Slashdot Mirror
New Software Secures Data when Owners Walk Away
Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data
is accessible to anyone who gets hold of it. To limit this risk many users
configure their systems to fall into a "sleep" mode after a period of inactivity
and ask for a password before the system can be awakened. This constant re-authentication
proves to be a headache for many users. Now a Professor and his
graduate student at at the University of Michigan have come up with a system
called
Zero-Interaction Authentication (ZIA),
described in this article in The Age,
to protect data on mobile devices.
The system works by starting to encrypt data
the moment the owner walks away from the system. The owners wear a token with
a encrypted wireless link with the laptop. If the token moves out of range the ZIA
re-encrypts all data within 5 seconds.
If the cryptographic token moves within range the system decrypts the information for the
owner.
The token, which could take many forms, is currently a wristwatch with a processor
running Linux designed by IBM."
would it not be more sensible to make the token a passive device, like one with an RFID
I'm not an expert in encryption, but I have had serveral security related dongles and all of them were a pain in the arse.
it would seem that there are technologies (I've read about) that can return specific information passively when hit with specific radio frequencies. Wouldn't these be more easily used than a powered device like a watch?
Anyone else know more about these technologies?
Specifically, someone with such a token getting clubbed on the head and stuffed in the office supplies closet, and his token stolen.
But what happens when the neighborhood/college/company bully steals your watch?
If you celebrate Xmas, befriend me (538
Sounds like the smartcards to me where you stick it in the slot & it knows your password, domain, etc. Console is locked unless you have the card.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
That you wear on your finger? :^)
Gimme your watch, punk!
Great! Now I'll have a growth on my arm from my ZIA wristwatch to go along with my brain tumor from my cell phone!
To make a pun demonstrates the highest understanding of a language
What about using some kind of biometric data, like key cadence, or a profile of typical mouse movement characteristics (like icon overshoot?) to do it? That way its totally seamless, although one could still do some damage as it would take a few input events to establish the identity.
Sure, its not foolproof, but who wants to wear an identifying token?
http://www.masturbateforpeace.com/
For those of us who don't want the Acrobat plugin crashing our browser: Google's handy PDF->HTML cache.
Karma: Excellent (fuck, even in the future moderation doesn't work!)
What happens if you take your watch off and leave it next to the computer? It never encrypts!
Worse yet---what happens if your watch gets stolen? Now you can't get at your data! Better make sure you get the Casio watch option instead of the Breitling. No one would want to steal a Casio POS, so you should be safe.
Yeah, right.
I have a v8 engine block set to fall on my hard disk if I'm away for more than five minutes (3 minute walk to fridge(coke!) and back)!!!
Your security is nothing compared to that!!!!!
You can't judge a book by the way it wears its hair.
Soon to be a chip implanted in your hand.
Don't forget the barcode on the forehead!
I'd much rather computers go wearable than implantable...
I keep all mission-critical and government-classified information on portable USB Flash DRAM-based storage devices. They're incredibly portable and can be brought to the gym, in the car, to work, back home, swimming, hiking, biking, etc.
To be perfectly honest, I just can't bring myself to respect anyone who would leave a $4,000 laptop with supposedly top-secret information on it sitting out on a cafeteria table or something while they go sit in the bathroom and read the paper.
Just stick with portable USB drives. They're cheap, efficient, fast, and more secure than any fly-by-night research project out there right now.
If you celebrate Xmas, befriend me (538
hmmm....we have a watch, it obviously has some sort of wi-fi networking if it can keep in touch with the computer. How long until someone is assasinated by launching a DoS attack against his watch? It may not kill, but at least cripple as the watch burns its way through the flesh as the poor NIC on it is overloaded.....
This is yet another device created by geeks for geeks. These researchers probably think this is a good idea, but do they really think it is a good idea for most people? How much market analysis was done? How much usability testing? Well, at least they are targeting corporations and large organizations. There might be some money in it down the road.
How to Download YouTube Videos
Security for the people too lazy to practice good security habits. Yay. Although I suppose this will make life easier for certain sysadmins...
At any rate, my question is "When will this be used to make smart guns?"
More and more laptops/palmtops incorporating a camera as part of the design, so why not use facial recognition to lock the pc.
Short of growing a beard before you get back to the laptop it'd be a cheap workable solution.
Then you don't have to remember/wear some crazy ass security dongle.
When you stand up, hit ctrl+alt+del. When you sit down, type in your password. I had to do it at one company, and now it's just habit. Not exactly a tough thing to do. I think that these guys are trying to solve a non-problem.
