Slashdot Mirror
Crypto Leash for Laptops?
timman999 writes "New Scientist reports a new device that will automatically encrypt all the data on a laptop when it is separated from its owner. It uses a small receiver and the user has to wear a transmitter on his wrist."
Noble says the system would work well with a prototype computer wristwatch developed by IBM. This watch uses the Linux computer operating system and can communicate with other devices through the Bluetooth radio protocol.
...I want the linux powered wristwatch
"Good things don't end with eum, they end with mania or teria." - H. Simpson
Man, NOBODY will buy a stolen laptop if all the previous owner's data is encrypted!
To just have an encrypted filesystem, and make the user type the password when it boots? Less points of failure, less expensive, and less trouble.
Moderation: Put your hand inside the puppet head!
... step away to go to the bathroom, when you come back, you will have to sit and wait for all your 20 gigs of pr0n to finish encrypting :)
Ñ'
Pull a Bruce Campbell and cut off hand of owner... :)
messy, and would elevate theft to a felony.
First thought I had: just remove the battery when you steal it, so that any gadget inside wouldn't be able to change something on the HDD. But the article says that the files are always encrypted, and only a cached copy (probably in RAM) is used when the user is viewing or modifying a file.
Time to find another loophole...
Envy my 5 digit Slashdot User ID!
Now, I have this really neat gizmo hooked up to my laptop. I walk to to the kitchen for a glass of milk and a nice loose meat sandwich after not being able to connect to my favorite FTP server. While in the kitchen, I accidently walk beyond the leash range. The laptop encrypts my HDD. Now, after making my sandwich I walk back and can't use my laptop until it decrypts my entire HDD.
Wouldn't this just be annoying?
Objects in the blog are closer then they ap
see: http://zdnet.com.com/2100-11-950155.html
Although I'm afaid our government will probably have just as hard of time keeping track of the transmitter that goes around the wrist.
My keys, wallet, watch, PDA, Blackberry, Cel AND my crypto leash. Great.
Anyone who is concerned enough about their laptop security to consider bothering with one of these should already have good crypto security in place. And preferably security where the 'key' can't be stolen off the nightstand. These will attract the gadget happy crowd and CFO's who don't understand info sec and want to see a physical product. Anyone who feels the need to be able to point to their security device shouldn't be making security decisions.
Encryption takes a whole lot of time to do, especially on the monster hard drives available today. What might be a better way would be to have the system already encrypted, and just delete any cached keys, etc. when the laptop goes out of range.
The article states that the encrytion/decryption only adds about a 6 second lag to normal operation. Most of the data on the computer is kept encrypted except for a cached version of the data currently being used (the lag in encrypting/decrypting that).
They used to do this with handcuffs and briefcases. The only problem was that too many curriers ended up sans hands.
There's no way that they are going to encrypt everything in a reasonable amount of time (even just an xor would take forever on a 40GB drive), and if they did, there's no way they could decrypt it fast enough on your return.
The implication is also that data is in an unencrypted state for some period, a risk in itself (just pop the battery when you take the laptop, remove the hard drive and attach to another system to see what's unencrypted). An encrypted filesystem seems more appropriate if you are really concerned about security.
Does anyone know how this product really works?
Can You Say Linux? I Knew That You Could.
"It could be useful for the UK's Ministry of Defence, which has admitted to having lost track of nearly 600 laptops." Excuse me? If you've lost 600 laptops, I don't care how elegant your encryption solution is -- you've got other issues. Technology is not the panacea to cure cruddy management.
When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
You probably haven't read the article thanks to true slashdot tradition. In this case, the data in the hdd is encrypted when the wrist watch device worn by the true owner is not at a certain distance. Sure you can still use some l33t way to decrypt the files or what not, but it makes the task that much harder.
geek page at KY speaks
Who gives a shit about the laptop, for personal use you might but corporate clients (the people who buy probably 95% of laptops) the data is worth way more than the laptop. For us losing a $3k laptop is nothing, when you buy $90k suns and making a new chip mask is $800k a $3k laptop is a drop in the budget bucket. Now the data and loss of proprietary info to competitors could be potential losses of hundreds of millions, that should kind of put things in perspective. If Bill Gates, John Chambers, Larry Elllison or any number of other other CEO's laptops were stolen the potential for blackmail or selling of corporate secrects could be in the billions.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
The data is always encrypted on the hard drive, and is only decrypted at the cache. So steal it, remove battery, submerge in liquid nitrogen is the only way to get even a little bit of data out of it. The really cute exploit is to tunnel their challenge/response over a network of some sort (say, cell phones), and just have someone follow the legitimate user around until all the information is decrypted.
