importance of Encryption, Part I: Stored Data on Mobile Devices

What is both valuable and dangerous on my device?

Nowadays, (almost) everyone owns a portable computing device, whether it is a laptop computer, a tablet, or a phone. They use them for convenience, for work, and for entertainment. As paperwork and everything else are going digital, people are starting to store more and more confidential information and documents on their devices. However, most people have not thought about the consequences of doing this without adequate protection. What if their devices, the very devices that they keep their bank statements and confidential corporate documents on, were lost or stolen? Not only are the devices themselves lost, thieves (or other malicious parties) could make profits from selling or otherwise misusing the information stored on the devices. Financial information can be used for fraud, and business secrets can be sold to competitors.

But it is password-protected!?

You are probably thinking: Well, my computer/tablet/phone has a password lock! There's no way a random thief could guess my passwords. Well, you are (partially) right. If you have a good password, it is difficult for a random individual to guess it correctly. However, a regular account password does not protect your data! All your Windows/Mac log in passwords are useless for thieves that are willing to do a simple Google Search (here, and here). After resetting the passwords, a thieve would have unrestricted access to your "protected" information. Even if there is no simple way to reset a specific password, there is nothing stopping an attacker from physically removing the hard drive from your computer and connecting it to another computer to freely access any stored data.

The solution: Data Encryption

Don't panic. All is not lost. There is one simple, cost-effective (free) way of protecting your data from thieves, even those with sophisticated technical knowledge: Data Encryption. According to Wikipedia, "encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor."

But that sounds complicated!

Yes, I understand that is sounds complicated, as if it is something that only the technically-sophisticated can understand. The truth is exactly the opposite. It is actually fairly easy to understand and enable encryption. Encryption uses mathematical algorithms (don't worry, this part is automatic) to scramble your private information, so that only authorized users (you) with the password can access them. Once set up, this process is transparent to the authorized user: there is no change to how a user uses his/her computer, and there is minimal performance impact. (Most Intel processors today have AES-NI built-in, allowing the processors to perform encryption/decryption with little effect on system performance.) However, it becomes impossible for thieves to access your information without your password. With the current level of technology, anyone who is not the government of a powerful country will never be able to crack the encryption within your lifetime. Even for governments, it is going to be very difficult.

Okay, how do I set this up?

That is fairly easy for most users who are using Windows, Mac OS, Android, or iOS (iPhone and iPad). While it is possible to create an encrypted folder to only encrypt sensitive information, it is not recommended, as your operating system's cache and hibernation files could give away the encryption keys. Instead, you should set up full disk encryption, which encrypts your entire hard drive, including the operating system, as well as any file that you store.

How to setup Full Disk Encryption on your laptop:

In most cases, you will need to set a password. If you are asked to set a password, make sure that you can remember it. If you lose the password, there will be no way for you (or anyone else) to recover the protected data. If you cannot be sure, you might want to write it down and put it in your safe. To choose a secure yet easy-to-remember password, it is recommended to use a sentence that cannot be easily guessed as your password. See here for more information.

I recommend three free programs that are suitable for different operating systems.

If you use Windows:

Please check for your Windows version. Right-click "My Computer" or "This PC", and select "Properties". A window will open, and you will see your Windows version and edition.

If you have Windows 7 Ultimate or Enterprise, or Windows 8 (or 8.1) Pro, Pro with Media Center, or Enterprise:

Please follow this guide: https://itservices.stanford.edu/service/encryption/wholedisk/bitlocker#enable

If you are told that a TPM (Trusted Platform Module) cannot be found, you will need to follow the guide below, instead.

If you have other editions of Windows XP, Vista, Windows 7, 8, or 8.1, or if you are told that you don't have a TPM:

Please follow this guide:
https://lit.blogs.bucknell.edu/2012/12/17/full-disk-encryption-with-truecrypt-for-windows/

Note that though Truecrypt, the free open-source encryption program used in this guide, has been discontinued in May 2014, it is still secure to use (despite claims on the TrueCrypt official website). Because the official website, truecrypt.org, no longer provides downloads for the software, you can download the Windows version here, instead: https://www.grc.com/misc/truecrypt/TrueCrypt Setup 7.1a.exe
(This file is hosted by the Gibson Research Corporation.)

If you use Mac OS (If your computer is made by Apple):

Please make sure that you are not using an account password that is easy to guess and/or shorter than 12 characters, and then follow this guide: http://www.tekrevue.com/tip/enable-filevault-encryption-mac/3/

How to setup encryption on your phone/tablet:

If you use Android:

Please follow this guide: http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/

Note that starting from the next version of Android (Android L), to be released in Q4 2014, encryption will be enabled by default.

If you use iOS (iPhone / iPad):

Apple has enabled strong encryption by default starting in iOS 8. Please update to iOS 8 and make sure that you have set a strong password/PIN.

Tony Zhaocheng Tan

Tony Zhaocheng Tan

I am a Computer Science major at Georgia Tech. I am fascinated by cybersecurity, especially applied cryptography, exploit mitigation, and usable security.

Read More