With a combination of a prickly bios password and some sort of hardware lockout?
I had a crackhead friend bring me one of these recently asking if I could make it work. I spent about 10 minutes reading posts about the hardware lockout and figured out it wouldn't happen without him calling dell. It was of questionable origin and he did not want to do that.
He then insisted on leaving it at my house for two fucking weeks insisting that i'm a computer genius and I could figure it out, despite the documention I had read.
Two weeks later he came back accusing me of being too lazy to have a look at it. Isn't that just the way it goes when you're the computer fixit guy?
The original is here. At least they waited some weeks before reposting it.
What does it actually encrypt? All sensitive data? I doubt it could do that in 5-6 seconds. Also, how do you decrypt the data if you lose your key? Or what if you fire the employee and don't get the key back? How will you get the data, then? Is there a back door for sysadmins?
Sex - Find It
A token can be easily misplaced, duplicated, or bypassed. A password is NOT a big deal to enter when you sit at your desk. If they're too lazy/clueless to enter a password, they shouldn't be responsible for any secret information.
Use a program like Scramdisk or the commercial version Drivecrypt. Keep all of your critical files on the encrypted partition. When you leave your desk, activate the screenserver with a keystroke.
Unless someone knows your password, you're safe. If they reboot, the encrypted disk is inaccessible.
What's the big deal?
I don't see this as being very practical.
How fast will this encrypt/decrypt data? I probably have well over a gig's worth of 'sensitive' documents and data on my laptop, stored in various directories (and unfortunately the approved OS at work is winblows). Encrypting will not take mere seconds.
More often than not, when I'm not at my desk I'm a few cubicles away working with other co-workers. Sometimes I'm not away from my desk for more than 10-15 seconds. Right now if I suspect I'll be gone from my desk for a while, and it's not in plain view, I'll turn on my screensaver (password locked) with a touch of 2 keys. This system sounds like it will arbitrarilly start encrypting my data as soon as I'm outside a specified range. If I'm away for just 15-20 seconds, this seems very impractical. Not to mention other things, like forgetting the transmitter at home (how many of us have forgotten our work passes at home once or twice?), having the battery die, etc.... On such occasions you'd be totally locked out from accessing your own data.
No thanks, this seems way too impractical for my taste. Move along, there's nothing to see here.
It's better to burn out than to fade away
While I applaud these people for making steps to make it harder to casually get information off of laptop computers, it still does not stop other attacks on such a system. Flooding the laptops area with uniformly strong signal that matches the watch's key would be as difficult as acquire-and-replicate. There seems to be a smart card like system with keys, and key encrypting keys.
It's very comprehensive, and it addresses many aspects of the social and technological attacks.
In my mind, the weak link here is clearly the watch. Watch technology isn't very complicated (read: very big), and how many designs could their possibly be? If one knows where the hardware information is located, a system replacement under the face, and you've got some issues. How many people wear watches to bed at night? Or in the shower? Difficult, but possible
A quick couple of replacements, and you have a watch that has a short range transmitter also transmitting the information that you'd need to dissolve the encryption link, and maybe begin a traditional man-in-the-middle attack. Once you see what cards the watch is holding, shouldn't the rest of the exchange be trivial?
While this is a great mechanism for an encryption scheme, what attacks are there against the physical and social component? These are the items of which spy thrillers are made, and will probably (hopefully) never come into play.
All in all, an excellent read from the UMich folk, and they have my applause.
--jaybonci
From what I understand, this new system decrypts the cache when you come within a certain distance and re-encrypts when you go past that distance, does this mean that doing the hokey pokey (you put your left foot in...) could lead to a system crash??
As always, the weakest link will be the user. I can just see some schmuck decide that he's tired of waiting six seconds every time he gets back from the water cooler, and so he leaves the wristwatch next to the laptop at all times.
Let me use a ring, then I only lose a finger when someone wants access :~)
Guess what? I got a fever! And the only prescription.. is more cowbell!
If the password is received and is correct, the computer stays in public mode. IF the password is incorrect: either
So the laptops locks up until you start to use it and the watch recived a timed ping, or you initiate the send from the laptop.
This system provided user authentication and data security, the two main points of a secure system.
Great, something else to buy. My fingers are cheaper and I'm not one of the people who has a problem logging in with a password. Why should I fork out cash for this?
Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it
I was taught that once someone has physical access to a system, it's game over with regards to security.
In other words, the authentication system will only deter, not stop unauthorized access. How about just taking the laptop with you?
The distinct flushing sound one hears as he backs away from his device is the users 'sensitive' data being stored safely where no man is sure to venture.
Only the men with get this joke..
The watch is running Linux; how many possible programs can there be? More than there are particles in the universe...
There are lots of challenge/response identification schemes that run nicely on my old 200 Mhz PII box that would be very hard to crack with current technology, so I would have faith in that part of the system.
It's psychosomatic. You need a lobotomy. I'll get a saw.
Like putting a bell on the cat. "Pat your manager on the back" and then you can rest assured surfing freely knowing that the next time he comes within 15 feet of your desk, a browser window will open maximized pointed to http://java.sun.com.
Or tag the girlfriend and always hide the pr0n!
As much as I enjoy the free publicity, this has been posted on slashdot before.
To correct a serious error that appears in this article and in the nytimes article this was cribbed from: The system was NEVER run on the IBM watch. We mentioned it as a possibility and somehow it was taken as fact.
I welcome the comments on the work, however remember that the world of university research is often more forward looking than the commercial world. That is our job!
Sounds like a nice idea. However we all know that once physical security is compromise the rest is all down hill. On-top of which, a thief that is just after the machine and cares nothing about the data will still take the machine. He doesn't know that you have a proximity sensor (whether it uses encryption or not). What I would like to see is a tool and/or system that has the kind of reliability and name recognition that something like low-jack has. What I mean is something that a crook will look at and walk away because he will recognize that it will be more trouble than it is worth. Even if he is just stealing it for the hardware. Something that he knows he just can't slap in a windows boot disk and format. Because we all know that most laptop thefts are not by criminals that want data. Its the common crook that just wants a buck. Granted what would also bring down those thefts would just be the prices in laptops coming down, the prices on those haven't fallen nearly as close to the same rate as desktops.
:)
For now I will continue to dream and maybe even write a book entitled "2085" by Ali Orwell.
I'd say why not brute force the thing, but here's something easier...Make a device that constantly scans for the signal of a token (there has to be some characteristic fingerprint to the signal). When it finds one, remember the signal and indicate to the user. User then goes and mugs target, takes laptop, uses stored signal. We've shown that man-in-the-middle attacks are do-able for a system like this, so why not keep with what works? If one knows how the system works, and can get a long enough string of interactions between the token and the server, then the key is vaunerable. Maybe this means that you have to tail the guy for a while, but let's be honest - if he's using one of these systems (I don't imagine they come cheap) then there's probably somehting worth stealing on that machine, if that's what you're up to. Make a scanner that tracks the signature of packets, walk around the financial centers of the world, and then the device goes off you know which laptops to take.
On another note, this reminds me of the plan to put RFIDs in the new high-denomination Euro-notes. Something like takes all the effort of guesing who to mug: emit the signal, and anytime you get a response, you know the guys's packing a high-value Eruo-note.
Cue The Sun...
Anyone who wanted your information that much should be willing to beat up up for it - I feel that this just makes it one step easier to get your information. Anyway, it's not even a new idea.
Why not use an encrypted filesystem and store the key in the token?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
good security should always be based on at least two of the three from the list
Something you have
Something you know
Something you are
Anything that relies on just one of these catagories is going to be significantly easier to break than one the follows the rules. Most commercial security these days is based on something you know (password) and nothing more. Good security systems require all three, biometrics, password, and a physical token. biometrics are suseptible to advanced attacks but thing like thermal imaging for skull structure combined with retinal imaging is pretty close to unbreakable. Passwords are notoriously lacking because passwords strong enough to be secure are difficult for most people to remember so they end up either weak or written down. As for token systems other than smart cards and the IBM watch I have not seen many implementations out there.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Or "defused" by a robot with a bolt gun...
I don't think it encrypts, but IIRC, there are hospitals that use bluetooth for automatic login/logoff when a doctor approaches a terminal, so this is nothing new or revolutionary. It is one of the things bluetooth was originally designed to accomplish.
I guess the hackers of the future will be both hackers and pocket thiefs. The man in the corner selling clocks get a new buisiness.
"you want an www.ibm.com/we/own/joo or a www.bank.com/all/your/base/is/in/my/pocket?"
HTTP/1.1 400
If you're talking about WindowsXP/2000, you can lockout automatically on a 60 second screensaver or whatever. You can also enable lockout on resume from a suspend. And finally if you just NTFS and a strong name/password, then EFS to encrypt your My Documents (or whever your secret recipes live), someone could physically take the drive out, put it in another machine, and not do much with it. Im sure there are *NIX versions of all of these things too, which, when employed together, can be setup once, and pretty much forgotten about by the end user's standpoint.
