Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts

    USB Drive - Control Access

    Hi,

    Id like to setup my computer so access is only allowed to certain drives / folders when a USB stick is plugged in containing a special file.

    Im guessing there would need to be two files. One on the computer and one on the stick. When there is a communication access is allowed as normal, when there isnt communication then it denies access.

    I dont have a good knowledge of C programming at the moment, but can you please tell me if this is possible first before I begin trying to work it out.

  • #2
    Regular Coder BWiz's Avatar
    Join Date
    Mar 2006
    Location
    Sol System
    Posts
    471
    Thanks
    7
    Thanked 21 Times in 21 Posts
    Technically anything is possible when it comes to programming, however something like this will definitely not be easy. No operating system I've ever used has supported this feature either, to the best of my knowledge. Maybe it's possible with some distribution of Linux - not sure though.

    If you were to attempt to program this yourself, you're going to need to have years of experience with your respective programming language (and probably Assembly as well). Not only that, you'll also need to be well versed in Cryptology, which also entails being an expert in Linear Algebra, Discrete Mathematics, Calculus and basically any other branch of math out there.

    You would also have to consider how an outside attacker would attempt to infiltrate the system, so you also need to know everything about the operating system you would program this for.

    I've skipped over plenty of other things as well, but at the base level, it should be possible but it'll be extremely difficult to implement, even when you are working with a team.
    Last edited by BWiz; 08-17-2009 at 06:50 PM.
    BWiz :: Happy Coding!
    2006
    2007 2008 2009
    2010 2011
    Irrational numbers make no sense.

  • #3
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Hi,

    Thank you for the reply. Fortunately this system is more convenience rather than a bullet proof system against hackers. I leave my comptuer on all day and some times I let other people use it, but I would want certain folders to be private when the usb isnt plugged in. This means I could get away with a simply "query" approach rather than relying on complicated algorithms.

    In the mean time, im going to draw up a simple flow chart which should help. Until then if anyone has any experience or insight i would really appreciate it.

    I dont have much experience with coding, so initially id like to find out what is possible, what language it would need to use and the scale of the project. Ill do as much of the work myself that I can and then enlist some help on rentacoder.

  • #4
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    While I understand that you probably want to build this since it would be cool. And you could reduce your required knowledge by leveraging existing cryptography libraries, there is no reason to reinvent the wheel, especially in this area. (So you can avoid all that complicated math stuff that BWiz was talking about)

    However still as BWiz indicated, this is a very ambitious project to undertake. You might want to see if truecrypt has support for what you want to do. If it doesn't you could modify it to do what you want since it is open source.

    In the short term you might want to consider leveraging the filesystem permissions provided in your operating system. All major OSes support it and then other users that aren't using your account, cannot access any files or folders you choose.
    OracleGuy

  • #5
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Hi,

    Thank you for the reply. Ive looked into truecrypt and it does seem very interesting. However, as far as I understand, that encrypts every file on the harddrive to stop access to the files. This seems to raise two problems as far as I can see:

    • Encryping the files surely causes performance decreases as it has to decrypt a file everytime it is accessed?
    • This seems like quite a complicated way of doing it, id like to keep this as simple as possible.


    Here is what I was hoping I could do, please stop me if this isnt possible or is a bad way of doing it. When you right click on a folder and go to the security tab there is a list of permissions with allow and deny. Would it not be possible to query the USB drive, and then write the permissions for the folder accordingly.

    • If USB is connected then give folder "Allow" permissions
    • If USB isnt connected then give folder "Deny" permissions


    Again I understand this is an ambitious project. Ive wanted something like this for a while and thus far it hasnt been programmed. Im going to try and get as much insight into the program as possible solutions as I can, then enlist help at rentacoder, then ill release the code to the public.

  • #6
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Ive found this simple BAT file tutorial online which apparently can lock a folder. I havent tried it yet, but I thought Id post it here just in case it is of use.

    1- make a new folder ( name it as you like )

    2- inside this folder make a ( TXT ) file & copy inside it this:


    cls
    @ECHO OFF
    title Folder Private
    if EXIST “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}” goto UNLOCK
    if NOT EXIST Private goto MDLOCKER
    :CONFIRM
    echo Are you sure you want to lock the folder(Y/N)
    set/p “cho=>”
    if %cho%==Y goto LOCK
    if %cho%==y goto LOCK
    if %cho%==n goto END
    if %cho%==N goto END
    echo Invalid choice.
    goto CONFIRM
    :LOCK
    ren Private “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}”
    attrib +h +s “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}”
    echo Folder locked
    goto End
    :UNLOCK
    echo Enter password to unlock folder
    set/p “pass=>”
    if NOT %pass%== password here goto FAIL
    attrib -h -s “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}”
    ren “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}” Private
    echo Folder Unlocked successfully
    goto End
    :FAIL
    echo Invalid password
    goto end
    :MDLOCKER
    md Private
    echo Private created successfully
    goto End
    :End


    3- After u copy the Commanding go to line ( 23 ) u will find this word : password here (Change it with ) any password u like.

