Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Software Secures Data when Owners Walk Away

Posted by chrisd on from the don't-lost-your-watch dept.

Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it. To limit this risk many users configure their systems to fall into a "sleep" mode after a period of inactivity and ask for a password before the system can be awakened. This constant re-authentication proves to be a headache for many users. Now a Professor and his graduate student at at the University of Michigan have come up with a system called Zero-Interaction Authentication (ZIA), described in this article in The Age, to protect data on mobile devices. The system works by starting to encrypt data the moment the owner walks away from the system. The owners wear a token with a encrypted wireless link with the laptop. If the token moves out of range the ZIA re-encrypts all data within 5 seconds. If the cryptographic token moves within range the system decrypts the information for the owner. The token, which could take many forms, is currently a wristwatch with a processor running Linux designed by IBM."

6 of 302 comments (clear)

  1. wouldn't it make more sense by drDugan · · Score: 4, Interesting

    would it not be more sensible to make the token a passive device, like one with an RFID

    I'm not an expert in encryption, but I have had serveral security related dongles and all of them were a pain in the arse.

    it would seem that there are technologies (I've read about) that can return specific information passively when hit with specific radio frequencies. Wouldn't these be more easily used than a powered device like a watch?

    Anyone else know more about these technologies?

    1. Re:wouldn't it make more sense by cybermace5 · · Score: 5, Interesting

      As the previous poster pointed out, RFID is relatively easy to snoop on.

      One of my major peeves is the RFID card that gets me into work every morning. In certain stores, my RFID card returns a code that sets off their RF tag detectors at the door. Usually I remember, pull out my wallet, and hold it over my head while walking through. Once I forgot at Fleet Farm (basically a giant general store, like Home Depot with tractor parts) and I set off the alarm. Of course someone came to visit me, and it was especially embarrassing because I was wearing a big coat and didn't buy anything. She handed me a little piece of cardboard called a "Schlage Shield" and said to put it in my wallet. No more alarm.

      Worked great, except that opening the door at work involved putting down my coffee, laptop, and lunch to get out the RF card (instead of conveniently pressing my butt against the door). So I took it out, and promptly set off a Barnes & Noble alarm. No one seemed to care, so I just pulled out my wallet and walked through with the wallet over my head again.

      ANYWAY...the point is that RFID tags are barely more secure than keeping a post-it note with an access code.

      I am curious exactly what my card claims to be on the store scanners....

      And the whole article is a duplicate.

      --
      ...
  2. Something's missing by Safety+Cap · · Score: 5, Interesting
    (from the article)
    At the beginning of the process, the user enters a password on the watch~.
    Isn't the point so that lazy people don't have to be bothered with remembering passwords? Doesn't this defeat the purpose? (sigh)

    What happens if you take your watch off and leave it next to the computer? It never encrypts!

    Worse yet---what happens if your watch gets stolen? Now you can't get at your data! Better make sure you get the Casio watch option instead of the Breitling. No one would want to steal a Casio POS, so you should be safe.

    --
    Yeah, right.
  3. Use my technique by ekrout · · Score: 4, Interesting

    I keep all mission-critical and government-classified information on portable USB Flash DRAM-based storage devices. They're incredibly portable and can be brought to the gym, in the car, to work, back home, swimming, hiking, biking, etc.

    To be perfectly honest, I just can't bring myself to respect anyone who would leave a $4,000 laptop with supposedly top-secret information on it sitting out on a cafeteria table or something while they go sit in the bathroom and read the paper.

    Just stick with portable USB drives. They're cheap, efficient, fast, and more secure than any fly-by-night research project out there right now.

    --

    If you celebrate Xmas, befriend me (538
  4. Is it really so hard? by NineNine · · Score: 5, Interesting

    When you stand up, hit ctrl+alt+del. When you sit down, type in your password. I had to do it at one company, and now it's just habit. Not exactly a tough thing to do. I think that these guys are trying to solve a non-problem.

    1. Re:Is it really so hard? by NineNine · · Score: 4, Interesting

      True, but then you have to factor in the physical cost of these doohickeys, and the support time when one dies, is lost, or malfunctions. I dunno. Seems like it's making things more complicated and expensive for no really good reason. In most businesses, a LOT more time and money can be saved by doing something as simple as making sure that no non-developers or non-admins have full control of their box, limiting the damage they can do. Most companies that I've seen make each user admin of their own box, when really if they're just doing work, they'd never need.