Slashdot Mirror
New Software Secures Data when Owners Walk Away
Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data
is accessible to anyone who gets hold of it. To limit this risk many users
configure their systems to fall into a "sleep" mode after a period of inactivity
and ask for a password before the system can be awakened. This constant re-authentication
proves to be a headache for many users. Now a Professor and his
graduate student at at the University of Michigan have come up with a system
called
Zero-Interaction Authentication (ZIA),
described in this article in The Age,
to protect data on mobile devices.
The system works by starting to encrypt data
the moment the owner walks away from the system. The owners wear a token with
a encrypted wireless link with the laptop. If the token moves out of range the ZIA
re-encrypts all data within 5 seconds.
If the cryptographic token moves within range the system decrypts the information for the
owner.
The token, which could take many forms, is currently a wristwatch with a processor
running Linux designed by IBM."
Rank | Real name | Occupation | /. nickname | # fans
;-D).
1) Rob Malda - Slashdot founder - "CmdrTaco" - 975
2) Wil Wheaton - Actor/Activist - "CleverNickName" - 784
3) John Carmack - Programmer, id Software - "John Carmack" - 606
4) Eric Krout - Bucknell engineering major - "ekrout" - 522
5) Bruce Perens - Writer - "Bruce Perens" - 516
6) Josh Marotti - J2EE consultant - "FortKnox" - 381
7) Jeff Bates - Slashdot co-founder - "hemos" - 318
Please notify me of any corrections. Updates: Added Wil Wheaton per AC comment; Added Bruce Perens; Added John Carmack; Moved Eric Krout up one spot to #4 after overtaking Bruce Perens
As it stands, I'm more than halfway there toward gaining more fans than Rob "CmdrTaco" Malda. That would be a neat accomplishment and one that I'd be very proud of.
If I can come through (I was on sabatical for a week), I think it would only be proper for Rob to give me some leadership position here at Slashdot. Perhaps I could serve as a liaison between the members and the editors/coders to ensure that Slashdot continues to develop and "scale" with its increasing membership and database size.
Thanks for reading. I truly love you all and enjoy the time I spend here at Slashdot. If I can help any of you with anything (even non-Slashdot related), please let me know. I'm always there for friends (and fans
with the laptop via wireless 802.11b technology featuring the uncrackable WEP technology.
Fp on a dup story with a 2 min waiting time
The 21st-century catches up with laziness at last.
would it not be more sensible to make the token a passive device, like one with an RFID
I'm not an expert in encryption, but I have had serveral security related dongles and all of them were a pain in the arse.
it would seem that there are technologies (I've read about) that can return specific information passively when hit with specific radio frequencies. Wouldn't these be more easily used than a powered device like a watch?
Anyone else know more about these technologies?
Software walks away after owner has been secured!
This sounds like a really great idea. What program does the encryption, how fast is it, and what all does it encrypt? Just documents, or the whole system?
Specifically, someone with such a token getting clubbed on the head and stuffed in the office supplies closet, and his token stolen.
what if someone steals the device? The system could add a password, but if someone steals the watch and the laptop makes no difference. Sounds like it just saves lazy people from typing in their login.
this was posted nearly a year ago. interesting, but old news.
But what happens when the neighborhood/college/company bully steals your watch?
If you celebrate Xmas, befriend me (538
as soon as I walk away her legs spread open for others.
Now all I need to do to access some sensitive information is to beat up some pasty-faced grad students!
Sounds like the smartcards to me where you stick it in the slot & it knows your password, domain, etc. Console is locked unless you have the card.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
In Soviet Russia, software encrypts YOU!
That you wear on your finger? :^)
In soviet star trek, Data walks away with YOU!
Gimme your watch, punk!
Great! Now I'll have a growth on my arm from my ZIA wristwatch to go along with my brain tumor from my cell phone!
To make a pun demonstrates the highest understanding of a language
What about using some kind of biometric data, like key cadence, or a profile of typical mouse movement characteristics (like icon overshoot?) to do it? That way its totally seamless, although one could still do some damage as it would take a few input events to establish the identity.
Sure, its not foolproof, but who wants to wear an identifying token?
http://www.masturbateforpeace.com/
Even if ZIA encryption method ends up being broken by/a hacker(s), you still get some cool jewelry to show off to your friends.
To crack into your system, a thug need only crack your skull, take the watch, and then log on.
For those of us who don't want the Acrobat plugin crashing our browser: Google's handy PDF->HTML cache.
Karma: Excellent (fuck, even in the future moderation doesn't work!)
What happens if you take your watch off and leave it next to the computer? It never encrypts!
Worse yet---what happens if your watch gets stolen? Now you can't get at your data! Better make sure you get the Casio watch option instead of the Breitling. No one would want to steal a Casio POS, so you should be safe.
Yeah, right.
In doing family research, I found out that my grandfather died at the Auschwitz concentration camp. This is very upsetting to me. It seems he got really drunk one night and fell out of his guard tower. Please send condolances.
DriveCrypt has options for quick-kill and hotkey unmounting of encrypted volumes, and since this looks like it does the same thing, only better, maybe they could look into making it erase or publish the contents of the encrypted volume after receiving a distress call from the user's pacemaker?
Now _there_ is a deadman switch!
I have a v8 engine block set to fall on my hard disk if I'm away for more than five minutes (3 minute walk to fridge(coke!) and back)!!!
Your security is nothing compared to that!!!!!
You can't judge a book by the way it wears its hair.
My watch battery is dyin$^%*&^@#$SD$#@#XVSDF$%@MDFSCVNL%$#^$*@#)(*&!$@
----End of line.
Soon to be a chip implanted in your hand.
Don't forget the barcode on the forehead!
I'd much rather computers go wearable than implantable...
... when a smartcard-based solution would've probably made it as well for a fraction of the price?
I keep all mission-critical and government-classified information on portable USB Flash DRAM-based storage devices. They're incredibly portable and can be brought to the gym, in the car, to work, back home, swimming, hiking, biking, etc.
To be perfectly honest, I just can't bring myself to respect anyone who would leave a $4,000 laptop with supposedly top-secret information on it sitting out on a cafeteria table or something while they go sit in the bathroom and read the paper.
Just stick with portable USB drives. They're cheap, efficient, fast, and more secure than any fly-by-night research project out there right now.
If you celebrate Xmas, befriend me (538
Another tiring live performance. These performances always took a lot out of Jennifer Lopez. Dancing and running across the stage for this amount of time was always exhausting.
But besides being exhausting these dynamic performances sometimes also had another effect on Jennifer. Because she moves so much and so fast on stage for such a long period of time, sometimes the latina's "pipes" would loosen up to the point where she needs a half hour of "retreatment" into the ladies' room to relieve herself. So as soon as she got off stage, she went straight for the girly potty room. She went inside, the usual sweet scent of a ladies' room penetrated her nostrils. She went into a stall, closed the door, lifted her miniskirt and lowered her panties. The wetness of the panties she had grown accustomed to. The movements were causing the crack of her ass to sweat and after two hours of dancing, the panties were lodged completely into her brown crack, soaking up all of the sweat present. Jennifer sat down, and allowed her insides to do most of the work. But for some reason this time it didn't go too well. Where usually the bowel movement was quick and smooth. This time it was like it struggled against being forced out. So Jennifer applied some pressure on her lower body, but it wouldn't help.
