Leafy (LFE) is here.

Leafy (LFE - Local File Encryption) is a script that allows you to lock and unlock your profile. This means your personal data is completely private and cannot be accessed without a password.

Leafy is part of the Mobility Email client package. It is released under the GNU GPL license, so you can also adapt it for other applications.

The science bit:

Mobile applications are a great idea, but they are often limited by a serious security flaw: if you lose a USB stick with an application on it, all your personal data like profiles, emails and passwords fall into someone else's hands.

Enter profile encryption, or Leafy.

LFE (Leafy) is a system for securely encrypting (locking) and decrypting (unlocking) massive amounts of data without requiring user intervention. In other words, it's a way to lock and unlock things like profiles without the end user being frightened by complex processes.

Leafy accomplishes this through some helper applications, namely GPG (for encryption), EraserD (for removing old non-encrypted files) and Info-Zips Zip/Unzip to help with the archiving process. Leafy itself is just a Windows script file.

The methodology behind Leafy is pretty simple.

To lock
- Leafy calls ZIP and makes a neat single file out of all the files and folders in your profile.
- Leafy calls GPG to symmetrically encrypt the zip archive.
- Leafy calls EraserD to wipe the original files and folders, as well as the newly created zip archive.
Bingo. You are left with a single symmetrically encrypted file.

To unlock
- Leafy calls GPG to decrypt the encrypted file.
- Leafy deletes the (now defunct) encrypted file.
- Leafy calls UNZIP to unzip the decrypted archive.
- Leafy calls EraserD to wipe the decrypted archive.
Bingo. Your profile is back.

The Leafy locking process takes time. Basically, a folder and sub folders are compressed into a single archive (zip format), and then they are encrypted symmetrically using AES256. Meanwhile, the original files are quite elaborately erased.

A five megabyte profile will take a few seconds to lock or unlock. That is fine for most users. However, if you have a very large profile it will take a very long time to lock and unlock information.

An example is that to lock a 1.92 gigabyte mail profile with 536 files and 215 sub folders, it takes a total of 81 minutes using a Pentium M 1.6gz, with 512mb RAM and a 5,400rpm hard disk drive. This time consumption can be broken down as follows:
5 minutes were taken to zip the profile.
4 min to encrypt the zipped profile.
72 minutes to erase the original files.

Unlocking is also quite a lengthy process. On the same machine as above it takes 51 minutes to unlock the 1.92 gigabyte profile folder. This time consumption can be broken down as follows:
7 minutes to decrypt the profile.
10 minutes to unzip the profile.
34 minutes to erase the original zipped profile.

This is obviously a substantial process, and one that would not be undertaken lightly if you have a massive profile.

Leafy is a specific tool for a specific purpose. It is designed to lock data when you may be going into a hostile environment where admin access on machines is uncertain. This would apply - for instance - if you were to take the Mobility Email client into China and use it on public computers in cyber cafes. Because all the profile data is locked by Leafy, you can throw away your USB stick if needed, and no one will be able to decode it or prove you are the user. The AES256 symmetric lock is exceptionally strong.

If, however, you are taking your USB stick from home to work each day, and you have admin access on computers, you are better off using TrueCrypt (http://www.truecrypt.org). This system will be easier, and will cause far less wear and tear on your USB drive.

Leafy is harsh on drives. To securely erase data it overwrites the same sectors many many times. This will substantially reduce the projected life span of something like a USB drive. Expect around 20% of normal life span from the memory unit. You're looking at a trade-off. More security at the cost of memory life.

Now, some Q&A:

Q: Why use symmetric encryption rather than OpenPGP?

A: Because we encrypt the OpenPGP key chain in the profile, and symmetric encryption (password) is a lot stronger than asymmetric. You can always use your standard OpenPGP password for the symmetric encryption. Leafy is intended to lock the system as tightly as possible using the best practice, so that the USB key is able to withstand interception and attempted breaking. AES256 is about the best encryption we can implement for that.

Q: Why use a separate program to do the zipping instead of just GPG?

A: A profile consists of hundreds of files and folders. We need a way to place these into an encrypted archive, destroy the original data, and then (later) decrypt the archive and restore the directory structures. We can't GPG a whole bunch of files and folders into a single archive, so we call the zip application to create an unencrypted archive, use GPG to apply AES256, and wipe all the original files with EraserD to clean the mess up.

There are more things to do:

1 - Implement a free-space wipe for USB sticks to ensure security *

* This is a very important point. We need to wipe the free space on a USB stick to ensure that the original unencrypted data has been destroyed. Click here for more information.

To quote "USB drives use wear-leveling algorithms - sort of a low level file format that resides in the key and is lower level than the operating system's file system. Whenever a file is written to the USB key, it distributes the file in a pseudo-random fashion across the key's memory cells so that no one cell gets written too many times. This extends the operative life of the key because any one memory cell has a limited number of writes before it dies. Therefore, since Eraser essentially writes files full of random data a certain number of times, there is no way of knowing if the particular data you wanted "erased" has in fact been overwritten even once."

This makes sense.

"Take for example, a popular version of wear-leveling in USB keys found in TrueFFS. Their site states: When a file needs to be updated, TrueFFS (through NFTL) does not overwrite the old data. Instead it writes it to unused blocks and directs subsequent read accesses to these blocks. The old data will be marked as "old", and will not be erased until the block
has to be reused"

Again, this also makes sense.

"Even doing a complete wipe of a key doesn't guarantee that you'll overwrite every cell in the USB key! Therefore, if security is really at issue and you want to secure your USB key, I advise that you use an encryption program, such as Truecrypt. In that case, all the memory is at least encrypted."

Hm. This does NOT make that much sense. If all the data on a disk is requested for access, then the flash disk will give that data. So a "wipe" command using a program like EraserD will logically access and wipe all the free data on the USB disk. Therefore, if Leafy erases or deletes a file, and then wipes the entire free space, the original data must be destroyed.

Ideas, comments and suggestions to shane@shaneland.co.uk please.