Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Location-Based Encryption

Posted by michael on Fri Dec 03, 2004 09:34 AM
from the what-if-the-hub-goes-on-the-fritz? dept.
Security Encryption Businesses IT Apple
davidwr writes "Eweek reports Apple co-founder Steve Wozniak has a new way to prevent theft of company secrets on stolen laptops: 'Wozniak offered a peek into his vision for the company on Ziff Davis Media's Security Virtual Tradeshow, where he introduced "wOz Location-Based Encryption," an application that uses GPS tracking within a wireless hub to encrypt and decrypt sensitive data for large businesses.' Today's encryption is good enough but I do like the tracking capability. Imagine your laptop screaming 'I'm being stolen! I'm being stolen!' and paging security as the janitor walks out the door with it."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Location-Based Encryption 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Not totally secure? (Score:5, Insightful)

    by nmg196 (184961) * on Friday December 03 2004, @09:35AM (#10985685)
    All GPS devices I've come across simply stream out NMEA data from a serial port (or over a bluetooth connection). What would stop someone that really desperate to get the data from hacking the GPS module or the dongle so they can stream in their own forged (or recorded) NMEA data which reports the laptops current position to be where they stole it from (after all, they should remember)? Usually anything these days that requires a GPS uses a standard GPS module, and at some stage, the position data from it ends up in an interceptable form on the edge interface of some module. Hardly bulletproof security?

    • Re:Not totally secure? (Score:5, Interesting)

      by jmcmunn (307798) on Friday December 03 2004, @09:41AM (#10985760)

      Better yet, my portable GPS device allows me to "set my location" temporarily in case the signal is not strong enough. This allows the device to at least estimate where I am if it has a weak signal somehow. I don't really get all the details...but it works so I don't complain.

      So what's to stop someone from doing essentially the same thing with the laptop? Just tell it "you're still in the building" and you'd be all good. I think this is a pretty cheesy idea for security, you can always figure out a way to lie to a machine, regardless of what lie you're telling. This is less secure than a well-encrypted password if you ask me, or course I assume that the machine would still have the password as added security, so I guess that argument shouldn't carry any weight.

      • Re:Not totally secure? (Score:5, Informative)

        by nmg196 (184961) * on Friday December 03 2004, @09:55AM (#10985948)
        > This allows the device to at least estimate where I am if it
        > has a weak signal somehow. I don't really get all the details...
        > but it works so I don't complain.

        Well a GPS receiver has about 8-12 channels with which to look for the satellites. If it knows roughly where you are, then it can use that information, together with stored almanac data (info relating to the orbital positions of the satellites over time) in order to better guess *which* satellites it should try locking on to. It basically speeds up the process of getting the all important 'first fix'. If you didn't tell it where it was, it would simply take longer to get the fix - but it would still get there eventually.

        I must admit, I wasn't too impressed when I received my first GPS and the very first question it asked me when I turned it on is "Please select the location of this device using the map below". I was like, "huh, aren't you supposed to tell me that?!". :)
          • Sorry - I've just watched Finding Nemo and those turtles must have really got to me :)

            • Re:Not totally secure? (Score:4, Funny)

              by Mr Guy (547690) on Friday December 03 2004, @11:04AM (#10986892) Journal
              Don't appologize. It's not your fault you were using slang that actually does mean what you were trying to convey. I'm assuming didn't actually speak to the device, correct?

              So in other words, you inclined to feel as though the machince should be telling you. Or perhaps your feelings could be described as resembling the emotions that sentence expressed. I think you'll find that's what the word like means, regardless of whether that's an encouraged sentence structure.

              If you feel I'm wrong, explain to me what's fundamentally different about the following sentences, besides using a sentence to describe the feeling instead of direct simile:

              I was like a cloud.
              It was like a state of total weightlessness.
              It made me feel like I buzzing around.
              I was like, "Wow, I'm a cloud".
    • I seriously doubt they would use only GPS data as an encryption key. Likely the dongle is doing challenge-response interactions with the wireless hub, and certain actions get triggered when the hub is no longer in wireless range.