"This is going to be a long one," she said to herself, after which she heard the door to the ladies' room open. A woman, probably one of the dancers, went into the stall next to Jennifer's. The sultry singer and actress heard the woman sliding down her panties, snapping the elastic band. As Jennifer struggled to push the content of her guts toward her backdoor, she couldn't ignore the sounds being made in the stall next to hers.
The lady was moaning, the crackling of a turd sliding out was loud enough to be heard, and Jennifer couldn't deny a smile as she heard a fart thundering in the hollow sounding ladies' room.
"Whoa, that sounded like a real birth," Jennifer said casually to the mysterious lady in the next stall.
"Like you wouldn't believe," a womanly voice answered. "I've been holding this up for over half an hour."
Jennifer knew the voice. It belonged to Natasha, a stunningly beautiful black dancer, recently added to the group.
"Yeah, I can sympathize. I've been holding up myself. For over an hour."
"So you must be relieved to get rid of it then, huh?"
"I wish. For some reason it just won't go as easily as it should."
Jennifer heard the girl wipe her privates, pull up her panties and flush the toilet. Then she spoke again.
"You know, this might sound odd. But I have a successful method on how to make it go more smoothly, if you're interested off course."
"Well, I don't want to spend my entire day in here. So if it helps, I'd be happy to know what that method is," Jennifer said honestly.
"Okay. But in order for me to help, you'll have to let me in there."
Jennifer unlocked the stall, and saw Natasha entering. Once again Jennifer was in awe of the beauty of the girl. Her chocolate skin was shiny from the sweat of the performance. And her face resembled that of Brandy Norwood, the R&B singer. Wide eyes and a wide smile.
"Can I...you know...take a look to see if I can see the problem?" the girl asked in a light innocent voice.
Jennifer felt somewhat awkward. Although she was a closet bi-sexual. And had been in this position with several guys and some girls, she still felt a bit weird. But the girl wanted to help her out with her problem, so Jennifer leaned back against the wall, lifted her legs, and placed her feet on either side of the girl against the door of the stall. Natasha made no hesitations in dropping to her knees and staring at Jennifer crotch area. Without Jennifer noticing or realizing, the girl took pleasure in looking at Jennifer's great looking pussy. Shaven at the sides so no hair would be visible in bathing suits, but hairy on top and on the lips, lips that were long and thin. Looking further down her breathing went faster as she looked straight at Jennifer's asshole. A dark, wrinkled pucker that was pouting outward.
"This may sound a bit strange, and if you don't want to answer you don't have to, but...do you ever put your finger in your anus, for instance when you masturbate?" the girl asked while never taking her eyes off of Jen's asshole.
"What? No! No...I mean, I've never thought about doing that. Why do you ask?"
"Well, because my experience is that if you regularly finger your anus, you will experience far less constipation. You see, by fingering your...ass, your muscles learn to relax when pressure is applied. And it loosens up easier."
"I never knew that. So what your saying is that...if I finger my asshole, I should have no problem relieving myself?"
"That's right. That's why porn actresses have enemas before doing anal. So that it doesn't become a mess after the guy pounds her hole so long."
"I don't know. I've never done this. I don't know what to expect."
"You know it's actually quite nice, once you get used to it. If you like, I could try."
Jennifer thought about it and started smiling. "I would like that."
"Okay, first I wet my middle finger in my mouth like this"....... "Then I lubricate the outside of your anus with my saliva to make it slippery".... Natasha rubs the tip of her middle finger all over Jennifer's asshole, which contracts and relaxes under the black girl's touch.
"Then I enter." Natasha now slides her finger all the way into Jennifer's ass to the knuckle. Jennifer closed her eyes and couldn't suppress a moan, she just couldn't. Natasha noticed and knew she gained the desired effect as she started sliding her finger in and out with increasing speed. At one point there were even faint sounds of sloppiness as Natasha was really frigging Jennifer butt. "UUUHMM...that feels good," Jennifer moaned. "Please keep doing that."
"I intend to," Natasha said with a husky tone in her voice. "As a matter of fact, I think you're ready for a little something extra." The ebony girl slid her finger out of Jennifer hole, took a whiff of it, obviously liking the smell, and stuck the digit, along with her index finger into her mouth. After wetting the fingers with lots of spit, she drilled them into Jennifer shitter with one move, and started to rapidly fuck the Latina's ass with them. Natasha knew she had the singer almost where she wanted her...on the edge.
"Oh shit...your fingers feel so good in my ass. Keep fucking me with your fingers. That's it. I never knew it would feel this good."
"Puffy never did this to you, huh," Natasha asked with irony, "He probably thinks it's dirty. Well, fucking a beautiful ass like yours with my fingers is never dirty to me."
Natasha started twisting her fingers around inside Jennifer's ass and felt her ass become more slippery. She took her fingers out again and saw that Jennifer's asshole remained open for a short period. She then looked at her fingers and noticed her fingernails had a little bit of shit on them. She stuck her fingers in her mouth and licked Jennifer's shit from her nails.
"Now it's time for your reward," Natasha said and buried her face in the crack of Jennifer Lopez's ass. She lapped over Jennifer's pouting pucker and used a tongue full of saliva to lube the latina's shithole up. She then started butt-fucking Jennifer with her tongue like a real ebony butt slut. My God, how she enjoyed the sweaty, musky smell and pure, bitter taste of Jennifer's asshole.
Sloppy slurping sounds emanated from the tongue-asshole connection as the black beauty licked and sucked away at Jennifer Lopez's ass with abandon. Jennifer looked down at that dark face between her gigantic butt cheeks and shivered at the sight of that soft pink tongue grinding into the swollen rim of her rectum. She reached out and ran her fingers through Natasha's black hair, before grabbing her by the back of her head and pulling her face tight against the moist crack of her wide, beautiful ass.
"Oh my God. Natasha, you're licking my ass so good. I never knew a tongue in my ass would be this nice. Just don't stop. Keep fucking my butt with your tongue. Oh yeah, that's it."
As Natasha kept drilling her tongue deep into Jennifer's anal orifice, she closed her lips over her pucker, and started sucking on her ass with force. The smacking sounds of her lips on the latina's asshole filled the ladies' room, and it continued to do so for minutes.
"Shit, I feel something. Oh Natasha, I have to...I have to fart. Your sucking of my asshole makes me have to fart. Quickly, take your mouth off my ass."
But Natasha didn't budge. She kept on sucking right until an enormously loud, wet-sounding fart simply blew her lips off Jennifer's pucker. The odor of the hot gas penetrated the black dancer's nostrils and had her so over the edge, excitement-wise, she lost control of her calm self and started yelling.
"That's it, you fucking slut. Fart in my face. Fart that smelly shit right in my face. I love to smell that shit."