I'm Rick James with mod points biatch!
But passphrases are sooo hard to remember! If it were up to me, I'd use my voice as my passport, to verify me.
On the other end of the spectrum, you want to avoid what I see at work... I use 12+ different Oracle databases which expire in uneven rotations (# includes dev/test/production), an NT account, SAP software payroll account, and if I want to work off-campus, they're now giving out these RSA fob-number-generators, where you have to enter the 8 digit number generated every minute (and synchronized to the base station) into the VPN software you use to dial in. Not exactly the most user-friendly authentication system.
How lazy can u be... I type my password without thinking now.
It was discovered soon after the press release that the "zero interaction authentication" system was vulnerable to a transmission replay attack. This attack may prove fatal to the design; in any case, it should take a few years to get the kinks worked out, so don't expect it on your desktop any time soon.
I hereby place the above post in the public domain.
Really, this is nothing new. People have been using physical tokens for authentication for years (although usually for the added security value). In this case the token is being used to increase convenience, not security direclty (although the end goal being to improve security indirectly), which is what makes it different.
Of course, if you are the kind of person who'd leave your watch next to your laptop when you go to the bathroom, I'd recommend against using this. ;)
A possible solution is to generate a second low powered signal from the laptop; this signal would be generated from nothing more than some strongly encrypted hash, and most certainly be an AM signal. The nice thing about strong encryption is that it should be pretty much indistinguishable from random noise, so the this signal would be indistinguishable from background noise.
Then you have the frequency the signal is broadcasted on randomly shuffled based on the current time. The laptop and the token are time-synced (not a problem, most decent cryptographic tokens are time-synced anyway), so the token is always listening on the correct frequency.
At this point you have the correct waveform, although its amplitude will depend on your distance from the device. Every tenth of a second, or something, normalise the signal based on the RMS power, then compare the input signal based on what you compute it should be (you know the secret, so you can also compute the hash).
To fool this system you have to replicate the exact signal as it bounces around frequencies. Since it's bouncing around frequencies you can't just repeat the signal you're recieving on a specific frequency, since that won't matter. Further, for each part of the signal you repeat, you'll be off in intensity by a certain amount based on the frequency you're tuning into relative to the frequency its actually being transmitted at, and unless you can exactly predict the pattern you your error will vary. You can't track the frequency since you'd need to break the encryption. Really, this is nothing more than frequency scrambling that's been used by the military to secure communication for years, used in a slightly different way.
I'm sure there are other ways to solve the problem. So yes, it could be a problem if it wasn't taken into consideration, but it is a solvable problem.
As others have already mentioned, unless the article had it all wrong, it seems that you're going about this the hard way. Why not create an encrypting FS driver along the lines of Scramdisk or DriveCrypt that always stores the disk data in encrypted form and only decrypts it upon reading? The token would then simply provide the key, and when it's not present, you simply can't decrypt the data, without requiring a lengthy de/encryption process each time you leave and return? In addition, you could make the driver smart enough to let you encrypt only certain directories, plus you could still keep the cache encryption functionality as it is now.
Don't mean to be a grammar nazi, but... from the don't-lost-your-watch dept
Is that poor grammar, or just hedging their bets? The alternative is to misspell "lose" as "loose," which is definite grammar nazi fodder :)
It all goes downhill from first post
What happens when the decryption key device fails or is lost or stolen?
I'm a netadmin for some not-very-savvy users, and if I couldn't restore access to their data just by resetting their password then they are all in trouble.
This is an issue for a lot of encryption solutions, not just this one. Is there a master key list somewhere than can be used to recover encrypted files or volumes or at least recreate the encryption key device? How long would that take? (This opens another discussion over security of the master list and key-changing and reencryption procedures for lost and stolen tokens.)
And what if the device gets stolen? I have a security token that requires a PIN in conjunction with its security (both the PIN and device are needed for access), but in the case of this article the whole point seems to be to avoid entering a password or PIN.
I think there should be some special facial expression that users have to do as a password.
Hey it might be a silly idea but it would be damned funny to watch.
(Disclaimer: USA Fortune 500 company bias)
Every time I read about encryption and other security technologies I have to wonder how much effort it's all worth. Mainly I compare to physical security of paper, for example.
In most businesses several people have keys to everyone's office. Think IT staff, janitorial staff, security staff, higher levels of management and facility maintenance. In my experience much of the information that might be desired by compromising computer security is readily available to many in paper form on a desk or in a filing cabinet. Okay, the filing cabinet key may not be shared by many.