The research paper on this will be presented at ACM MobiCom 2002, the premier conference on wireless networks and such.
If it isn't a part of the hard drive it's self then it is 100% worthless..
Not true. If the decryption key is stored on the device worn by the user it doesn't matter which way you wire the receiver.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
The person wearing the watch doesn't have to be the owner.
It seemed to me to be a lot like those security systems based on a fingerprint -- the finger doesn't have to be attached to the owner to give access to the presenter.
I thought the best security had three criteria -- something the user has, something the user knows, and something the user is (physically). I'm sure someone can elaborate better than I.
To-do List: Receive telemarketing call during a tornado warning. Check.
As always it is difficult to discern the technical details of how a system works from a news article. If you are interested, I urge you to read the technical paper. My papers
FYI, the data sits on the disk encrypted and in the page cache decrypted. Keep in mind this is a technical paper and a research prototype and not a product.
A laptop in each hand, connected by a string running through their sleeves. Twice the computing power, and no more missing laptops!
Just a thought.
And the fact remains that encrypting the disk limits the financial risks to the price of the laptop.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
...they need them yesterday.
Oh, I can't help quoting you because everything that you said rings true
Get a nice, strong RF generator in the room with all those paranoid stock traders and watch all the laptops encrypt.
New way for DOS attack!
Then, when their battery in the "watch" dies? Or better, xmits the decrypt key over WAP or some such and is snooped and possibly CHANGED.
And the non-volatile RAM that stores the decrypt key proves to be a bit more volatile than thought?
etc., etc., etc.
Learning HOW to think is more important than learning WHAT to think.
For all my sensitive information, I just use my wife. She keeps all my appointments, scheduling and list of chores for me to do in her head. She already has built-in encryption because as everyone already knows, there is just no comprehending women.
...even if the headline is wrong. Encrypting a (say) 40GB drive like I have in my Vaio would take an hour or more. The battery can be removed in 10 seconds to stop that.
However the device is essentially a crypto-filesystem that uses a wireless token. Except for the obvious attack of stealing the token as well, this is pretty secure. The problem with a conventional crypto-filesystem is that it usually remains open until reboot or keeps bothering the user with requests to give the key again. In the first case a thief just needs to keep the laptop running in order to copy the data.
Barring implementation problems, I don't see this being hackable in any "easy" way. Of course there might be all kinds of implementation or fine-design mistakes. And of course you can still steal the token as well or "convince" the owner to cooperate. The advantage of this device is just that an easy attack (Stealing a running laptop) does not work anymore. If you use a conventional crypto-fs and make sure your laptop is well-guarded as long as it is on, you are as secure. Probaly more so.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
If there's no activity for a while everything gets decrypted.
Sigh. I meant encrypted, of course.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
Are there any existsng GPL folder/drive encryption programs someone could use now? In Windows? With decent performance?
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
I'm an American. I love this country and the freedoms that we used to have.
the magnet door coil in cryptonomicon is the coolest.
I want those all over the place.
my credit cards would never work in person.
There are some odd things afoot now, in the Villa Straylight.
On the laptop, I have an encrypted home directory. I never suspend my laptop, so I always log in/out when I use it in different locations. If someone stole it, they'd have a nearly impossible time getting to my personal files.
On the fileserver I use it via Samba and NFS mounts. This is why I chose BestCrypt over some other kind of encrypted filesystem/volume, actually. My wife can mount a volume file from her Windows machine via Samba and I can mount them via NFS (or via Samba when I'm booted into Windows game mode).
Best part is that there's no batteries, bracelets, rings, whatever to worry about. Just remember your passphrase and you're good to go. I'd recommend BestCrypt to anyone.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
But maybe the IRS and the State Department could use this.
Oh, hell... they'ld just loose the damn watches, too.
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
Umm... lets see... yank the HD before the user is out of range, all data is now unencrypted. The only solution (worthwhile) is for all the data to already be encrypted by the HD and decryption only to take place on access.
..because I use Windows xp and nobody can boot up and see my data unless they know my password.
err.. or maybe if they just create an NTFDOS diskette.. damn.