    4- After that make ‘save as’ & name as (locker.bat )

    5- Now back to the folder & u will find a ( LOCKER ) commanding.

    6- Click on it & u will find a new folder (Private )

    7- Ok ,, now copy what u want in it & after that go to ( locker ) by click on it , it will open and ask you want lock your folder? Y/N ?

    8- Type Y

    9- If you want to UNLOCK your folder ,go to (locker) & type your pass and you will see your private folder.
    Also something else I have found is this, which is apparently the code to change access permissions to files, might this also be of use?:

    To restrict access:

    @echo off
    cls
    Icacls PATH OF FILE GOES HERE WITHOUT PARENTHESES /deny USERNAME OF PERSON YOU WANT TO DENY:(F)

    To grant access:

    @echo off
    cls
    Icacls PATH OF FILE GOES HERE WITHOUT PARENTHESES /grant USERNAME OF PERSON YOU WANT TO DENY:(F)
    Last edited by spadez; 08-17-2009 at 09:01 PM.

  • #7
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    truecrypt won't encrypt your entire drive unless you tell it to...


    you can use it to create a file which is essentially a partition that nothing can identify or read except truecrypt. it will be password protected. if you're really paranoid you can nest hidden partitions.

    and shoot, if you want you can copy the entire chunk onto your usb drive and walk away with it.

  • #8
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Hi!

    The issue I have with this method is the data I wish to lock and unlock is around 250GB, including movies, music and programs. When I think of encryption at this scale, I think the performace would be cripled.

    On the other hand the built in windows permission system might be a more lightweight option?

    Is this fair to say or am I barking up the wrong tree?

  • #9
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    windows permissions can be circumvented if you're not in windows...... guess it depends how sensitive your material is. i agree that just tweaking permissions would be very lightweight.

    i can't speak to the performance of an encrypted drive of that size. i imagine the worst bit would be the initial creation of the encrypted partition. past that it does everything on the fly as you access it. so it's not like you're going to read 250GB of data all at once anyway.

    /shrug

  • #10
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by spadez View Post
    On the other hand the built in windows permission system might be a more lightweight option?

    Is this fair to say or am I barking up the wrong tree?
    Yeah, if you are just trying to keep casual people from looking through your stuff, the built-in permissions are fine. Just make it so you are the only one using your user account. And the guest users shouldn't have admin rights either.

    Beyond that, if the slight performance overhead for encryption is too much, then the data probably isn't that sensitive.
    OracleGuy

  • #11
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thank you for the reply. This isnt military grade information, but its to stop people playing my games on the computer and looking through my work documents without having more than one account. Im concerned that when it actually is time to play my games, listen to my music, watch my movies etc, im going to have to decrypt it in real time and it will slow the whole system down.

    The built in permission system will be fine I think. I know it can be bypassed in two ways:

    • User takes out the "storage" harddrive of my computer, plugs it into their computer and accesses the files, but my computer is key locked.
    • The user boots up to linux off a CD and then accesses the files. However there is a bios password and ive disabled CD / USB booting.


    The kicker is that I only what to have one user account that is left on all the time. Is it possible to change folder permissions within windows on the fly with a program without requiring a restart?

  • #12
    Regular Coder adarshakb's Avatar
    Join Date
    Jun 2009
    Location
    Silicon valley of india
    Posts
    247
    Thanks
    11
    Thanked 1 Time in 1 Post
    Is it possible to change folder permissions within windows on the fly with a program without requiring a restart?
    i think not.... tried it once and didnt get it.. may be u wil have more luck
    Last edited by adarshakb; 08-18-2009 at 03:39 PM.
    Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.

    Albert Einstein
    -----------------------------------------------------
    My Blog songs

  • #13
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by spadez View Post
    The kicker is that I only what to have one user account that is left on all the time. Is it possible to change folder permissions within windows on the fly with a program without requiring a restart?
    File permissions take affect as soon as you apply the changes, there no is need to restart.
    OracleGuy

  • #14
    Regular Coder
    Join Date
    Oct 2006
    Posts
    197
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Excellent. What is the most effective way of changing the permissions? Ive seen ways through the command prompt or by writting directly to the registry.

    EDIT: So with a single admin account would it work to use built in windows permissions to either allow access or stop access by using a program to automate the process
    Last edited by spadez; 08-18-2009 at 04:47 PM.

  • #15
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Why don't you want to have more than one user account?

    That would be the best solution, that way you only need to set the permissions once. And the other people on the other account can't just change the permissions back so they can look at the files.

    Plus it would isolate your application data like your browsing history from the other users.
    OracleGuy


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •