New Software Secures Data when Owners Walk Away 304
Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data
is accessible to anyone who gets hold of it. To limit this risk many users
configure their systems to fall into a "sleep" mode after a period of inactivity
and ask for a password before the system can be awakened. This constant re-authentication
proves to be a headache for many users. Now a Professor and his
graduate student at at the University of Michigan have come up with a system
called
Zero-Interaction Authentication (ZIA),
described in this article in The Age,
to protect data on mobile devices.
The system works by starting to encrypt data
the moment the owner walks away from the system. The owners wear a token with
a encrypted wireless link with the laptop. If the token moves out of range the ZIA
re-encrypts all data within 5 seconds.
If the cryptographic token moves within range the system decrypts the information for the
owner.
The token, which could take many forms, is currently a wristwatch with a processor
running Linux designed by IBM."
Non-PDF version (Score:2, Informative)
Re:wouldn't it make more sense (Score:3, Informative)
repeat article (Score:5, Informative)
The original is here [slashdot.org]. At least they waited some weeks before reposting it.
Jeez, just use on-the-fly encryption already (Score:3, Informative)
Use a program like Scramdisk [clara.net] or the commercial version Drivecrypt [drivecrypt.com]. Keep all of your critical files on the encrypted partition. When you leave your desk, activate the screenserver with a keystroke.
Unless someone knows your password, you're safe. If they reboot, the encrypted disk is inaccessible.
What's the big deal?
Re:wouldn't it make more sense (Score:4, Informative)
Why to use an active device (Score:2, Informative)
If the password is received and is correct, the computer stays in public mode. IF the password is incorrect: either
So the laptops locks up until you start to use it and the watch recived a timed ping, or you initiate the send from the laptop.
This system provided user authentication and data security, the two main points of a secure system.
ZIA Redux (Score:5, Informative)
As much as I enjoy the free publicity, this has been posted on slashdot before. [slashdot.org]
To correct a serious error that appears in this article and in the nytimes article this was cribbed from: The system was NEVER run on the IBM watch. We mentioned it as a possibility and somehow it was taken as fact.
I welcome the comments on the work, however remember that the world of university research is often more forward looking than the commercial world. That is our job!
loop-aes & pam_mountd work for me (Score:1, Informative)
http://www.tldp.o
currently using pam_mountd to mount a large encrypted file on the loopback device, set up as $HOME, upon login to my laptop. Works for me.
Re:Dongles revisited (Score:2, Informative)
I think its a good idea espicaly if it expands I'd like to see other devices use the same key. You could start your car, buy a coffe, walk in the (locked) parking entrence at work, open your office, and log in your computer all with a password you entered in your watch when you woke up.
I like it - beats the hell our of attaching a dongle into the back of my computer to use the encyclopedia bratianica. (way back when)
What headache...? (Score:2, Informative)
Re:Dongles revisited (Score:3, Informative)
Here is one possible reason.
If this device (or a similar device) is able to encrypt your hard drive then it would be an effective combat against some of the more intrusive aspects of the patriot act. In that legislation there are clauses that allow the FBI to enter your home when you are not in and bug your place and place trojans in your computer while you are not home and without letting you know about it.
My point is that automatically encrypting your hard drive is more effective then having a password protected system especially if that encryption is done with huge keys that are stored on the watch.
Re:A question (Score:2, Informative)
The article isn't wrong, just vague. For more details see the paper.
However, what you describe is almost precisely how it works. The "walking away encryption" is only for the file CACHE in memory. The alternative is to bzero the cache which takes a lot less time. Unfortunately, recovery is equivalent to a cold cache which may annoy users with a lot of disk i/o.
The data always sits on the disk encrypted. Otherwise reencrypting it would take forever.