Live web cams
Hmm I guess it helps to read the *whole* article particularly when it contradicts itself and later says the data is already encrypted.
Comment removed based on user account deletion
Why bother with the wristwatch? Scramdisk (free) and Drivecrypt (commercial) already do this in software, using strong passwords.
1. Use the software to encrypt your disk contents
2. To decrypt (on the fly), you need the password
3. Set your screensaver to lock, with a (different) password.
Voila. Done. Rebooting to get by the screen lock unmounts the drive, rendering it useless.
This is really, really easy. What's the big deal about all this gadgetry nonsense?
dont even have to sever the hand, any watch can be removed from an arm with almost zero effort by grasping the item and pulling.. the wathc band or pins break and Voila, you now have the laptop AND the device allowing access...
This is my exact point.. and why it is 100% worthless for a truely secure use.
The unit needs to use a password or biometric input to allow access, and require that input every 10 minutes or on power up. (opening, whatever)
Do not look at laser with remaining good eye.
Of course, there's still a good chance that someone has stolen my laptop, and even less of a chance that anyone will look at the files on a lost laptop and get it back to me. My data is protected but still lost to me. As is my laptop. With all that technology, why not just save my critical data to the watch? It's not on the laptop so there's no chance an attack will break the crypto. And I still have my copy, unless the thief gets my fancy computer watch; when I get to another system I will not have lost my work.
Seems to me like NT and XP already have some encryption in the NTFS file system, but most users refuse to use it 'cause you have to think and type in a password when you start to use your computer. Is a techno watch the answer? Should your laptop start encrypting your files every time you go to the bathroom? Will this really accomplish anything when the average user is about as bright as the power led on the laptop when it's running on battery? If you can't store the data on the watch, why not just have the smart watch do the login, and make sure that proper sharing rules are enforced on the files?
I'm an American. I love this country and the freedoms that we used to have.
... what would happen if there was quick back and forth wrist action (with the device being on your wrist), this wouldn't damage any of my sensitive business "mpegs" and "gifs" would it?
So foreign spys can just look at the remenants of what used to be on the hard drive. Unless they wipe the decrypted data 20 or so times . . .
who wants to have towear a bracelet to use their computer?
A joke about geeks and girl friends is trying very hard to force itself through my teeth but I'm fighting it.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
Maybe because most users tend to use passwords that are trivial to break?
And when forced to not use a trivial password they then write the password down on a sticky pad that gets attached to the notebook or put in the notebook carry bag?
Ought to be a damned moderator choice for that.
You, sir, are yet another bozo here who did not read the article. The hard drive is always encrypted. Only the cache is decrypted; power off and there is no decrypted data anywhere.
RTFA
Infuriate left and right
Read the fscking article. The hard drive is always encrypted. The cache is decrypted.
I swear this is one of the worst articles for write-only idiots.
Infuriate left and right
A whole-arm Beowulf cluster of those...
in which it explains that the hard drive is always encrypted, only the cache is decrypted.
/.ers can read the /. summary, know how inaccurate these summaries are by definition / tradition, and STILL not read the article itself?
Does anyone know how so many
Infuriate left and right
No need for hitech when a simple mail order from a chemical lab will do the trick.
Infuriate left and right
The communication between the watch and the laptop is, itself, encrypted. The key pair could be established in the hardware of both chips, and would be destroyed upon attempts to physically access the chip.
So while most files stay encrypted (and note: I did not imply the whole drive was being decrypted, a fact you would have noticed had you read my short post as well as I had read the article), the system decrypts some files automatically. I doubt the system is decrypting to RAM only - six seconds is a long time for a modern system, so I would infer that the system is decrypting all open files to shadow copies on disk. If it were simply decrypting the files as they were read into RAM, then I would expect the process to add fractions of a second.
The point of my post is that systems like this are much like locking the doors on a convertable - while you might feel safer, in true all you are doing is fooling yourself. REAL security is hard, it gets in the way, and it therefor unacceptable to most folks. You want to see real secure work, work with the spooks.
www.eFax.com are spammers
When the laptop comes back into relation with the watch, the encryption chip wakes up the l;aptop, decypts the RAM cache, and life goes on.
See that wasn't that hard to understand was it.
