logIt Log Around The Clock

Mobile WiFi NAS on Raspberry Pi with TrueCrypt

In ARM Linux, General Linux on 1 June 2014 with no comments 645 views

Mobile NAS sounds like an idea worth waiting for to run on my mini Raspberry Pi Model A. Unfortunately, it only took me a while, before abandoning it. I’ve waited since writing about Raspberry Pi USB problem, that is to finally cut the backfeeding power line from the el cheapo powered USB hub. There comes new problem afterward, my “big storage” ―a Seagate® Backup Plus Slim Portable Drive, shipped with no bulky power supply line― can’t be mounted. Silence soon follows rotating motor sound a while after plugging-in. I’ve tried both ext3 and NTFS (using ntfs-3g) without luck. Later, as benchmark whether it is USB power in question, I try to connect the same set of el cheapo USB hub plus external power to laptop, and it works, leaving me stranded with other issue (is it USB 3.0? 256MB of the Model A? Anything?). I must say that it isn’t completely not-working as the USB hub set can mount with USB to IDE converter and my old internal hard disk (noting that there shouldn’t be similar power issue this way). If only it weren’t for the AC power adapter and large size, this is Mobile NAS; beats me.

Battery power bank, WiFi USB stick, and thumb drive

I then turn away to motor-less small storage, a 32 Gigs USB thumb drive so I can move on to other concern: on-the-fly encryption. Hence, I follow instructions to install True Crypt on Raspberry Pi. After unpacking of wxWidgets-2.8.12.tar.gz and TrueCrypt 7.1a Source.tar.gz in place, putting header files from pkcs-11-cryptoki2.20, and then install libfuse-dev, the following make will require long time:

$ export PKCS11_INC=/usr/local/src/truecrypt/pkcs/
 
$ make NOGUI=1 WX_ROOT=/usr/src/wxWidgets wxbuild
Configuring wxWidgets library...
Building wxWidgets library...
/usr/src/wxWidgets/src/common/string.cpp:84:39: warning: ‘wxEmptyString’ initialized and declared ‘extern’ [enabled by default]

$ make NOGUI=1 WX_ROOT=/usr/src/wxWidgets wxbuild
Compiling Buffer.cpp
Compiling Exception.cpp
Compiling Event.cpp
...
../Crypto/Aeskey.c:527:25: warning: operation on ‘ss[7]’ may be undefined [-Wsequence-point]
../Crypto/Aeskey.c:527:25: warning: operation on ‘ss[7]’ may be undefined [-Wsequence-point]
../Crypto/Aeskey.c:527:25: warning: operation on ‘ss[7]’ may be undefined [-Wsequence-point]
...
Converting Language.xml
Compiling Resources.cpp
Linking truecrypt

I created the TrueCrypt volume separately via its desktop GUI with ext3 file system to then mount it in Pi to a configured Samba share. As pointed out in a post, the following changes are added to smb.conf

...
wins support = yes
...
[pitruecrypt]
   comment= Pi Truecrypt Volume
   path=<the mount path of the USB thumb drive TrueCrypt volume>
   browseable=Yes
   writeable=Yes
   only guest=no
   create mask=0777
   directory mask=0777
   public=no

and then user-password are entered via interactive command.

For mobility, I already had the Pi as WiFi access point using hostapd (check these steps) and power bank, so it’s now matter of performance. In the case of rsync, initial sync of some 1,500 items totaling in 1 Gig size elapses in approximately the same 12 minutes of time compared to one bulk file of the same size. Of course, over the next incremental sync, it only takes less than a minute for the thousand items to just update slight differences.

Security

Back to security, there surely risk by opening Samba share to mounted TrueCrypt volume. But, for me it would be practically manageable (cross my finger). There is more concern to the fate of TrueCrypt after it is being closed in such a weird way, given that last audit finds nothing severe. Anyway, I found brute force tool, but no critical attack exists currently, unless e.g. it stays powered on and mounted, the person gain physical access. Beats me again.