Jennifer needed a few seconds to understand what drove Natasha to enjoy something like this, but soon understood that the sheer depravity of it, the perverted nature of all of this, is what drives someone like Natasha wild, and Jennifer decided she was starting to like this nasty stuff as well. She could never deny to herself that she immensely enjoyed the feeling of someone sucking her ass. And knowing that same person actually gets wet smelling her farts.
Natasha had turned down the volume of her voice again and plainly spoke to Jennifer.
"Now that you farted, it means that it won't last long for the rest to come."
The beautiful black woman again started drilling her fingers in and out of Jennifer's swollen poopchute, and noticed the grimace of wanton lust on the latina's face.
"You horny bitch. You sure like this, don't you? Helping you take a shit, my ass! You couldn't wait to feel my fingers and tongue up your ass. You probably farted in my face deliberately. Blowing that shitty hot gas into my face as I sucked on your shithole. Tell me! Tell me you were dying to have me come in here and eat out your ass."
"Oh God. You're so right. You're so fucking right. I heard you shit, and smelled it. And I loved the smell of your fart. I was so hot imagining what you would look like taking a shit. Seeing the turds being pushed from your black ass. I love this. I love your fingers in my butt. Your tongue in my butt. And I loved farting in your face. It's so nasty. It makes me feel so hot and nasty doing that. I would love it so much to shit here as you watch my ass. The thought of you watching my asshole up close as I shit drives me crazy. Will you do that? Will you watch me shit?" Jennifer was shivering on the toilet bowl as she spewed the most perverted, depraved language. She had never talked like this. The nasty black dancer had brought out a side in her she never knew existed.
"I wanna watch you shit, Jennifer. I wanna see those turds popping from your nasty brown hole. Here, watch this, Jennifer. Watch as I pull my fingers from your ass and enjoy the taste."
Right after the final words, Natasha slid her fingers from Jennifer's ass, and showed them to Jennifer. Jennifer saw Natasha's fingers, coated in her shit, and then saw the ebony woman starting to lick her fingers. Looking straight into the celebrity's eyes and with a wild, wanton expression on her face, Natasha licked the layer of dark-brown crème right off her fingers, casually taking her tongue back in her mouth now and again to experience the taste, and letting the sticky shit slide down her throat. After she had completely cleaned her fingers, she looked at Jennifer with a serious expression.
"You're ready. Now push your shit out. Here, spread those legs wider so I can have a nice look, raise those knees. Support yourself and let me hold those ass cheeks spread for you. Now do it."
Jennifer never felt so utterly exposed in her life, sitting there on a toilet bowl with legs spread and knees raised, with a black woman's face mere inches from the sweaty crack of her ass. But the depravity of it, the nastiness, it made here feel so damn lewd, so hot. Jennifer pushed, and pushed, and an earth shattering, meaty fart blew from her pucker, right into Natasha's face, who squealed with joy. And then, it rolled. Jennifer felt the warm content of her bowels slide down towards the opening.
Natasha was still lingering in the mind-blowing smell of Jennifer Lopez's fart, when she saw a thick brown turd sliding slowly out of her ass. The crackling sounds were almost deafening to her as the pungent scent of Jennifer's shit filled her nostrils. The latina singer groaned aloud as she looked at the black dancer's face, and pushed a long turd all the way out, until it broke off and plunged into the bowl, leaving a brown shitty ring on the rim of her asshole. She was completely in the same mind state as Natasha now, as she whispered: "There's more where that came from. But I want you to SUCK it out."
Natasha looked into Jennifer's eyes with a surprised grin, as if she won a lifetime achievement award and didn't expect it.
"Suck it out? Oh Jesus. That's so hot. I'd love to suck the shit from your ass."
"Well then. What are you waiting for?"
That was Natasha's cue. She fused her open mouth to Jennifer's greasy brown asshole and sucked hard on the latina's pucker. Slurping sounds filled the stall and Jennifer groaned increasingly louder as she felt the ebony girl sucking on her sloppy butthole. Natasha enjoyed the bitter taste of the sticky shit that she sucked into her mouth.
"Oh Jesus Christ. That feels so fucking good. I don't care anymore if anybody hears me. JUST KEEP SUCKING MY ASS. SUCK THE SHIT FROM MY BUTT! YES!."
Natasha complied and kept slurping away at Jennifer's dirty ass, when all of a sudden she felt a spongy, warm nugget slide from Jennifer ass into her mouth.
She looked Jennifer straight in the eyes as she moaned and ate the latina's shit.
"Oh God, yes! Eat my shit. Do you like it? Do you like the taste of my shit? Better savor the taste, because it was the last piece."
Natasha chewed the brown piece and after squashing it enough, swallowed it.
"You done with that," Jennifer asked huskily, "then open your mouth, because I've something for you to drink to wash your mouth. Open up for mommy."
Natasha was wondering what the sultry singer meant, but opened her mouth as she had her face inches from the latina's steaming crotch.
"Oh yes, I feel it coming. Get ready."
And when that last word was uttered, Jennifer let go of her bladder, and a steady, yellow stream of warm piss arced from her pisshole straight into Natasha's face. The black dancer squealed in delight as she felt the smelly warm liquid splash her face, and moved her face so she caught the forceful stream straight into her mouth. The hissing sound of the piss leaving Jennifer Lopez's cunt and it hitting Natasha's tongue and roof of her mouth was like music to their ears. Natasha swallowed wave after wave of Jennifer's salty piss and continued to let her tongue be drenched and her mouth be filled.
"Christ, you look so hot drinking my piss," Jennifer whispered as a thunderous fart once again crackled out of her brown asshole.
All good things come to an end, and this includes the content of Jennifer's bladder, as the stream decreased in its strength and it lowered until the last spurts just gushed over the crack of Jennifer's ass.
"Now please clean me," Jennifer said.
Natasha continued her earlier job and again lapped through Jennifer's crack, licking the piss from it and licking off the remainder of shit on the swollen rim of her bulging asshole. After about 2 minutes Jennifer was squeaky clean and pulled her panties up as she looked Natasha in the eye.
"You made me fell better than I have ever felt. Nobody has ever gone this far to give me a good time," Jennifer said.
"It always was my dream to pleasure you," Natasha responded, "I just had to grab this opportunity. My wildest dream was to suck your ass, and you made my fantasy come true. And I just want you to know, Jennifer, that if you ever want me to give pleasure to your pussy or ass again, you just have to tell me."
"Natasha, I would like it very much if you want to be my buttslut. We can have crazy times together on the road. As far as I'm concerned, you can taste my ass whenever you want, because I just love the feeling of your soft, wet tongue fucking my butt."
"Oh Jennifer, you just made me happy. But I have a question. Would you like to service certain body parts of mine just as I service your ass?"
"Just name it," Jennifer said in anticipation.
"Tell me, Jennifer, would you like to suck and lick my toes from now on?"
"Natasha, as far as I'm concerned, you can fuck my ass with your big toe, and I'll clean your toe with my tongue."
Jennifer Lopez and Natasha would have many crazy, lustful adventures from that point on.