  • Or other more malign actions (Score:5, Funny)

    by _the_bascule (740525) on Friday December 03 2004, @09:37AM (#10985704)
    paging the boss, 'he's going home! he's going home!'

  • Alarms (Score:5, Funny)

    by Anonymous Coward on Friday December 03 2004, @09:38AM (#10985722)
    What if they had that for cars? Imagine someone tries to steal one and an alarm goes off! Everyone will pay attention and call the police right away. Car theft will be a thing of the past for sure...

  • Does not work for cars too well (Score:3, Interesting)

    by mi (197448) <mi+slashdot@aldan.algebra.com> on Friday December 03 2004, @09:38AM (#10985724) Homepage
    Automobiles had various "I'm being stolen" devices for years. From overt obnoxious sirens, that wake up the neighborhoods in the middle of the night to covert "Lo-Jack" and others. Does not help as much as was, I bet, expected.

    Or does it?

    • LoJack does work, apparently:

      Google Answers [google.com] that links to a Carnegie-Mellon study about it.

      --RJ

    • My auto insurance company offers a blanket discount for "theft deterrent devices." I think we can safely assume that if an insurance company is willing to cut prices 10% because the ignition locks up if it's fiddled with, then there really is a measurable deterrent effect.

      It's quite obvious that the systems won't stop a dedicated thief, nor will they prevent many other sorts of insurable damage. But they obviously have some overall effect.

    • Unfortunately, these "I'm being stolen" devices also get set off whenever there is a major fireworks show like the Edinburgh Festival. Which of course is exactly at the same time as there are large numbers of visitors and their cars in the area.

  • This could be applied to other things as well (Score:3, Interesting)

    by uid100 (540265) on Friday December 03 2004, @09:39AM (#10985726)
    Some though would have to be applied to this, but a GPS system in your car that alerts you if some operational parameters are crossed would be nice.

    "Hey, I'm being towed away from the parking garage, even though my keys are more than 100 yards from me"

  • Zztxt Flrqtp fnz p47eltnzd. (Score:4, Funny)

    by mothz (788133) on Friday December 03 2004, @09:39AM (#10985728)
    Zztxt Flrqtp fnz p47eltnzd.

    Oh, I'm sorry, you need to move two steps to the left.

  • Do you keep your laptop solely in the office? (Score:5, Insightful)

    by mpathetiq (726625) on Friday December 03 2004, @09:39AM (#10985731) Homepage
    It seems like the real risk would be when you are on-site, traveling, etc. As a consultant, my laptop never leaves my side. I'd hate to have to "check out" every time I left the building. Also, I don't think I would like my employer having the possibility of tracking my every movement. Sure, you could turn off the tracking, but then you've lost the security as well.
  • ...thieves put stolen laptops in bags lined with aluminium foil. (can also be used for hats)

  • Um.. (Score:3)

    by Daniel Boisvert (143499) on Friday December 03 2004, @09:40AM (#10985752)
    Does anybody else see a problem with a laptop you can't use outside of the office?

    It's not like you'd buy a laptop so you could TAKE IT WITH YOU and work outside of the office, or anything..

  • Shut Down? (Score:5, Insightful)

    by ZZeta (743322) on Friday December 03 2004, @09:40AM (#10985755)

    Ok, may be I'm missing something, but wouldn't a simple shut down get rid of this 'feature'?

    And before you tell me how you can't shut it down without the apropriate password: Unplug / get rid of the battery. If you're stealing the notebook, why would you mind turning it off? After all, there'll be plenty of time back home to retrive the data.

    • Require a password on boot to unlock filesystem-level encryption.
    • Simple. Just have your server ping the laptop every second and launch an alarm if the connection goes down.

      Unless you knowingly turn the watchdog off, I can't see a way to work around this that doesn't involve meddling with the server or alarm -- if you use some secure ping like choosing a random number and running some private key cryptographic tool on both ends.