I've been advocating for something like this for quite a while, with only a few differences in implementation primarily in the area of what happens when the key is removed.
fencepost
just a little off
I think your estimate of the % of corporate users is seriously off, but it hardly matters. The bottom line is that (doing my own made up estimate) if a laptop is "liberated", 99%+ of the time it's just going to be reused, even if the information is more valuable than the hardware and even if it is Larry Ellison's. And unless the thief if really clueless, the data will be wiped before the sale so that the new owner doesn't easily track down the old owner. But in those few cases where the device is taken for the information it, the thief will certainly not be stopped by this technique from getting those corportae secrets with a value that could be in the billions. About all this gimmick might do is convince the user that the data was safer than it really is.
I'm an American. I love this country and the freedoms that we used to have.
Gimic, hmm strong crypto that is easy to use and is basically idiot proof. That is a weird definition of gimic. I think easy to use encryption is what we need more of, not less.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
And one nice side effect of this for the discerning footpad: A simple radio receiver listening for the bluetooth watch can be used to alert you when someone is bringing a highly valued prize your way!
I'm an American. I love this country and the freedoms that we used to have.
I've run crypto filesystems and they are dog slow. I can believe that a good sized subset of data needs 6 seconds to work with, even to a ramdisk.
Also, a big bang security approach isn't a good one. This should be one of many layers in a security system.
I don't think that this is at all like locking the doors on a convertable, or that you're using a broad enough definition of HARD when you say that security is hard. Hard in this case means that if you leave your token thingy at home you're screwed, so you'd better remember it. That's the same problem as a deadbolt on a door, which provides much less security than good crypto. Yet, people seem to remember to lock their house every day.
If tits were wings it'd be flying around.
it uses bluetooth, and according to the article, the control connection is encrypted, so it shouldn't be "sniff"able.
- Entertaining Bits from the Ancient Kernel Tree
It's in muscle memory for me now, which is something of a problem when I'm on different machines, as I have a tendency to to lock myself out or (on win98 or dos machines) reboot the computer every time I stand up.
OK, you and I differ in the use of one word in what I wrote. Shall I take you that you agree with everything else I said?
I'm an American. I love this country and the freedoms that we used to have.
Next, the silly corporate users forget their passwords, and at the same time they used a really secure one. Now the drive is fubar and all data is lost.
Next up, the user lost/breaks the key. Or even the key goes fubar itself. All data is lost again. Grrrr..
But then again, whats stopping the attacker/theif from recording the Key exchange somehow and duplicating it later back in the garage.
Being called a dork on Slashdot must be like being called the retard in special ed.
You can be even more subtle than mugging the guy in broad daylight, and ripping his watch off his arm.
Stake it out for a day or two, making sure you're close enough to sniff the "handshake" that the laptop and watch go through... then spoof it.
Authentication that broadcasts everything over the airwaves borders on mental retardation.
Assuming that the other things I'd be looking at were met (light weight, mostly), I'd seriously consider one of these if they were no more than an extra hundred to two hundred dollars. I'm not a fan of the wireless connection - I'd rather see a USBish or iButtonish physical connection - but that's a fairly minor point. If someone starts making these and they have reasonable success, I'd expect to see other manufacturers pick them up as well with some variations on function.
fencepost
just a little off
How close they came to my "dream" system as described here.
fencepost
just a little off
I hope the range is long enough... otherwise the poor machine would be encrypting/decrypting data all the time while people are watching pr0n.
The financial risk of an unencrypted CEO's laptop that gets stolen by your competitors with your corporate 5-year plan, updates from subordinates on new product progress, etc. is in comparison absolutely enormous.
Something like the described system is designed to reduce the second case to being no worse than the inconvenience presented by the first case.
fencepost
just a little off
It wouldn't. All computers have a password-reset procedure that usually involves shortening two pins.
Contrary to the popular belief, there indeed is no God.
I mean, there is no shortage of secure ways to keep the data on the laptop inaccessible to others. Encrypt the disks and shut down the laptop before leaving. Encrypt the RAM image before suspending and saving it to disk, and ask for the key when resuming, if you don't want to shut down. Keep the portion of key on some device that should be physically connected, and shut down or suspend when it's removed.
But the main ideas should be -- if the data is not supposed to be read by someone else, it should be encrypted already, and if user is not at the keyboard, the thing is not supposed to be running in the first place. And no one should rely on anything that happens when user is already away.
Contrary to the popular belief, there indeed is no God.
And this encrypted handshake is what? A hash of the time of day, or some other known value, so that things can be checked? Or maybe something that is also beam across wireless?
