Get our free book (in Spanish or English) on rainwater now - To Catch the Rain.

Data encryption protocol:QAS

From Appropedia
Jump to navigation Jump to search

QASlogo.png This page was developed by the Queen's University Applied Sustainability Research Group. QASlogo.png


QAS Group Encryption Rules[edit]

Although we strive to open source all of our data and work in the group, sometimes data needs to be kept confidential. Due to new Ethics Boards policies anyone doing survey or interview research must now encrypt all of their data – particularly if it is on your laptop.

In the QAS Group we use TrueCrypt.

TrueCrypt[edit]

TrueCrypt is a free open-source disk encryption software for Linux and Windows 7/Vista/XP or Mac OS X

Main Features:[edit]

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
  • Encryption can be hardware-accelerated on modern processors.
  • Provides plausible deniability, in case an adversary forces you to reveal the password:
    • Hidden volume (steganography) and hidden operating system.

More information about the features of TrueCrypt may be found in the documentation.

How to Use It[edit]

If you already have data and need to encrypt it:[edit]

  1. Download and install TrueCrypt here
  2. Go through the really easy tutorial here
  3. Determine the size of your complete data set in MB
  4. Run TrueCrypt (in Linux it will show up in your accessories menu) and create a volume for your data (the first time you do this - do it with dummy data so you do not lose your work!)
  5. Click create a volume and follow the steps for the TrueCrypt Wizard - input file name for your project, double the size that you estimated, - in person discuss the "password algorithm" with Dr. Pearce -- the key step here is to remember your password
  6. When your volume is created click select file and mount it (you will need your password and your admin password to your computer mount the disk)
  7. Your open encrypted folder will open up -- drag and drop your data folders into the encrypted volume - your encrypted volume acts just like a stand alone folder/disk - you can move stuff in and out of it.
  8. Delete your data from your non encrypted folder (make sure you know your password). If you forget your password there is essentially no way to get your data back.[1]
  9. When you are not using it dismount the volume
  10. Make an copy of the encrypted volume for Dr. Pearce - in person discuss the "password algorithm"

If you are going to create confidential data in the future:[edit]

  1. Download and install TrueCrypt here
  2. Go through the really easy tutorial here
  3. Estimate the size of your complete data set in MB ( you can make some test files to get a feel for the size.
  4. Run TrueCrypt (in Linux it will show up in your accessories menu) and create a volume for your data (the first time you do this - do it with dummy data so you do not lose your work!)
  5. Click create a volume and follow the steps for the TrueCrypt Wizard - input file name for your project, double the size that you estimated, - in person discuss the "password algorithm" with Dr. Pearce -- the key step here is to remember your password
  6. When your volume is created click select file and mount it (you will need your password and your admin password to your computer mount the disk)
  7. Your open encrypted folder will open up -- This is where you can now store ALL of your data.
  8. When you are not using it dismount the volume
  9. When you have you data - make an copy of the encrypted volume for Dr. Pearce

Queen's Research Ethics Board Policies on the Protection of Research Participant Information[edit]

The Research Ethics Board Chairs and the University Privacy Officer have been reviewing our policies regarding the protection of research participant personal information following the theft of a Graduate Student's laptop containing such information from the student's apartment. The Ontario Privacy Commissioner also becomes involved in such cases.

To ensure that personal information on our research participants is protected the Research Ethics Boards will be insisting that all information being stored on computers be encrypted and applicants to the Boards will be asked about their encryption systems. For current projects we ask that you take steps to upgrade your data protection systems to include encryption ASAP if they do not already do so. This is especially critical for data being stored on laptops. Questions are being added to the REB submission forms to directly address this for future applications to the Boards.

References[edit]

  1. TrueCrypt does not allow recovery of any encrypted data without knowing the correct password or key. They cannot recover your data because we do not know and cannot determine the password you chose or the key you generated using TrueCrypt. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). If you find this hard to believe, consider the fact that even the FBI was not able to decrypt a TrueCrypt volume after a year of trying. [1]