    • "Unplug / get rid of the battery" (Score:4, Informative)

      by da5idnetlimit.com (410908) on Friday December 03 2004, @09:55AM (#10985955) Journal
      True, very true...

      Also one should note that in most cases, when someones steals a laptop, it is for the laptop itself, and they couldn't care less for the data on it...as long as they can download the corresponding drivers later on...

      One the laptop get sold, it'll suffer a quick reinstall. and the security dongle will become a nice high tech keychain 8)

      + This system assumes I have a physical access to the machine...

      If I have physical access to the machine (usually you find them plugged into the network, and no screensaver password...) all I have to do is either install a quick soft from the net or from the cd/usb key I have with me...

      Keylogger/bot/zombie/spyware/remote desktop... I can do whatever I want...and your security is breached...

  • I can see the error messages now... (Score:3, Funny)

    by Elphin (7066) on Friday December 03 2004, @09:42AM (#10985774) Homepage
    Error! Unable to open file!

    In order to open this file you must move 3 metres northwest of your present position

  • British intelligence and self-destructo laptops (Score:5, Informative)

    by call -151 (230520) on Friday December 03 2004, @09:42AM (#10985777) Homepage
    This has come up before- here [wired.com] is a link to a 2001 Wired article about the British intelligence services using laptops with ``a built-in electronic self-destruct mechanism that erases a laptop's hard drive if the case is opened by force'' when a code is forgotten, as well as ``a tracking feature that allows a computer gone astray to call home." This was after a spate of embarrassing episodes where laptops with lots of important info went missing. I don't know if it's been implemented but this does seem to have some interesting applications, potentially...

  • For a laptop? (Score:3, Insightful)

    by 31415926535897 (702314) <wpgabriel@gmail.com> on Friday December 03 2004, @09:43AM (#10985788) Journal
    I was always under the impression that laptops were supposed to be mobile (but maybe that's just me)...

    It seems like this would be more useful for company systems that have highly proprietary, sensitive data on them that you wouldn't want moving around. I could see a very nice, dual G5 screaming "I'm being stolen" as the janitor carts it out with his supplies (though how it does that without a power source is beyond me, I guess you would need a secondary power source just for this system).

    Also, and I'm really not trying to start a flame war here, but first, what's wrong with a janitor having a laptop, and why assume that it's a janitor stealing the laptop? I would guess that it's a disgruntled employee or just-fired employee (that's not properly escorted out) that would pull a stunt like that. And I would think that laptops are stolen from public places like libraries and parks rather and work places where I think a system like this might not be as useful.
  • Laptop: "I'm being stolen! Security guys, help!"
    [Security guy shows up, gun drawn]
    Security guy: "You there! Hands up"
    Innocent guy: "But, I'm just bringing Bob's laptop over to him in building 4!"

    I do like the idea, however, even though it may have issues. You could also use a wireless signal that pervades your company that is used as a key to decrypt.
  • "Throughout the entire process, Wozniak said the encryption key is controlled in a central location through a secure transmission. Because the wOz Platform and the wOzNet network are proprietary, he said it is not open to Wi-Fi spoofing or password sniffing."

    proprietary != secure from sniffing

    I wonder if it's based on the current wireless encryption or if it's something completely new.

  • Thinkpads and RFID (Score:5, Informative)

    by terrencefw (605681) <slashdot@nOsPAm.jamesholden.net> on Friday December 03 2004, @09:47AM (#10985845) Homepage
    IBM Thinkpads have had RFID in them for a while now, to prevent them being taken out of specific areas.
  • This is hardly feasable. However, it *is* possible to construct your TxRx that can lock your equipment to the area. But if you're that serious about locking something down, why not just use a mainframe and some dumb terminals?

