My Life On A Stick - InformationWeek
IoT
IoT
Software // Information Management
Commentary
2/1/2008
12:00 AM
Commentary
Commentary
Commentary
50%
50%
RELATED EVENTS
Threat Intelligence Overload?
Aug 23, 2017
A wide range of threat intelligence feeds and services have cropped up keep IT organizations up to ...Read More>>

My Life On A Stick

Ok, so I have come to the realization that my memory isn’t quite what it used to be. My wife came to this realization a decade ago, but that is a topic for another day and another blog for that matter. I used to have an uncanny knack for storage and retrieval of both professional and personal data using just my brain.

Ok, so I have come to the realization that my memory isn’t quite what it used to be. My wife came to this realization a decade ago, but that is a topic for another day and another blog for that matter. I used to have an uncanny knack for storage and retrieval of both professional and personal data using just my brain.

I am basing this perceived waning of my data storage and retrieval capabilities on the fact that I find myself clicking “Forgot Password” or “Forgot Username” more often. I don’t think that I have a data capacity issue, but you never know. To combat this, I’ve enacted a “No Data Left Behind” policy. This means that, provided there is a Linux or Windows PC available, I will always have access to all the data (URLs, login credentials, account numbers, etc.) that I can no longer seem to store and retrieve efficiently using just my brain. The additional value proposition of storing images of important documents and receipts will come in handy as well. Oh yeah, the biggest win for me is that all the data is portable and searchable. It really is amazing that I will get all of this on a simple USB flash drive– essentially “my life on a stick”.

Now I could keep things simple and use TrueCrypt and flat files, but I decided to use the freely available Apache Derby and the security that it provides as my digital wallet instead. By the way, a new release of TrueCrypt is due out next week and will include Windows system partition encryption with pre-boot authentication, a Mac OS X version, a Linux GUI, etc. In addition to maintaining a data store that is forensically limiting, I also have some concern with the mean time to failure of my USB flash drive. This is something that I have not quantified/qualified but have read that read-write cycles run as high as 100,000 for better quality drives, and as low as 25,000 read-write cycles for the cheap ones. I have also ignored thinking about drive transfer speeds, and focused more on the total storage size of the flash drives that I have purchased. It may be prudent to carry redundant flash drives.

My digital wallet data security is job one. In addition to the typical user authentication database access restrictions, Apache Derby provides complete encryption of on-disk data. Everything is encrypted: tables, indexes, transaction log, table data, temporary files, system metadata, and so forth. Out of the box encryption strength is 56-bit DES but this is easily switched to another encryption algorithm. I do plan on periodically verifying/validating physical data file security with FTK Imager Lite and WinHex, or some other combination of cyber forensics tools. Come to think about it, the default 56-bit DES is probably enough considering that I regularly entrust waitrons with my credit card information, and retail staff with my driver’s license information for check verification purposes.

Apache Derby is a fully functional RDBMS written entirely in Java. It runs in any JVM (version 1.4 higher). For now, I plan on using the Apache Derby ij JDBC application with Linux and Windows scripting to manage my digital wallet data. I may also incorporate the use of the SQuirrel SQL universal client. I haven’t had issues with either on my openSUSE or Windows PCs. In my next post, we’ll explore this project further.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll