Slashdot Mirror
Crypto Leash for Laptops?
timman999 writes "New Scientist reports a new device that will automatically encrypt all the data on a laptop when it is separated from its owner. It uses a small receiver and the user has to wear a transmitter on his wrist."
Noble says the system would work well with a prototype computer wristwatch developed by IBM. This watch uses the Linux computer operating system and can communicate with other devices through the Bluetooth radio protocol.
...I want the linux powered wristwatch
"Good things don't end with eum, they end with mania or teria." - H. Simpson
Man, NOBODY will buy a stolen laptop if all the previous owner's data is encrypted!
Envy my 5 digit Slashdot User ID!
Who gives a shit about the laptop, for personal use you might but corporate clients (the people who buy probably 95% of laptops) the data is worth way more than the laptop. For us losing a $3k laptop is nothing, when you buy $90k suns and making a new chip mask is $800k a $3k laptop is a drop in the budget bucket. Now the data and loss of proprietary info to competitors could be potential losses of hundreds of millions, that should kind of put things in perspective. If Bill Gates, John Chambers, Larry Elllison or any number of other other CEO's laptops were stolen the potential for blackmail or selling of corporate secrects could be in the billions.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
The data is always encrypted on the hard drive, and is only decrypted at the cache. So steal it, remove battery, submerge in liquid nitrogen is the only way to get even a little bit of data out of it. The really cute exploit is to tunnel their challenge/response over a network of some sort (say, cell phones), and just have someone follow the legitimate user around until all the information is decrypted.
The research paper on this will be presented at ACM MobiCom 2002, the premier conference on wireless networks and such.
As always it is difficult to discern the technical details of how a system works from a news article. If you are interested, I urge you to read the technical paper. My papers
FYI, the data sits on the disk encrypted and in the page cache decrypted. Keep in mind this is a technical paper and a research prototype and not a product.
To just have an encrypted filesystem, and make the user type the password when it boots? Less points of failure, less expensive, and less trouble.
But that doesn't solve the problem that this is aimed to solve, which is either the laptop is stolen while on (and therefore decrypted) or the user walks away from the machine (leaving it decrypted).
As the article said, this could have a real application for people in busy semi-open areas (like a trading floor) who have to sometimes go away from their machines - even traders sometimes have to answer the call of nature or the boss.
This simply automates the encryption process once user and machine are separated by a specific physical distance. I particularly like the fact that it auto-decrypts when the user returns, although the potential exploits involving a detatched body part returning are rather disturbing...
Sailing over the event horizon
It sounds like you were done with it anyways...
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
For all my sensitive information, I just use my wife. She keeps all my appointments, scheduling and list of chores for me to do in her head. She already has built-in encryption because as everyone already knows, there is just no comprehending women.
Why bother with the wristwatch? Scramdisk (free) and Drivecrypt (commercial) already do this in software, using strong passwords.
1. Use the software to encrypt your disk contents
2. To decrypt (on the fly), you need the password
3. Set your screensaver to lock, with a (different) password.
Voila. Done. Rebooting to get by the screen lock unmounts the drive, rendering it useless.
This is really, really easy. What's the big deal about all this gadgetry nonsense?
... what would happen if there was quick back and forth wrist action (with the device being on your wrist), this wouldn't damage any of my sensitive business "mpegs" and "gifs" would it?
But that doesn't solve the problem that this is aimed to solve, which is either the laptop is stolen while on (and therefore decrypted) or the user walks away from the machine (leaving it decrypted).
Users are stupid.
How do you plan against the idiot who says, "I'm not wearing that stupid watch", takes it off and sets it next to the laptop? Or, in traditional user fashion, fastens it securely to the laptop?
At my last place of employment, we instituted strong password requirements. That didn't stop half the users from writing them on post-it notes and sticking them to their laptops. When caught, it was always, "Well you make me change it every 90 days! And you make me put NUMBERS in it! I can't remember that!"
"I can't wear that silly watch" will replace "I can't remember that" if this device is put into real world use.
-Ryan, with the unoriginal sig