...seems they really enjoyed it before their necks were slit.
hmmm....we have a watch, it obviously has some sort of wi-fi networking if it can keep in touch with the computer. How long until someone is assasinated by launching a DoS attack against his watch? It may not kill, but at least cripple as the watch burns its way through the flesh as the poor NIC on it is overloaded.....
This is yet another device created by geeks for geeks. These researchers probably think this is a good idea, but do they really think it is a good idea for most people? How much market analysis was done? How much usability testing? Well, at least they are targeting corporations and large organizations. There might be some money in it down the road.
How to Download YouTube Videos
looks like a risk of interception.
How a totally segregated organization like the Congressional Black Caucus (CBC) blasts Senator Trent Lott for making segregationist comments....do I hear double standard????
So all the guy/gal in the next cubicle has to do is monitor the IR transmission/receiver and copy your key... or am I missing something?
Can you occassionally change your key?
I don't like this idea, being that these 'products' give your employer a more solid ground to say "It must have been you that deleted the files and crashed the server with the worm you released after we gave you a bad QA assesment." Afterall, it had to be you... your the only one with "The Crypto Key".
How would you prove it otherwise that it wasn't you?
I like my passwords, the ease of changing them increases my frequency of doing so. And for those that change their pwd's to easily remembered terms due to your lack of brain power - Well then you deserve what you get. If you can't remember a password, and have the ability to remember that password as it changes every few days or weeks - then you shouldn't be sitting at a computer to begin with. I constantly change my passwords and use a different password for nearly 30+ things... all password are no less then 11 or 12 highly mixed random characters. And while I am no idiot, I am far from having a photographic memory. So as the old dieters solgan goes... "If I can do it, so can you"
Never try to beat a professional at his own game!
Security for the people too lazy to practice good security habits. Yay. Although I suppose this will make life easier for certain sysadmins...
At any rate, my question is "When will this be used to make smart guns?"
you could be arrested for encrypting something!
Isn't this just a fancier type of dongle?
YOU FAIL IT!
Filthy rotting shit stained teeth that smell like dog shit. Even wealthy parasites like the royal family have pathetic blackish-yellow decaying teeth. Why is that?
More and more laptops/palmtops incorporating a camera as part of the design, so why not use facial recognition to lock the pc.
Short of growing a beard before you get back to the laptop it'd be a cheap workable solution.
Then you don't have to remember/wear some crazy ass security dongle.
When you stand up, hit ctrl+alt+del. When you sit down, type in your password. I had to do it at one company, and now it's just habit. Not exactly a tough thing to do. I think that these guys are trying to solve a non-problem.
...you lose your token?!?
With a combination of a prickly bios password and some sort of hardware lockout?
I had a crackhead friend bring me one of these recently asking if I could make it work. I spent about 10 minutes reading posts about the hardware lockout and figured out it wouldn't happen without him calling dell. It was of questionable origin and he did not want to do that.
He then insisted on leaving it at my house for two fucking weeks insisting that i'm a computer genius and I could figure it out, despite the documention I had read.
Two weeks later he came back accusing me of being too lazy to have a look at it. Isn't that just the way it goes when you're the computer fixit guy?
My watch crashed and I've been on hold for IBM all afternoon
What top secret government classified information is on your USB drives? Your tentacle rape anime porn?
The original is here. At least they waited some weeks before reposting it.
What does it actually encrypt? All sensitive data? I doubt it could do that in 5-6 seconds. Also, how do you decrypt the data if you lose your key? Or what if you fire the employee and don't get the key back? How will you get the data, then? Is there a back door for sysadmins?
Sex - Find It
A token can be easily misplaced, duplicated, or bypassed. A password is NOT a big deal to enter when you sit at your desk. If they're too lazy/clueless to enter a password, they shouldn't be responsible for any secret information.
Use a program like Scramdisk or the commercial version Drivecrypt. Keep all of your critical files on the encrypted partition. When you leave your desk, activate the screenserver with a keystroke.
Unless someone knows your password, you're safe. If they reboot, the encrypted disk is inaccessible.
What's the big deal?
I don't see this as being very practical.
How fast will this encrypt/decrypt data? I probably have well over a gig's worth of 'sensitive' documents and data on my laptop, stored in various directories (and unfortunately the approved OS at work is winblows). Encrypting will not take mere seconds.
More often than not, when I'm not at my desk I'm a few cubicles away working with other co-workers. Sometimes I'm not away from my desk for more than 10-15 seconds. Right now if I suspect I'll be gone from my desk for a while, and it's not in plain view, I'll turn on my screensaver (password locked) with a touch of 2 keys. This system sounds like it will arbitrarilly start encrypting my data as soon as I'm outside a specified range. If I'm away for just 15-20 seconds, this seems very impractical. Not to mention other things, like forgetting the transmitter at home (how many of us have forgotten our work passes at home once or twice?), having the battery die, etc.... On such occasions you'd be totally locked out from accessing your own data.
No thanks, this seems way too impractical for my taste. Move along, there's nothing to see here.
It's better to burn out than to fade away
On the other hand, if it was integrated into something like a PDA, it might work better. My Palm Vx (grayscale) has a pretty damn long battery life; however I rarely use it for as long as I use a PC. Also, the fact that I turn it off when I'm done (or it shuts itself off) surely prolongs the battery life. And my Palm isn't transmitting any signals to my PC, either...
... and I think last time one comment summed it up:
What makes you think users who write passwords on post-it-notes stuck to the monitors aren't going to blue-tack the dongle to the laptop for "ease of (ab)use?"
While I applaud these people for making steps to make it harder to casually get information off of laptop computers, it still does not stop other attacks on such a system. Flooding the laptops area with uniformly strong signal that matches the watch's key would be as difficult as acquire-and-replicate. There seems to be a smart card like system with keys, and key encrypting keys.
It's very comprehensive, and it addresses many aspects of the social and technological attacks.
In my mind, the weak link here is clearly the watch. Watch technology isn't very complicated (read: very big), and how many designs could their possibly be? If one knows where the hardware information is located, a system replacement under the face, and you've got some issues. How many people wear watches to bed at night? Or in the shower? Difficult, but possible
A quick couple of replacements, and you have a watch that has a short range transmitter also transmitting the information that you'd need to dissolve the encryption link, and maybe begin a traditional man-in-the-middle attack. Once you see what cards the watch is holding, shouldn't the rest of the exchange be trivial?
While this is a great mechanism for an encryption scheme, what attacks are there against the physical and social component? These are the items of which spy thrillers are made, and will probably (hopefully) never come into play.
All in all, an excellent read from the UMich folk, and they have my applause.
--jaybonci
Wow! Linux was designed by IBM!
Seriously, this is the most BS sounding "security solution" I've heard of in a while.
It seems like the Prof. is just trying to get some publicity so he can bring in the next grant. I'll be impressed when someone comes up with an elegant, efficient security concept, not something that needs $10k just to work.
The truth is, secure data is now being stored on PDAs and Cell Phones. IMO, these "minimal" or rather specialized devices will need to have integral data security features, but with much less overhead and dedicated hardware.
that's right. problem solved.
