New Software Secures Data when Owners Walk Away

Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it. To limit this risk many users configure their systems to fall into a "sleep" mode after a period of inactivity and ask for a password before the system can be awakened. This constant re-authentication proves to be a headache for many users. Now a Professor and his graduate student at at the University of Michigan have come up with a system called Zero-Interaction Authentication (ZIA), described in this article in The Age, to protect data on mobile devices. The system works by starting to encrypt data the moment the owner walks away from the system. The owners wear a token with a encrypted wireless link with the laptop. If the token moves out of range the ZIA re-encrypts all data within 5 seconds. If the cryptographic token moves within range the system decrypts the information for the owner. The token, which could take many forms, is currently a wristwatch with a processor running Linux designed by IBM."

Interesting article/research project

[ekrout]

But what happens when the neighborhood/college/company bully steals your watch?

Sounds like smartcards

[Cat_Byte]

Sounds like the smartcards to me where you stick it in the slot & it knows your password, domain, etc. Console is locked unless you have the card.

Re:Sounds like smartcards

[Cat_Byte]

This is not a troll. It's exactly the same thing a smartcard does.

Re:Sounds like smartcards

[Cat_Byte]

How the hell is saying this technology is a ripoff from smartcards a troll? Are you mods still on crack? I use smartcards and they're more configurable than these from what I read about them.

Re:Would that be the J R R Token

[Anonymous Coward]

Actually, there is a technology that uses an encoded ring to let you fire a gun. The gun senses the ring and unlocks itself.

Something like that would make more sense than having a tiny computer running in your huge-ass watch. I don't even wear a watch or ring (even when I was married) because I hate the feel. I would rather wear a ring than a giant watch though.

New technology only changes the attack mechanism

[JayBonci]

While I applaud these people for making steps to make it harder to casually get information off of laptop computers, it still does not stop other attacks on such a system. Flooding the laptops area with uniformly strong signal that matches the watch's key would be as difficult as acquire-and-replicate. There seems to be a smart card like system with keys, and key encrypting keys.
It's very comprehensive, and it addresses many aspects of the social and technological attacks.

In my mind, the weak link here is clearly the watch. Watch technology isn't very complicated (read: very big), and how many designs could their possibly be? If one knows where the hardware information is located, a system replacement under the face, and you've got some issues. How many people wear watches to bed at night? Or in the shower? Difficult, but possible

A quick couple of replacements, and you have a watch that has a short range transmitter also transmitting the information that you'd need to dissolve the encryption link, and maybe begin a traditional man-in-the-middle attack. Once you see what cards the watch is holding, shouldn't the rest of the exchange be trivial?

While this is a great mechanism for an encryption scheme, what attacks are there against the physical and social component? These are the items of which spy thrillers are made, and will probably (hopefully) never come into play.

All in all, an excellent read from the UMich folk, and they have my applause.

--jaybonci

Re:wouldn't it make more sense

[DoctorPhish]

Well, I'm only an armchair cryptanalyst, but to the best of my knowledge you need some kind of challenge-response system in order to ensure that everyone is who they say they are. That pretty much eliminates any passive system, unless there are some wacky theoretical mathematics I don't understand...

Re:wouldn't it make more sense

[swordboy]

I'm not an expert in encryption, but I have had serveral security related dongles and all of them were a pain in the arse.

Which is why most users would just leave the dongle next to the PC with the sticky note that has all of their passwords on it.

User's need to be in the habit of locking the workstation when they leave it. A good IT department will audit this (at least for the users that reside in the office... that goes for plain-view passwords, etc) and penalize users who do not (give them a slow POS or something with a ton of dead pixels). Soon, it will be a subconscious task that is performed before the PC is left. Add a hard drive password (laptop only?) or a drive encryption mechanism (like Safeguard [utimaco.com] and the data is more secure than it would be with a dongle.

Re:Is it really so hard?

[LostCluster]

There are business analysts (remember what the first four letters of that word are..) who add up all those seconds lost to things like hitting Ctrl-Alt-Del and typing their passwords over a year, then multiply it by the hourly wage to determine how many dollars are wasted by that task. If that step is replaced by a passive process, it theoretically makes employees more effective... YMMV in actual use.

Dongles revisited

[mark_space2001]

In other news, University of Michigan has re-invented the dongle. "You know those things you hated and were a pain in the ass to use? We'll, we got it all figured out, trust me."

Great, something else to buy. My fingers are cheaper and I'm not one of the people who has a problem logging in with a password. Why should I fork out cash for this?