    This could only possibly work with other layers of security - GPS data isn't what I'd choose unless you can afford to launch some slightly more "useful" satellites of your own. Those sattelites would have to encode a sort of "encrypted timestamp" into the their data, so that that y

  • Why must it always be "the janitor"?? (Score:4, Insightful)

    by gambit3 (463693) on Friday December 03 2004, @09:48AM (#10985864) Homepage Journal

    A few years ago, a securtity head-honcho at my company gave a presentation about keeping confidential documents off our desks, because "you never know when the janitors can come in and just swipe it out with them. I know they don't speak Englis, but it doesn't take a lot to swipe stuff off a desk..."

    I've had my fair share of stuff stolen, and it's never been a janitor.
    • "A few years ago, a securtity head-honcho at my company gave a presentation about keeping confidential documents off our desks, because "you never know when the janitors can come in and just swipe it out with them. I know they don't speak English, but it doesn't take a lot to swipe stuff off a desk...""

      It's easy to blame the person who's not in the room. Why do you think they blame the project's current problems on the person who jumped ship and left the company?

      And FWIW, there were only two occasions I

    • I've had my fair share of stuff stolen, and it's never been a janitor.

      I don't think I've ever had anything stolen at the office. I've been a janitor, too.

      If the janitors think they have a soft job with high pay, they aren't going to jeapordize it by stealing a laptop or a paper off your desk.

      If they figure that they wouldn't get screwed any worse elsewhere, I guess the situation would be different.

      The point here is that the janitors are just like you: if they're feeling screwed, they are a lot mor

    • In my place the high paid engineers do all the stealing of laptops. The rest of us don't have access to them...

      They take them home to do work in the evenings. They dial into the network for free internet. Their kids download Britney. Their begged CD burner is constantly burning audio CDs - they have to beg because there is no real reason for laptops having burners...

      ...they find out that they are unable to install latest_spyware_infested_program. They wipe the hard drive, install their own software (disabling dial-in in the process) and the laptop never sees the office again. They know they'll have a lot of explaining to do if the laptop ever needs rebuilding.

      They see it as one of the perks of the job.

  • GPS spoofing (Score:3)

    by Mordac the Preventer (36096) on Friday December 03 2004, @09:49AM (#10985870) Homepage
    So... how easy is it to spoof a GPS signal?
    • Replying to my own post is a bit off, but an even better thought... Say that BigCorp uses this idea to protect all of its really valuable data. You get a GPS transmitter that's transmitting a spoofed postion a few miles away, and all of BigCorp's laptops go "OMG, I've been stolen: 'rm -rf /data'".
  • I don't see how this system will stop theft of data. If you want to steal the data just copy the data and leave the machine there.

    I can see the security department scratching their heads while saying "who would have thought of putting all that data on a floppy disk"!
  • I am somewhat ignorant Woz's plan, but does this not remind anyone of DVDs not being able to be played outside of specified regions? How do we know the same thing won't happen?
  • It's not a big deal to spoof. All you'd have to do is build a couple small GPS-emulator transmitters and aim them at the device, and have them tell the device that its sitting its comfortable office environment 5,000 miles away.
  • I've been playing with a high-end GPS device recently, and the first thing I learned was that you can forget about getting a reading indoors. So how will this device work when there is no GPS reading in the office???
    • when it starts getting a gps reading, it knows it left the building. Anyway, in most buildings gps will work in some places and not in others - alot of risk for the thief. I suppose one could place a lo-jack type laptop in a faraday cage, but again risky when it comes type to either strip or access it.

  • GPS and Signal. (Score:3, Insightful)

    by jellomizer (103300) * on Friday December 03 2004, @10:00AM (#10986014)
    With my experience with GPS. They tend not to get a signal unless you are outside and have a clear view of the sky. When Driving in tunnals, or a road with a thick covarage of trees I tend to loose signal. And I have never got it to work while I was inside my apartment. Most people tend to use Laptops inside buildings and a lot of them are not nessarly near windows or have the window shades open (the heat of an afternoon sun in summer is pritty bad). So for most cases this will not work because they cannot get a GPS signal.
  • Will Bill Gates soon be inventing a product with the Acronym "B.I.L.L" for the product name?

  • good against wardriving (Score:3, Interesting)

    by spectrokid (660550) on Friday December 03 2004, @10:07AM (#10986108) Homepage
    Imagine that your WEP gets encrypted with a key dependent on your location. A large company could enable campus-wide WIFI, but you would only be able to get on the network if you are inside one of the buildings. Not the ultimate protection, but one extra barrier.

  • Stop! (Score:4, Interesting)

    by buss_error (142273) <buss_error@nOsPAM.yahoo.com> on Friday December 03 2004, @10:59AM (#10986804) Homepage Journal
    'I'm being stolen! I'm being stolen!' and paging security as the janitor walks out the door with it."

    I've been in offices for many many years. There has been only one time the Janitor Did It, and it was a case of they put it somewhere we wern't expecting.

    Can we stop with the steriotype? All of the janitors I have known have been honest, hardworking people that are just trying to make a living. While I a sure there are dishonest janitors around, I sure that like anywhere else the vast majority are not crooks.

    • Re:Stop! (Score:3, Interesting)

      by rthille (8526)
      I don't know that the use of the janitor is meant as an inditement of janitors and their honesty, but rather of society. The reason that janitors are used is because they have opportunity (because they have to to clean) and and due to the inequity in society they can be said to have motive. After all, when you're working around equipment that costs as much as you make in a year, there's more temptation to steal it than if you work around stuff that costs what you make in a day. It's the same reason why

    • Re:Stop! (Score:4, Informative)

      by TomorrowPlusX (571956) on Friday December 03 2004, @12:16PM (#10987901)
      Not to mention that janitors -- being blue collar and generally lower on the social totem pole -- *know* they're the first to be suspected/fired when something goes missing.

      Generally speaking the theives are coworkers, with sticky fingers. But usually it's people -- dressed nicely -- who just walk in off the street, looking like they belong, and picking something up and quietly taking off.

      We've had a fair bit of the latter where I work.

  • GPS indoors? (Score:3, Informative)

    by uqbar (102695) on Friday December 03 2004, @11:09AM (#10986981)
    I have a 1st generation GPS device so maybe my info is out of date, but it has a hard time getting a location in heavy forest, never mind in a massive concrete and steel building. All this seems like it would rule out most real world applications, so I think something is missing in this story - Woz aint no dummy. Any conjectures?

    • Re:w0z is a nutjob at best... (Score:5, Interesting)

      by erikharrison (633719) on Friday December 03 2004, @09:57AM (#10985974)
      Wozniac is a nutjob no doubt about it. He'd still be a legend, though, even if it weren't for Apple. He was an early phreaker, and a good friend of John Draper - Cap'n Crunch for gods sake! He was an important figure in the Silicon Valley hobbyist community, and even if he hadn't done either Apple or phreaking he'd still be a footnote in the big book of commodity PCs because of that. Certainly more than you or I can claim.

      He and Jobs didn't start their relationship selling computers together - they originally sold blue boxes. Woz still works for Apple, mostly as a consultant, and he and Jobs still collaborate (though Woz has claimed that on many occasions Jobs credits him with ideas that he had minimal participation in).

      Since leaving Apple he's been as much a humanitarian with his skills and money as Bill Gates (though in smaller absolute amounts). He personally provides free tech support for the local school system, and (at least when System 8 was still cutting edge) held computer classes for preschool and elementary school kids. He's sponsered charity concerts, and more.

      Problem with Wozniak is he has a great technical mind, a wonderful sense of playfulness, and even a good sense of what users want in products, but his business sense is poor. That's why there hasn't been as much output from Woz since leaving Apple - their hasn't been a Steve Jobs. Wozniak was the Paul Allen to Job's Bill Gates, and much like Allen, Wozniak has dabbled here and their, with no truly successful financial venture yet. That doesn't mean he's worthless

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.