The IButton did this more than 3 years ago. Just touch the ring to the blue dot.
And my sunblade just needs me to swipe a card. This is a method that leaves itself open to bigger hacks than the others... listening to the wireless protocol, copying it, and logging in as someone else.
From what I understand, this new system decrypts the cache when you come within a certain distance and re-encrypts when you go past that distance, does this mean that doing the hokey pokey (you put your left foot in...) could lead to a system crash??
Not even close or interested. What WOULD interest me is a touch pad that could read my thumbprint. I walk away it would idle locked, or I could just move my mouse somewhere or hit some key combo. To[re-] authenticate just give it a finger print...
I've personally added keyboards with touch pads for general/quick mouse movements -- after being "forced" to use on a laptop. A mouse _is_ quicker and I'll grab that for heavier mousing.
A fingerprint would also allow me to give the computer 'the finger' if I felt it was needed as well...stress relief and all.
Mod your computer to require a Pass-Key to allow any input or output.
As always, the weakest link will be the user. I can just see some schmuck decide that he's tired of waiting six seconds every time he gets back from the water cooler, and so he leaves the wristwatch next to the laptop at all times.
http://www.nullsoft.com/free/safesex/
:) and for windoze only heh.
for your notes anyway
I can just see it now. Using "TOKEN SNORT" while "TOKEN DRIVING" around the office cubes to pop open your co-workers workstation and send "I'm an idiot messages" To: Staff From: co-worker..
If it's an RF solution probably not very secure. On the other hand an IR emitting badge around the neck of the user could work.
Let me use a ring, then I only lose a finger when someone wants access :~)
Guess what? I got a fever! And the only prescription.. is more cowbell!
Just never put it on a computer!
Man, some people...
"Logic merely enables one to be wrong with authority." - Dr. Who
If the password is received and is correct, the computer stays in public mode. IF the password is incorrect: either
So the laptops locks up until you start to use it and the watch recived a timed ping, or you initiate the send from the laptop.
This system provided user authentication and data security, the two main points of a secure system.
..instead of having this code on a watch, which is easy to lose, just put it on a second laptop with bluetooth!
So your day would go like this:
1) put down the laptop next to your machine. enter your password on the laptop. now it will transmit authentication code to the machine.
2) Use the machine normally
3) when you have to piss, turn off the second laptop. your main machine will now encrypt all files and go dark. take your laptop with you for maximum security.
4) when you get back from the toilet, turn your laptop back on, re-enter your password, and set it down next to the machine.
5) profit! just kidding.
See, my idea is just SO MUCH BETTER!!!!!!!
>>The owners wear a token with a encrypted wireless link with the laptop. If the token moves out of range the ZIA re-encrypts all data within 5 seconds.
Why don't 'they' just get it over with already and implant identity chips in our heads? So we don't have to worry about securing our laptops when we walk away to take a restroom break.
And our bosses won't have to worry about tracking how long we've been in the restroom... or when we enter and exit the office.... and the big siblings can track where we drive, where we fly, and where we < insert activity of choice here >.
Why the hell not?
NOT.
Huh?
Great, something else to buy. My fingers are cheaper and I'm not one of the people who has a problem logging in with a password. Why should I fork out cash for this?
Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it
I was taught that once someone has physical access to a system, it's game over with regards to security.
In other words, the authentication system will only deter, not stop unauthorized access. How about just taking the laptop with you?
The distinct flushing sound one hears as he backs away from his device is the users 'sensitive' data being stored safely where no man is sure to venture.
Only the men with get this joke..
"Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it.", really? shit, since when?
In Soviet Russia the token wears you.
The watch is running Linux; how many possible programs can there be? More than there are particles in the universe...
There are lots of challenge/response identification schemes that run nicely on my old 200 Mhz PII box that would be very hard to crack with current technology, so I would have faith in that part of the system.
It's psychosomatic. You need a lobotomy. I'll get a saw.
Like putting a bell on the cat. "Pat your manager on the back" and then you can rest assured surfing freely knowing that the next time he comes within 15 feet of your desk, a browser window will open maximized pointed to http://java.sun.com.
Or tag the girlfriend and always hide the pr0n!
I wonder: could something like this be used in place of a password?
For example, I sit down at any system in my office: the watch gives the computer my password, and I am logged in to my desktop just by sitting in front of it. Get out of range, and it logs out.
Combine with a 'smart chair' (so the computer knows if someone is actually sitting in front of it) or maybe a fingerprint scanner and you're set.
>>The user can set a longer distance, for instance, for working in an airport lounge
Why would you move further away from your laptop in an airport?
Aren't you supposed to keep your stuff close so to reduce the risk of it being stolen?
Huh?
As much as I enjoy the free publicity, this has been posted on slashdot before.
To correct a serious error that appears in this article and in the nytimes article this was cribbed from: The system was NEVER run on the IBM watch. We mentioned it as a possibility and somehow it was taken as fact.
I welcome the comments on the work, however remember that the world of university research is often more forward looking than the commercial world. That is our job!
Sounds like a nice idea. However we all know that once physical security is compromise the rest is all down hill. On-top of which, a thief that is just after the machine and cares nothing about the data will still take the machine. He doesn't know that you have a proximity sensor (whether it uses encryption or not). What I would like to see is a tool and/or system that has the kind of reliability and name recognition that something like low-jack has. What I mean is something that a crook will look at and walk away because he will recognize that it will be more trouble than it is worth. Even if he is just stealing it for the hardware. Something that he knows he just can't slap in a windows boot disk and format. Because we all know that most laptop thefts are not by criminals that want data. Its the common crook that just wants a buck. Granted what would also bring down those thefts would just be the prices in laptops coming down, the prices on those haven't fallen nearly as close to the same rate as desktops.
:)
For now I will continue to dream and maybe even write a book entitled "2085" by Ali Orwell.
I'd say why not brute force the thing, but here's something easier...Make a device that constantly scans for the signal of a token (there has to be some characteristic fingerprint to the signal). When it finds one, remember the signal and indicate to the user. User then goes and mugs target, takes laptop, uses stored signal. We've shown that man-in-the-middle attacks are do-able for a system like this, so why not keep with what works? If one knows how the system works, and can get a long enough string of interactions between the token and the server, then the key is vaunerable. Maybe this means that you have to tail the guy for a while, but let's be honest - if he's using one of these systems (I don't imagine they come cheap) then there's probably somehting worth stealing on that machine, if that's what you're up to. Make a scanner that tracks the signature of packets, walk around the financial centers of the world, and then the device goes off you know which laptops to take.
On another note, this reminds me of the plan to put RFIDs in the new high-denomination Euro-notes. Something like takes all the effort of guesing who to mug: emit the signal, and anytime you get a response, you know the guys's packing a high-value Eruo-note.
Cue The Sun...
Two words, Windows Key + L. Or Ctrl+Alt+Del, space bar. I use XP, so both work to lock the system just fine for me- truth be told, I have to enter my password to regain access, but this prevents the 'waiting for the computer to fall asleep' syndrome.
off the guy with the table at the street corner downtown?