The golden rule is broken

[nuckin futs]

Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it
I was taught that once someone has physical access to a system, it's game over with regards to security.
In other words, the authentication system will only deter, not stop unauthorized access. How about just taking the laptop with you?

Re:wouldn't it make more sense

[LostCluster]

If you unify the office security systems, then the system can require you be wearing your watch in order to unlock the bathroom door... if you left your watch at your desk while you go to the bathroom, you have to go back and get it.

People will carry their key with them if it's required to do everything they want to do away from their desk too.

Sounds like a nice idea.

[Chris_Stankowitz]

Sounds like a nice idea. However we all know that once physical security is compromise the rest is all down hill. On-top of which, a thief that is just after the machine and cares nothing about the data will still take the machine. He doesn't know that you have a proximity sensor (whether it uses encryption or not). What I would like to see is a tool and/or system that has the kind of reliability and name recognition that something like low-jack has. What I mean is something that a crook will look at and walk away because he will recognize that it will be more trouble than it is worth. Even if he is just stealing it for the hardware. Something that he knows he just can't slap in a windows boot disk and format. Because we all know that most laptop thefts are not by criminals that want data. Its the common crook that just wants a buck. Granted what would also bring down those thefts would just be the prices in laptops coming down, the prices on those haven't fallen nearly as close to the same rate as desktops.

For now I will continue to dream and maybe even write a book entitled "2085" by Ali Orwell. :)

Still...

[Velocity44]

Anyone who wanted your information that much should be willing to beat up up for it - I feel that this just makes it one step easier to get your information. Anyway, it's not even a new idea.

Re:Use my technique

[Mitreya]

Parent might be a troll, but he makes a valid point. If you are already prepared to carry some device on you, you might as well have the data *on* that device... So not only is it safe from someone's tampering, but stays with you if the laptop is stolen alltogether...

Breaks an important rule

[afidel]

good security should always be based on at least two of the three from the list

Something you have

Something you know

Something you are

Anything that relies on just one of these catagories is going to be significantly easier to break than one the follows the rules. Most commercial security these days is based on something you know (password) and nothing more. Good security systems require all three, biometrics, password, and a physical token. biometrics are suseptible to advanced attacks but thing like thermal imaging for skull structure combined with retinal imaging is pretty close to unbreakable. Passwords are notoriously lacking because passwords strong enough to be secure are difficult for most people to remember so they end up either weak or written down. As for token systems other than smart cards and the IBM watch I have not seen many implementations out there.

Man in the middle attack

[jpmorgan]

The thing is, these are radio devices. Radio is analog, not digital, and one of the amusing things about analog is it's actually much easier to authenticate.

A possible solution is to generate a second low powered signal from the laptop; this signal would be generated from nothing more than some strongly encrypted hash, and most certainly be an AM signal. The nice thing about strong encryption is that it should be pretty much indistinguishable from random noise, so the this signal would be indistinguishable from background noise.

Then you have the frequency the signal is broadcasted on randomly shuffled based on the current time. The laptop and the token are time-synced (not a problem, most decent cryptographic tokens are time-synced anyway), so the token is always listening on the correct frequency.

At this point you have the correct waveform, although its amplitude will depend on your distance from the device. Every tenth of a second, or something, normalise the signal based on the RMS power, then compare the input signal based on what you compute it should be (you know the secret, so you can also compute the hash).

To fool this system you have to replicate the exact signal as it bounces around frequencies. Since it's bouncing around frequencies you can't just repeat the signal you're recieving on a specific frequency, since that won't matter. Further, for each part of the signal you repeat, you'll be off in intensity by a certain amount based on the frequency you're tuning into relative to the frequency its actually being transmitted at, and unless you can exactly predict the pattern you your error will vary. You can't track the frequency since you'd need to break the encryption. Really, this is nothing more than frequency scrambling that's been used by the military to secure communication for years, used in a slightly different way.

I'm sure there are other ways to solve the problem. So yes, it could be a problem if it wasn't taken into consideration, but it is a solvable problem.

Security-wise, this is still a PASSWORD issue

[btellier]

At the beginning of the process, the user enters a password on the watch. "That's to make sure an imposter isn't wearing your token," Noble says. Then, each second, the laptop broadcasts a cryptographic request that only the token can correctly answer. This procedure, an exchange of cryptographic numbers, is a standard security measure.

People will still use stupid passwords. GONG!. They'll use the same letter conventions that 99% of the population uses. I guarantee that one guy with a high-end laptop could walk through an office and guess 99% of the passwords within a few minutes. Or maybe they'll guess 1% and get the temp's password. Good enough, access to the internal network is almost always sufficient to own the rest of the network.

There is no technology that will override stupidity.