Briefcases and similar carry-alongs tote a lot of confidential paper.
Encryption always worries me because it seems to easy to accidentally or forgetfully cause the data to be lost forever to everyone including the data 'owner' and his/her management.
The parent post provides some good examples of how some computer security can be used against the 'protected' user.
Well, I've sort of made my point, but I'm too tired to clarify it, so I'll stop here.
At the beginning of the process, the user enters a password on the watch. "That's to make sure an imposter isn't wearing your token," Noble says. Then, each second, the laptop broadcasts a cryptographic request that only the token can correctly answer. This procedure, an exchange of cryptographic numbers, is a standard security measure.
People will still use stupid passwords. GONG!. They'll use the same letter conventions that 99% of the population uses. I guarantee that one guy with a high-end laptop could walk through an office and guess 99% of the passwords within a few minutes. Or maybe they'll guess 1% and get the temp's password. Good enough, access to the internal network is almost always sufficient to own the rest of the network.
There is no technology that will override stupidity.
Publish the contents upon death? Now we only have to kill the user to get to his data without any inconvenient password cracking. Requires complete lack of conscience, but there are lots and lots of people who fulfill that requirement (heck, some people kill a friend over a fscking beer - let alone his encrypted pr0n collection), and it's a hell of a lot faster!
Never underestimate the power of stupidity
To err is human, to moo bovine
The fundamental problem with biometrics is that you can't change your keys. You have a set of fingerprints, retinal patterns, DNA sequences that are really pretty damn hard to change.
Biometrics can only work with strong physical security to ensure that the tests aren't being compromised (i.e., someone hacking the device).
To steal your password I have to look over your shoulder, and once done you can change it. To steal your authentication token, I have to pick your pockets, and once done you can get a new one. But I can pull your fingerprints from anything you touch, and you'll have a much, much harder time changing those.
Biometrics are often portrayed as the panacea for authentication, but of the three 'seomthing you X', it's really the weakest. Haven't we learned yet that there's no such thing as a silver bullet?
I remember reading an article about a system like this years ago - running somewhere like ARM's labs in Cambridge. They were using it for desktops rather than laptops, but that is a detail. More importantly, they had hooked a load of other systems up to the ID. It provided the security access to the building - no more fiddling for cards, the door unlocks as you approach. Rather than just blanking off the screen as you waked away from one workstation, as you moved towards another workstation, it moved your "desktop" to that station, so that your work could "follow" you round the building. And, by detecting which room you were in, the phone system could route calls to you wherever you were.
There are a lot of questions (privacy etc) about those other uses, but a system which gives you multiple returns from the single cost of wearing some kind of ID is much more likely to be adopted than a single dongle for a single job.
Consciousness is an illusion caused by an excess of self consciousness.
The ZIA paper does describe a technically nice piece of work, and its specific approach may be novel. But the omission of references to prior work related to user tracking and ubiquitous computing approaches really leaves me wondering whether the authors have done their homework and whether this is really the first time that the method has been published. I think the authors would do well to track down more HCI references on beacons, wearable tags, physical user interfaces, and tracking.
Note that, in terms of hardware, you can fairly easily implement such a system these days with a Bluetooth PDA (which you wear on your person) and a disk encryption card. The range for Bluetooth is perhaps a little far, but tinkering with the Bluetooth dongle and some conductive paint should fix that.
http://www.secure-it.com/products/linkit.htm
although Zia is different and more powerful in many ways from this system, the basic idea is there, (when you walk away it secures the laptop.)
In Soviet Russia, Trojan exploits YOU!
What they should do is have transparent encryption on the disk and let the user turn it off with a ctrl-alt-del-like key sequence then use a password when he gets back to turn it back on.
I bet that's out there somewhere.
It's Christmas everyday with BitTorrent.
Imagine when everyone has a bunch of RFID cards like that. Then you could uniquely identify a person by the combined signature of his cards. Now all Big Brother has to do is to put up scanners in crowded places, feeding results into the TIA database. Welcome to Minority Report.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
Publishing implied things that people would rather didn't get out; ie. blackmail etc. ^_^;
A now defunct company, First Access, did "Vicinity Authentication" in 1998. The product used a proprietary RF/IR card and sensor combination. The card could be worn anywhere and the sensor would hook up to RS-232. It was cryptographically secure and worked well. Several untis were sold to German and Australian companies. Unfortunately, First Access' management didn't know what to do with themselves and the company died a slow painful death.