If I have been able to see further than others, it is because I bought a pair of binoculars.
Anyone who wanted your information that much should be willing to beat up up for it - I feel that this just makes it one step easier to get your information. Anyway, it's not even a new idea.
At least this type of security isn't like that on the recent Computer Associates television commercials...
I would hate to have to lose all my hair, prick my finger, and do retina scans every time I sessioned out.
"This food is problematic."
What if your watch battery dies??
It seems to me that this is a wildly more involved solution than required. If you are going to have a physical key anyway (the super decoder watch) why make it hard for yourself? Just make the code/decode key a physical contact device.
eg. smart card, actual key for actual lock, bar code, whatever. Anything that transmits and receives can be remotely snooped, even remotely tracked, plus you can steal the bloody watch anyway.
If you are going to make somebody steal something, better to make it something cheap. Credit cards and keys are cheap. Linux powered watches? Nuh uh.
Oh, your user is a doofus and will leave the key in the lock?
A) FIRE HIS INCOMPETENT ASS, because he is too stupid to be trusted with your super duper secret data.
B) He is a union thug and you can't fire him. Ok, make the key fall out after use. How hard is that? Moron employee will presumably keep it on a string beside his mittens.
Colin McGinn
http://whatisthematrix.warnerbros.com/
Why not use an encrypted filesystem and store the key in the token?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
http://www.flyn.org/#id2759285r g/HOWTO/Loopback-Encrypted-Files ystem-HOWTO.html
http://www.tldp.o
currently using pam_mountd to mount a large encrypted file on the loopback device, set up as $HOME, upon login to my laptop. Works for me.
--
Society has traditionally always tried to find scapegoats for its problems. Well, here I am.
The could make a master token for the CEO, one ring to rule them all!
"your sensitive data is accessible to anyone who gets hold of it"
Really? Whoodu thunkit!
...which files to encrypt? On the average heavily used laptop there are documents and other encryptables all over the place. How does this magic software figure out which things to encrypt? If it's done by location (e.g. everything in and under this directory), then that's not good enough.
good security should always be based on at least two of the three from the list
Something you have
Something you know
Something you are
Anything that relies on just one of these catagories is going to be significantly easier to break than one the follows the rules. Most commercial security these days is based on something you know (password) and nothing more. Good security systems require all three, biometrics, password, and a physical token. biometrics are suseptible to advanced attacks but thing like thermal imaging for skull structure combined with retinal imaging is pretty close to unbreakable. Passwords are notoriously lacking because passwords strong enough to be secure are difficult for most people to remember so they end up either weak or written down. As for token systems other than smart cards and the IBM watch I have not seen many implementations out there.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
And a thousand floggings for anyone too lasy to enter a basic passphrase. The hassle of having to enter one often is the best way to make your average moron remember their passphrase.
Maybe so, but how bad you want to keep confidential information secure is proportional to how much money it's going to cost to do so. Most businesses can't even afford(or don't have the need) to upgrade from Windows 98, let alone something like this.
Any potential buyers might want to focus on spending that money where it matters and run your business more effectively.
http://www.ensuretech.com/products/technology/tech nology.html demonstrated something that looks identical at least 4 years ago at the first Bluetooth conference. It was not research even then.
Several weeks ago the U of Michigan professor doing the ZIA project came to UCLA to talk to us. check out his website here: http://mobility.eecs.umich.edu/
It was a pretty interesting presentation, and he even showed us a demo. They have been testing this at the Umich hospital. The doctors love it because it protects users' medical history (keep in mind there is a $250K penalty for misuse of those medical records.
Either can't be much of an encryption (xor! xor!), or else it's only doing like the boot block on the disk. Like to see them encrypt my lame 10gig drive in my 700mhz laptop in 5 seconds.
Umm, seems common sense to me.
I don't think it encrypts, but IIRC, there are hospitals that use bluetooth for automatic login/logoff when a doctor approaches a terminal, so this is nothing new or revolutionary. It is one of the things bluetooth was originally designed to accomplish.
It's much, much, much harder to get/crack my 15-character quasi-random password by any available means than to just steal a silly token I'm wearing.
OOh, man, gotta love mnemonics. Then you can have insanely long passwords that are impossible to crack by brute force or any intelligent means unless you can try a few petakeys per sec.
Repeal the DMCA!
I guess the hackers of the future will be both hackers and pocket thiefs. The man in the corner selling clocks get a new buisiness.
"you want an www.ibm.com/we/own/joo or a www.bank.com/all/your/base/is/in/my/pocket?"
HTTP/1.1 400
You can roll encryption up in a joint and smoke it!
If you're talking about WindowsXP/2000, you can lockout automatically on a 60 second screensaver or whatever. You can also enable lockout on resume from a suspend. And finally if you just NTFS and a strong name/password, then EFS to encrypt your My Documents (or whever your secret recipes live), someone could physically take the drive out, put it in another machine, and not do much with it. Im sure there are *NIX versions of all of these things too, which, when employed together, can be setup once, and pretty much forgotten about by the end user's standpoint.
I'm Rick James with mod points biatch!
How lazy can u be... I type my password without thinking now.
It was discovered soon after the press release that the "zero interaction authentication" system was vulnerable to a transmission replay attack. This attack may prove fatal to the design; in any case, it should take a few years to get the kinks worked out, so don't expect it on your desktop any time soon.
I hereby place the above post in the public domain.
I hope it's better than the encryption chip built into my new Thinkpad -- which only works in Windows 9.x, which is not only a joke when it comes to security but isn't even available from IBM (Windows XP Home and Pro only). Follow through seems to be lacking in general when it comes to encryption and security.
Really, this is nothing new. People have been using physical tokens for authentication for years (although usually for the added security value). In this case the token is being used to increase convenience, not security direclty (although the end goal being to improve security indirectly), which is what makes it different.
Of course, if you are the kind of person who'd leave your watch next to your laptop when you go to the bathroom, I'd recommend against using this. ;)
Put gun to user's head. Walk him towards the console. Steal everything.
Or better yet just shoot him and steal his watch.
Really stupid idea.
A possible solution is to generate a second low powered signal from the laptop; this signal would be generated from nothing more than some strongly encrypted hash, and most certainly be an AM signal. The nice thing about strong encryption is that it should be pretty much indistinguishable from random noise, so the this signal would be indistinguishable from background noise.
Then you have the frequency the signal is broadcasted on randomly shuffled based on the current time. The laptop and the token are time-synced (not a problem, most decent cryptographic tokens are time-synced anyway), so the token is always listening on the correct frequency.
At this point you have the correct waveform, although its amplitude will depend on your distance from the device. Every tenth of a second, or something, normalise the signal based on the RMS power, then compare the input signal based on what you compute it should be (you know the secret, so you can also compute the hash).
To fool this system you have to replicate the exact signal as it bounces around frequencies. Since it's bouncing around frequencies you can't just repeat the signal you're recieving on a specific frequency, since that won't matter. Further, for each part of the signal you repeat, you'll be off in intensity by a certain amount based on the frequency you're tuning into relative to the frequency its actually being transmitted at, and unless you can exactly predict the pattern you your error will vary. You can't track the frequency since you'd need to break the encryption. Really, this is nothing more than frequency scrambling that's been used by the military to secure communication for years, used in a slightly different way.
