Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Software Secures Data when Owners Walk Away

Posted by chrisd on from the don't-lost-your-watch dept.

Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it. To limit this risk many users configure their systems to fall into a "sleep" mode after a period of inactivity and ask for a password before the system can be awakened. This constant re-authentication proves to be a headache for many users. Now a Professor and his graduate student at at the University of Michigan have come up with a system called Zero-Interaction Authentication (ZIA), described in this article in The Age, to protect data on mobile devices. The system works by starting to encrypt data the moment the owner walks away from the system. The owners wear a token with a encrypted wireless link with the laptop. If the token moves out of range the ZIA re-encrypts all data within 5 seconds. If the cryptographic token moves within range the system decrypts the information for the owner. The token, which could take many forms, is currently a wristwatch with a processor running Linux designed by IBM."

12 of 302 comments (clear)

  1. Non-PDF version by David_Bloom · · Score: 2, Informative

    For those of us who don't want the Acrobat plugin crashing our browser: Google's handy PDF->HTML cache.

    --

    Karma: Excellent (fuck, even in the future moderation doesn't work!)
  2. Re:wouldn't it make more sense by DoctorPhish · · Score: 3, Informative

    I think the problem with rfids in a security environment is that anyone with a reader could query the device as you walked by, and would have your encryption keys (or token id, or whatever), and could probably reproduce them without too much grief...rf tags can't perform authentication, as far as I'm aware..

  3. repeat article by Jucius+Maximus · · Score: 5, Informative
    The repeat mania continues ... amazing.

    The original is here. At least they waited some weeks before reposting it.

  4. Jeez, just use on-the-fly encryption already by HEbGb · · Score: 3, Informative

    A token can be easily misplaced, duplicated, or bypassed. A password is NOT a big deal to enter when you sit at your desk. If they're too lazy/clueless to enter a password, they shouldn't be responsible for any secret information.

    Use a program like Scramdisk or the commercial version Drivecrypt. Keep all of your critical files on the encrypted partition. When you leave your desk, activate the screenserver with a keystroke.

    Unless someone knows your password, you're safe. If they reboot, the encrypted disk is inaccessible.

    What's the big deal?

  5. Re:wouldn't it make more sense by LostCluster · · Score: 4, Informative

    RFIDs are "dumb" devices. They're like your EZ-Pass in your car, when a radio beam passes through them, they alter the beam to add their "signature" which is uniquely identifyable. This is useful for identity, but nonsense for encryption. The problem is that if you are within range to "hear" the signal, you get the ID and enough to make a duplicate token. Tardly the model for security. There's no place for encryption here... whatever value is broadcast is the key value. By requring the token to have a microprocessor, the key never gets broadcast. It's an encrypted conversation between the station and the token, which if properly implemented makes it impossible to have a duplicate token take its place.

  6. Why to use an active device by SirCrashALot · · Score: 2, Informative
    The best way for a device like such to work is public/private authentication. You give the computer your public key. To challenge user authentication, it sends out its public key encrypted by your public key. The watch then decrypts that the laptops key with its own private key. The watch then sends back the user's password.
    If the password is received and is correct, the computer stays in public mode. IF the password is incorrect: either
    • Someone has launched a man in the middle attack
    • You co-worker is walking past with their watch on
    • The wrong password was entered on the watch

    So the laptops locks up until you start to use it and the watch recived a timed ping, or you initiate the send from the laptop.

    This system provided user authentication and data security, the two main points of a secure system.
  7. ZIA Redux by mcorner · · Score: 5, Informative

    As much as I enjoy the free publicity, this has been posted on slashdot before.

    To correct a serious error that appears in this article and in the nytimes article this was cribbed from: The system was NEVER run on the IBM watch. We mentioned it as a possibility and somehow it was taken as fact.

    I welcome the comments on the work, however remember that the world of university research is often more forward looking than the commercial world. That is our job!

  8. loop-aes & pam_mountd work for me by DNAspark99 · · Score: 1, Informative

    http://www.flyn.org/#id2759285
    http://www.tldp.or g/HOWTO/Loopback-Encrypted-Files ystem-HOWTO.html

    currently using pam_mountd to mount a large encrypted file on the loopback device, set up as $HOME, upon login to my laptop. Works for me.

    --

    --
    Society has traditionally always tried to find scapegoats for its problems. Well, here I am.
  9. Re:Dongles revisited by reconbot · · Score: 2, Informative

    To be fair dongle's don't carry encryption info. Nor did anyone expect you to pay money for this. This is tartgeted more for docters and such with patien information on thier laptops. I for one like the idea but I'd have having something stealable as the key. As least the key needs its own "key" (a password) to operate, but the artical never said exactly how that worked.

    I think its a good idea espicaly if it expands I'd like to see other devices use the same key. You could start your car, buy a coffe, walk in the (locked) parking entrence at work, open your office, and log in your computer all with a password you entered in your watch when you woke up.

    I like it - beats the hell our of attaching a dongle into the back of my computer to use the encyclopedia bratianica. (way back when)

    --
    I'm just this guy, you know?
  10. What headache...? by sapgau · · Score: 2, Informative

    How lazy can u be... I type my password without thinking now.

  11. Re:Dongles revisited by Malcontent · · Score: 3, Informative

    "Why should I fork out cash for this?"

    Here is one possible reason.

    If this device (or a similar device) is able to encrypt your hard drive then it would be an effective combat against some of the more intrusive aspects of the patriot act. In that legislation there are clauses that allow the FBI to enter your home when you are not in and bug your place and place trojans in your computer while you are not home and without letting you know about it.

    My point is that automatically encrypting your hard drive is more effective then having a password protected system especially if that encryption is done with huge keys that are stored on the watch.

    --

    War is necrophilia.

  12. Re:A question by mcorner · · Score: 2, Informative

    The article isn't wrong, just vague. For more details see the paper.

    However, what you describe is almost precisely how it works. The "walking away encryption" is only for the file CACHE in memory. The alternative is to bzero the cache which takes a lot less time. Unfortunately, recovery is equivalent to a cold cache which may annoy users with a lot of disk i/o.

    The data always sits on the disk encrypted. Otherwise reencrypting it would take forever.