Protecting Your DropBox Data on the Go

Guest post written by Dave W, Network Security Analyst.

 

In my previous post, I talked about how to set up TrueCrypt to protect data in DropBox. This post takes that same process and extends it to your Android devices. I am still looking for a similar system for IOS so if you know of a TrueCrypt compatible IOS app, please leave a comment below.

The mobile version of this setup requires all the software in the previous post to setup and configure:

What we are going to do is create a new container with very special parameters that allow it to beopened in an Android app called EDS Lite which plays the part of TrueCrypt on your device since there is no Android port at this time.

You will need the following installed on your Android device:

  1. DropBox
  2. EDS Lite
  3. Vi Improved (more about why this is later)

You don’t need anything special done to DropBox, just a stock installation.  You don’t need any special setup for EDS Lite either. It is simply going to allow you to open and transfer  files to the encrypted container; install it from the Android Market/Google Play.

So why Vi Improved (VIM) ? I like to put a .tc or .eds extension on my containers, though it could be any extension, really. You just want to put something on there so you know what it is later. The problem is that the stock system doesn’t know what to do with files with extensions that it doesn’t understand. So I could put an extension on it that it already understands but some apps might make changes to the file. With VIM installed DropBox seems to try and open things it doesn’t understand in VIM and when it does it doesn’t make any changes to the file so long as you don’t save it. Any app that will allow you to download an arbitrary file out of DropBox without changing it would be fine. This was just what I found worked.

With these 3 things installed we can start the process. The key to making this work is creating a TrueCrypt container in a format that EDS Lite understands.

What EDS lite expects is a container with the following:

  • Encryption algorithm: AES 256
  • Hash algorithm: SHA-512
  • File system: FAT

To create a container for use with EDS Lite AND TrueCrypt we have to use TrueCrypt to create it. The following instructions will walk you through the process.

  1. Open TrueCrypt
  2. Click “Create Volume”
  3. Choose “Create an Encrypted Container” and click Next
  4. Choose “Standard TrueCrypt Volume” and click Next
  5. Provide a volume name and location that is within the DropBox Directory and click Next
  6. Choose “AES” as the Encryption Algorithm
  7. Choose “SHA-512” as the Hash Algorithm and click Next
  8. Provide a container size that is large enough to hold enough files but small enough for updating on your mobile device; click Next
  9. Choose a nice strong password and click Next
  10. 10. Select “FAT” as the filesystem and follow the instructions labeled “Important” at the bottom.  Then click “Format," and "Exit."

Your encrypted container is now created. You should see that DropBox is synchronizing this file up to the server. This can take a while depending on how big a container you created and how good your internet connection is. If you made a big container I suggest you go read something or have a nice meal.

Once the container is synced to the server you are ready to start waiting again. We need to get this file downloaded to your Android device. This can take quite a while again. This is why I keep a smaller container for mobile than I do for desktop. The upside is once you download this completely you are really just updating the changes on the device itself, not the whole container. See the end of this post for the downside.

To download the container go to your Android device, open DropBox, find the container file and select it. Again you are going to need to go read a book or play a board game or something.

Once the container is downloaded it will try and open the file in VIM (or whatever you have found to catch the file). In VIM at the top there is a little button that says “:q!” That will close the file without changing it. Just click that and you should be out of VIM.

Now we need to open that container in EDS Lite. Open EDS Lite and follow along with these instructions.

 

  1. Choose the menu button
  2. Select “Add Container”
  3. You should start at the path “/mnt/sdcard” by default (top left corner)
  4. Scroll down and select the folder “Android”
  5. Select the folder “Data”
  6. Select the folder “com.dropbox.android”
  7. Select the folder “files”
  8. Select the folder “scratch”
  9. Select the container file that you created
  10. Press the “Select” button at the bottom
  11. You should now be back in the main EDS screen with the container listed
  12. Select the container and enter your password

The container is now open and ready to add files.

The way EDS Lite works you need to add, move and delete files and folders in the app itself. There is no mounted file system like with TrueCrypt on the desktop. I will walk you through the various file operations here. The key though is the interaction with DropBox and this has entirely to do with what you do when you are done modifying the contents of the container so make sure you at least read the last part of the post to get that part.

To move files between the container and the devices file systems, use standard cut, copy and paste functionality. If you select the menu button you will see a “Browse Device” button. This button will take you to a view to, surprise surprise, browse the device. If you then open the menu you will see a button to “Browse Container” which is similarly self-evident.

To copy a file from your device to the container you select “Browse Device” and browse to particular file or folder. Then:

  1. Hold down the file name for a second until a menu pops up to give you various options like cut, copy, delete, rename etc.
  2. Select “Copy”
  3. Open the menu and select “Browse Container”
  4. Navigate to where you want the file or folder placed
  5. Open the Menu, select “More” and then select “Paste." The file will now be copied to the container

The process to copy a file in the other direction is the same and you can play around with the other options in the menu. Everything is very straightforward.

The key thing to note though is that just adding files to the container will not update DropBox. DropBox is looking for the file to be closed before the update happens. To ensure that these files are synced up you need to do three things.

  1. Open the menu, select “More” and then select “Exit”
  2. Then hold down the name of the container in the list and select “Close container”
  3. Open the menu and select “Stop service and exit.”

The container is now closed and DropBox should start syncing the file up to the server.

Now for the downside to this method. If you are using this process to get files or folders from your desktop or another device, you actually have to go through the download process each time you need to update each device. On the desktop DropBox keeps a copy of all the files locally. On a mobile device with limited data plans and storage space it only downloads the files you specifically open; to update the container on your device you have to download he whole file again. So keep the containers as small as is practical.

That is all there is to it. Go out and protect that mobile Android data and please leave a comment if you come up with any tweaks or new uses for this technology.

Blog tags