I'm sure there are other ways to solve the problem. So yes, it could be a problem if it wasn't taken into consideration, but it is a solvable problem.
As others have already mentioned, unless the article had it all wrong, it seems that you're going about this the hard way. Why not create an encrypting FS driver along the lines of Scramdisk or DriveCrypt that always stores the disk data in encrypted form and only decrypts it upon reading? The token would then simply provide the key, and when it's not present, you simply can't decrypt the data, without requiring a lengthy de/encryption process each time you leave and return? In addition, you could make the driver smart enough to let you encrypt only certain directories, plus you could still keep the cache encryption functionality as it is now.
Upgrades would be quite troublesome with implantable computers..
Don't mean to be a grammar nazi, but... from the don't-lost-your-watch dept
Is that poor grammar, or just hedging their bets? The alternative is to misspell "lose" as "loose," which is definite grammar nazi fodder :)
It all goes downhill from first post
What happens when the decryption key device fails or is lost or stolen?
I'm a netadmin for some not-very-savvy users, and if I couldn't restore access to their data just by resetting their password then they are all in trouble.
This is an issue for a lot of encryption solutions, not just this one. Is there a master key list somewhere than can be used to recover encrypted files or volumes or at least recreate the encryption key device? How long would that take? (This opens another discussion over security of the master list and key-changing and reencryption procedures for lost and stolen tokens.)
And what if the device gets stolen? I have a security token that requires a PIN in conjunction with its security (both the PIN and device are needed for access), but in the case of this article the whole point seems to be to avoid entering a password or PIN.
I think there should be some special facial expression that users have to do as a password.
Hey it might be a silly idea but it would be damned funny to watch.
(Disclaimer: USA Fortune 500 company bias)
Every time I read about encryption and other security technologies I have to wonder how much effort it's all worth. Mainly I compare to physical security of paper, for example.
In most businesses several people have keys to everyone's office. Think IT staff, janitorial staff, security staff, higher levels of management and facility maintenance. In my experience much of the information that might be desired by compromising computer security is readily available to many in paper form on a desk or in a filing cabinet. Okay, the filing cabinet key may not be shared by many.
Briefcases and similar carry-alongs tote a lot of confidential paper.
Encryption always worries me because it seems to easy to accidentally or forgetfully cause the data to be lost forever to everyone including the data 'owner' and his/her management.
The parent post provides some good examples of how some computer security can be used against the 'protected' user.
Well, I've sort of made my point, but I'm too tired to clarify it, so I'll stop here.
I was attending the professor's presentation of his new invention. The first slide read "Mreb-Vagrenpgvba Nhguragvpngvba" until he came on stage. It was exciting, and as soon as he came down to aisle to take questions, his slides read "Gbxra-Yncgbc Vagrenpgvba" ...
New Software Secures Data when Owners Walk Away. Think about it. Isn't something missing here? When I read that title I was seriously skeptical as to the feasability of it. That was...until I read they were using a token as well. Turns out it's not a software-only solution after all. As for me, xlock has never failed me. I activate it with one click on a designated button in gkrellm, and I type my password so fast that it takes a lot shorter than waiting for the CRT to come to live again. Still, I think this solution is a Good Thing. I am going to patent putting wireless authentication technology in a mobile phone and als patent puting it in a PDA and patent putting it in a phone/PDS combo. HAHAHAH!
Please correct me if I got my facts wrong.
That's easily solved. I locked myself out of a Dell laptop I got used a while back. Called Dell the first time, and asked for all the information they could give me to contact the previous owner. Called again and gave them all that info, and they said it was good enough, so I got the unlock code.
* A frequency counter
* A scanner with discriminator output and a transmitter -or- a tranciever
* A recording device
This scheme has about the same amount of security as a proximity card.
No, Beowulf clusters can't imagine in Soviet Russia.
You could always just use a password protected screen saver.... not as hi-tech, but effectively does the same thing... well kinda.
I sure hope they test whether the reply comes within a hundredth of a microsecond or so. Otherwise, one could follow the victim to the restaurant, relay the challenges from his PC to the restaurant, and relay the responses back to the PC, which would then faithfully decrypt.
Rop
At the beginning of the process, the user enters a password on the watch. "That's to make sure an imposter isn't wearing your token," Noble says. Then, each second, the laptop broadcasts a cryptographic request that only the token can correctly answer. This procedure, an exchange of cryptographic numbers, is a standard security measure.
People will still use stupid passwords. GONG!. They'll use the same letter conventions that 99% of the population uses. I guarantee that one guy with a high-end laptop could walk through an office and guess 99% of the passwords within a few minutes. Or maybe they'll guess 1% and get the temp's password. Good enough, access to the internal network is almost always sufficient to own the rest of the network.
There is no technology that will override stupidity.
Why not buy a mouse that recoginses your fingerprint they only cost ~£40 ($60US) or a keyboard that does the same both by Siemens (see http://www.fujitsu-siemens.com/rl/peripherals/keyb oards/kbpcid.html for the keyboard)
This is something I thought of a few months ago. I thought it might let you save electricity also if you had a presence and authentication system as it could make things go into power saving when noones present. Theres tonnes of other things that could be made easier with this presense system. =)
Pixels keep you awake!
Imagine a watch store of those ...
or:
It would probably be classified as a server park.
The fundamental problem with biometrics is that you can't change your keys. You have a set of fingerprints, retinal patterns, DNA sequences that are really pretty damn hard to change.
Biometrics can only work with strong physical security to ensure that the tests aren't being compromised (i.e., someone hacking the device).
To steal your password I have to look over your shoulder, and once done you can change it. To steal your authentication token, I have to pick your pockets, and once done you can get a new one. But I can pull your fingerprints from anything you touch, and you'll have a much, much harder time changing those.
Biometrics are often portrayed as the panacea for authentication, but of the three 'seomthing you X', it's really the weakest. Haven't we learned yet that there's no such thing as a silver bullet?
I remember reading an article about a system like this years ago - running somewhere like ARM's labs in Cambridge. They were using it for desktops rather than laptops, but that is a detail. More importantly, they had hooked a load of other systems up to the ID. It provided the security access to the building - no more fiddling for cards, the door unlocks as you approach. Rather than just blanking off the screen as you waked away from one workstation, as you moved towards another workstation, it moved your "desktop" to that station, so that your work could "follow" you round the building. And, by detecting which room you were in, the phone system could route calls to you wherever you were.
There are a lot of questions (privacy etc) about those other uses, but a system which gives you multiple returns from the single cost of wearing some kind of ID is much more likely to be adopted than a single dongle for a single job.
Consciousness is an illusion caused by an excess of self consciousness.
The ZIA paper does describe a technically nice piece of work, and its specific approach may be novel. But the omission of references to prior work related to user tracking and ubiquitous computing approaches really leaves me wondering whether the authors have done their homework and whether this is really the first time that the method has been published. I think the authors would do well to track down more HCI references on beacons, wearable tags, physical user interfaces, and tracking.