There are suprisingly few secure handshake procedures, and it doesn't help them when you broadcast the damn thing in a 40ft radius all around you.
True classified information is transmitted over the internet everyday via NES but you never know where the packets are.
Man, I didn't know that the Nintendo Entertainment System was so powerful!
There are exactly 42,935,718 letter sized sheets in a square mile.
I'd really like a system like this for a desktop PC - a proximity tag which would automatically unlock the screensaver when I get within 6 feet of the machine, and automatically re-lock when I move away.
I don't particularly need the encryption side of things, I just don't want anyone messing with my machine in my office.
Anyone know of such a device for less than a small fortune?
"Nothing strengthens authority so much as silence." - Charles de Gaulle
just as the proliforation of car ignition kill switches making traditional theft difficult caused the number of car hijacking to sky rocket, this could do the same for laptop users with their key attached to or hidden on or in their person.
i'll keep my hand rather than attach a key controlling access to millions dollar secrets to it.
I know of many accounts of pirates/hackers who placed HUGE magnets in their doorways so when the Feds came to take their PC away all the data was lost (or enough data that is)
Now I can download mp3s and pr0n.. hack all day and 0wn the pentagon but when they confiscate my PC then "oops, no more evidence!"
Get your Unix fortune now!
This is the logic of appeasement, which I believe is a bankrupt approach to dealing with hostility. In fact, the attitude that we should just give criminals what they want so they will go away is one of the biggest problems with our society today, IMO. The policy of appeasing hijackers was one of the things that allowed the Sep 11 attack to succeed. The everyday philosophy of appeasing criminals is encouraging more criminals.
Just watch, anyone who puts up a fight against a mugger or other robber is typically denounced by the media for being foolish and taking too much of a risk.
But I say fight to keep what is yours. Never give in unless someone has clearly got the drop on you with a weapon or whatever. Make it harder for criminals to succeed. Heck, if you just fork-over your wallet or purse, the cops probably won't even investigate the crime (depends where it happens), so you are basically letting the bad guy off scott-free.
Instead, scream, kick, punch, yell. If he's going to take something from you (I know, I'm assuming the perp is a male), make him assault you to get it. Then the cops will have to try to find the guy. If I thought this would result in a lot more assaults, I wouldn't be saying it. I think it will discourage the weak-spirited criminals, and allow law-enforcement effort to be focused on the worst offenders.
Also, if you can inflict wounds on the perp, they can help quite a bit in identifying him immediately after the attack. (Sorry officer, I didn't get a good look at him, but hear is his left ear.)
MM
--
By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
If the laptop gets stolen, the thieves can change the public key on the HD, but that simply allows them to use a different token. The token they substitute doesn't have the key to decrypt the encryped disk block keys.
If all of the transissions get recorded, they can't be played back to the laptop, becuase the laptop will never (statistically speaking) send the same nonce twice before the Sun gets old and bakes the Earth to a crisp.
If you record all of the transmissions and steal the token, you can play them back to the token and get the disk keys, but that doesn't help, since all of the data stays on the laptop. If you're really worried about this, use an interactive signature algorythm on the shard secret so that it can't be replayed to the token.
If you steal the laptop, guess the password used to encrypt thesig nature key, then get a transmitter near the token (wristwatch), you can trick the token into accepting a shared key o your choice and then sucessfully querry the token for the encryption keys. You could also steal the laptop and use hardware to boost the transimmsion range so the token and laptopstill think they're close together. Having a panic button on the token (wristwatch) to turn off the crypto functions will eliminate both of these attacks as long as the owner realizes the laptop has been stolen and quickly hits the stop button on the token. The second attack can be prevented by having the latop place strong limits on the querry latencies.
Of course, if both the token and the laptop are stolen and the password to decrypt the signature key is gussed, it's game over. Kindapping and torturng the owner of the laptop (with the laptop and the token) also results in a game-over scenario. (Unless you use the rubber-hose filesystem.) There are ways to minimize even these attacks. For instace , if the owner's pulse gets too low (chloroform or arm cut off) or too high (torture) then the token writes over the area of memory used to store the secret used to calculate the disk block keys. However, the false alarm rate would be too high for systems like this and the HD would neeed to be reformatted too often.
There is no perfect way to get security, other than melting down the laptop as soon as you put sensitive information on it. However, using the public key encryption, interactive signatures, and shared key system, you can get reasonable throughput and very good security.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.