What is a secure way to transport hard drives?

Question

I would like to transport several gigabytes (apx. 250 GB) worth of sensitive data from one location in the US to another. It seems at the moment the easiest way to do this is to ship an encrypted hard drive containing the data. What options are there for doing this? Security is the number one prioirty.

There is always RFC2549. :) – Zoredache Nov 15 '09 at 06:26 — Zoredache, Nov 15 '09 at 06:26

score 5 · Answer 1 · answered Nov 14 '09 at 10:39

5

Well, encrypting the data is the most important bit, assuming that you're keeping copies locally until you're sure that the data has arrived (so if the drives go missing, you haven't lost the data, and nobody else can get at it because it's encrypted). It's best to use an asymmetric algorithm, create the key at the destination and only ship the public key to the source, to ensure the security of the key.

Beyond that, just make sure that the drive is securely and properly packaged to prevent damage in transit, and if it's important that the data arrives in good order, perhaps ship two drives (in separate shipments), as a RAIS (Redundant Array of Inexpensive Shipments) -- that way, if one drives gets lost or damaged, you're still OK.

Finally, if you want the maximum security and speed, consider putting the drive in someone's carry-on and flying the person to the destination. Domestic flights (around the US, especially) aren't stupendously expensive.

answered Nov 14 '09 at 10:39

womble

95,029
29
173
228

Flying was the original plan, but would the TSA request access to the data? – MiffTheFox Nov 14 '09 at 22:45
Didn't happen when it was done for a project I was involved with recently. If it's encrypted, and the only copy of the secret key is on a server you don't have access to at the airport, you couldn't give them access to the data anyway. – womble Nov 14 '09 at 23:20
1

@womble - According to your profile you're from Australia? Was this done in the US? Also, I'm assuming they would just confiscate the drive or deny boarding if they couldn't read the data. – MiffTheFox Nov 15 '09 at 22:10
SSH is no respecter of national borders. Yes, the disk transfer was in the US. If they confiscate the drives that's no problem, you just go and copy a couple more. – womble Nov 16 '09 at 09:32

score 3 · Answer 2 · answered Nov 14 '09 at 12:08

Really depends on the data you're talking about; if it's extremely valuable vs. valuable, there are a couple options...how do you tell the difference? Easy. How much are you willing to pay to have it go from point A to point B? That'll tell you.

If you're going to ship something like that, create an encrypted volume file using TrueCrypt. Stick it on a ruggedized external drive like this.

Encrypted with Truecrypt means secure from theft, and cross-platform compatible (TEST THE ENCRYPTED VOLUME ON ANOTHER SYSTEM BEFORE SHIPPING).

Ruggedized drive means it'll take abuse.

The expensive part? Either ship it insured with your choice of carrier overnight, or your company pays for a ticket for you to personally hand off the device at the point of delivery. The most secure would be for you to carry it personally in a carry-on bag (with a laptop since they'll want to see that it works at the airport, if you fly) so you have chain of custody all the way. Otherwise, you need to send the device through UPS/FedEX/USPS while sending the key to the recipient via another channel.

Hope you find this useful!

+1. If the data is valuable enough you may find that the cost of putting someone on a plane with it is not that high. — Maximus Minimus, Nov 14 '09 at 12:56
The plane was my original idea, until I realized that TSA might request a copy of the unencrypted data and/or key. — MiffTheFox, Nov 14 '09 at 22:46
@miffthefox-TrueCrypt actually has, as I recall, mechanisms to hide the encrypted partition if necessary, so there's fluff data to pad for appearances and encrypted data hidden. I doubt they'd care though as long as the drive worked as a drive and was shown not to be a bomb. — Bart Silverstrim, Nov 15 '09 at 00:06

score 1 · Answer 3 · answered Nov 14 '09 at 14:38

If security (and not $) is the number one priority, then you may want to consider an armored truck.

Brinks provides secure data transporation. More info at:

brinkssecuredata.com/

So does Iron Mountain (they are pretty cool):

http://www.ironmountain.com/data-protection/dedicated-transportation.html

Obviously, these methods are going to cost you a lot more than encrypting and shipping but an encrypted drive in a Brinks truck is probably going to give you quite a bit of peace of mind.

score 0 · Answer 4 · answered Nov 14 '09 at 13:30

0

For ensuring data safety, while encryption, as already mentioned, is a fantastic idea, also look at your storage media.

Look at using flash drives - they're cheap enough, and will survive more-or-less any kind of rough shipment handling.

answered Nov 14 '09 at 13:30

warren

17,829
23
82
134

While I would normally agree, at the 250 GB listed, it would likely be cheaper to have somebody personally carry it out. And that method certainly lowers the loss risk. – Scott Pack Nov 14 '09 at 14:10
loss risk is lowered with a trusted employee carrying the drive. 128G flash drives are about $300, at the moment, on newegg, though :) – warren Nov 15 '09 at 02:21

What is a secure way to transport hard drives?

4 Answers4