Note that, in terms of hardware, you can fairly easily implement such a system these days with a Bluetooth PDA (which you wear on your person) and a disk encryption card. The range for Bluetooth is perhaps a little far, but tinkering with the Bluetooth dongle and some conductive paint should fix that.
I can just see this becoming a trend once people realize that passive tokens are insecure in general. You'll have one watch for your laptop, another for the office building, one for the car, one for your gun, one for the community swimming pool...
I use an encrypted filesystem (BestCrypt, available from Jetico on my Linux notebook to protect sensitive data. The passphrase is queried during boot, if it is not entered, the notebook is basically a stock Linux notebook.
/tmp is on a RAM disk.
In addition I've put up restrictive packet filters (no inbound traffic) via iptables.
Now if I close the notebook, the lid switch detects this and prompts for a password next time the lid is opened. The notebook will lock up after a number of incorrect entries.
If I leave physical vicinity of the laptop I always close the lid (it has become a habit). If someone steals the notebook while I'm away, they got three tries on my password. After this they have to reboot and will find the encrypted partition unaccessible.
Works for me, and I think it's pretty secure.
I'd take off my watch (like I always do), and then walk away leaving it next to the computer. That'd defeat the purpose pretty quick!
Stalk you so the laptop decrypts when he is near you...
Can you revoke your watch from unlocking the laptop even when you still have the watch, but the laptop is already missing?
http://www.secure-it.com/products/linkit.htm
although Zia is different and more powerful in many ways from this system, the basic idea is there, (when you walk away it secures the laptop.)
In Soviet Russia, Trojan exploits YOU!
What they should do is have transparent encryption on the disk and let the user turn it off with a ctrl-alt-del-like key sequence then use a password when he gets back to turn it back on.
I bet that's out there somewhere.
It's Christmas everyday with BitTorrent.
...would be for him to switch to the Democrats. Then his racism would be OK.
What about a watch that periodically samples biometric data from the skin beneath it?
There are wristwatches that sample glucose for monitoring diabetic's blood-sugar level, such as the GlucoWatch.
There are also devices for processing fluids in a microsystem, such as the MEMS's Biochip.
In the near future the wristwatch could eliminate the need for visible user-token authentication, or at least reduce its frequency. This would greatly increasing both the security of the system and its ease of use.
I expect my employer will be handcuffing me to one of these any day now. I work for %&#CARRIER LOST
I can think of a couple of ways to make this type of communications more secure:
1. Equip the laptop with a 'detection' antenna, as it already has. This simply detects that the wearable part of the ZIA is in the area so that it knows to begin the challenge.
2. Use some of that encrypted data that was created when the computer locked up to feed into a random number generator.
3. Send the random number to the authenticating device.
4. Have the authenticating device digitally sign the randomly generated number (like PGP signature) and send it back to the laptop.
5. The laptop checks the signature and either authenticates or locks up untill somebody with the password comes along and physically types in said password.
Turning off the ZIA after a failed logon attempt will protect against repeat attacks, which is a huge part of any cryptanalysis I've ever seen.
...and make it so you can't access your computer unless you have 666 on your forehead or hand?
Eagles may soar, but weasles don't get sucked into jet engines...
Imagine when everyone has a bunch of RFID cards like that. Then you could uniquely identify a person by the combined signature of his cards. Now all Big Brother has to do is to put up scanners in crowded places, feeding results into the TIA database. Welcome to Minority Report.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
excuse the pun. I got a ring from Apache Con that has a JVM built in. It can't do wireless though. The ring has to be touching a connector device to communicate. Wich it doesnt do. I have not figured out how to use this ring yet, and its too big. But it sounds like it could be programmed for similar purposes.
TallGreen CMS hosting
You want a toe? I can get you a toe, believe me. There are ways, Dude. You don't wanna know about it, believe me.
Yeah, but Walter...
Hell, I can get you a toe by 3 o'clock this afternoon...with nail polish.
I Wonder,... If Phreakers Can Get Car Alams Frequencies What is To Stop Them From Getting This one And Cracking The Encryption Pattern (Ok,Ok It's A Little More Complated Then That But Think About It Really...
my token's battery ran out at 2am. I guess i can only get to my stuff after the corner store opens.
A now defunct company, First Access, did "Vicinity Authentication" in 1998. The product used a proprietary RF/IR card and sensor combination. The card could be worn anywhere and the sensor would hook up to RS-232. It was cryptographically secure and worked well. Several untis were sold to German and Australian companies. Unfortunately, First Access' management didn't know what to do with themselves and the company died a slow painful death.
First of all, someone mentioned above that "we all know that most laptop thefts are not by criminals that want data". While I have not seen any statistics one way or another, I think the different components of a laptop are worth more to different people. To a basic consumer, the hardware itself is probably worth more than their vast archive of Britney Spears mp3s (you're not ashamed, are you?). However, from a corporate or government perspective, intellectual property or intelligence is worth orders of magnitude more than the actual hardware cost. The hardware value is going to decrease over time anyway, but information in the wrong hands can put a company out of business or allow other nations to build nuclear weapons that much more readily.
Secondly, it is possible to have tokens with some intelligence (unlike RFID cards) yet don't require an internal power source. There are a number of companies that have developed contactless smart cards that might prove useful for this project:
FARGO
HID Corp.
Inside Contactless
Granted, these products don't have much more range than 10cm and a smart card is not necessarily a form factor that is best for this application, but the technology does exist. It would seem the iPaq and 802.11 connection they use for their research is good enough for proof-of-concept.
Thirdly, for people who have mentioned Scramdisk and DriveCrypt, did you even read the research paper? They aren't worried so much about encrypting the whole filesystem. That's been done before (with the products mentioned, plus CFS and MS's EFS). They're more concerned about the files that may be in the disk cache. Also, it's not the encryption process that's the annoyance for the user, it's the decryption process. Sure, you can easily lock the screen with a swift keystroke. But usually you're required to type your password in every time you want to decrypt. This "token" that they refer to could be considered like an agent in the ssh world, or doing a kinit in the Kerberos world. You authenticate to the token once, then it does the strong authentication for the decryption for you for a fixed period of time.
Oh, and the lost token concern? That's what key escrow is for and could potentially be considered outside the scope of this research. If data recovery is a concern, organizations can store a backup of the key (securily of course!) that can be used to decrypt the data without requiring the token (i.e. pull the drive and read the data with speciallized software). Key escrow is common practice at many organizations. However, an escrowed encryption key should NOT be used for data signing as non-repudiation becomes much more difficult to prove. Besides, the authentication method and encryption method should be sufficiently separated so that in the event that one of the keys is compromised, the other component is not affected.
Sounds like just the thing for a professional paranoid, such as myself. Now no one will be able to view my pr0n.
This space intentionally left blank.
Feel free to contact me (flames about my english and the useless of this /dev/null, oh no, it's full...).
driver will be redirected to
-- Michael Beck, describing the PC-speaker sound device
- this post brought to you by the Automated Last Post Generator...