Location-Based Encryption 239
davidwr writes "Eweek reports Apple co-founder Steve Wozniak has a new way to prevent theft of company secrets on stolen laptops: 'Wozniak offered a peek into his vision for the company on Ziff Davis Media's Security Virtual Tradeshow, where he introduced "wOz Location-Based Encryption," an application that uses GPS tracking within a wireless hub to encrypt and decrypt sensitive data for large businesses.' Today's encryption is good enough but I do like the tracking capability. Imagine your laptop screaming 'I'm being stolen! I'm being stolen!' and paging security as the janitor walks out the door with it."
Not totally secure? (Score:5, Insightful)
Re:Not totally secure? (Score:5, Interesting)
Better yet, my portable GPS device allows me to "set my location" temporarily in case the signal is not strong enough. This allows the device to at least estimate where I am if it has a weak signal somehow. I don't really get all the details...but it works so I don't complain.
So what's to stop someone from doing essentially the same thing with the laptop? Just tell it "you're still in the building" and you'd be all good. I think this is a pretty cheesy idea for security, you can always figure out a way to lie to a machine, regardless of what lie you're telling. This is less secure than a well-encrypted password if you ask me, or course I assume that the machine would still have the password as added security, so I guess that argument shouldn't carry any weight.
Re:Not totally secure? (Score:5, Informative)
> has a weak signal somehow. I don't really get all the details...
> but it works so I don't complain.
Well a GPS receiver has about 8-12 channels with which to look for the satellites. If it knows roughly where you are, then it can use that information, together with stored almanac data (info relating to the orbital positions of the satellites over time) in order to better guess *which* satellites it should try locking on to. It basically speeds up the process of getting the all important 'first fix'. If you didn't tell it where it was, it would simply take longer to get the fix - but it would still get there eventually.
I must admit, I wasn't too impressed when I received my first GPS and the very first question it asked me when I turned it on is "Please select the location of this device using the map below". I was like, "huh, aren't you supposed to tell me that?!".
Re:Not totally secure? (Score:3, Funny)
Re:Not totally secure? (Score:4, Funny)
So in other words, you inclined to feel as though the machince should be telling you. Or perhaps your feelings could be described as resembling the emotions that sentence expressed. I think you'll find that's what the word like means, regardless of whether that's an encouraged sentence structure.
If you feel I'm wrong, explain to me what's fundamentally different about the following sentences, besides using a sentence to describe the feeling instead of direct simile:
I was like a cloud.
It was like a state of total weightlessness.
It made me feel like I buzzing around.
I was like, "Wow, I'm a cloud".
Re:Not totally secure? (Score:2)
article probably wrong (Score:2)
Re:article probably wrong (Score:2)
As we've seen many times before on Slashdot, lots of new encryption techniques turn out to be gimmicks or marketing ploys designed to sell one specific product. How often do these weird encryption mechanisms actually become mainstream? Not very often.
Not having a device t
Re:Not totally secure? (Score:2)
I think all consumer GPS devices do this, but there are lots of commercial/industiral GPS devices, too.
I don't think it would be that hard to integrate one of the chipsets [trimble.com] from Trimble [trimble.com] into a WAP to provide the feature Woz is describing. Install the WAP in the ceiling, and run some RG-58 to the roof for the antenna, and I think that would make spoofing the GPS a lot harder.
Probably is more than plugging a GPS in. (Score:2)
What he's talking about is something closer an iButton dongle that would only work at a particular position. This will communicate with a wireless infrastructure that will provide the key to unlock data.
How GPS figures in is not entirely clear from the article, but it appears to be a kind of two factor security: you can get to your data if (a) you are in the presence of an authorization agent and (b) you are in the right geographic place.
Re:Not totally secure? (Score:2)
If a security system is recognized and completely understood, it can be disabled or defeated. However, if the system is not recognized in time, it can use that time to phone home, re-encrypt the data, squirt stinky purple ink out the keyboard, whatever.
So, if your concern is that James Bond and Bruce Schneier are going to conspire with the CIA to steal your laptop, well you're pretty much screwed even with
Re:Not totally secure? (Score:5, Funny)
Re:Not totally secure? (Score:3, Interesting)
We don't do location based encryption, like Woz, but we will scream at you if your laptop is being stolen.
See our asset theft detection here [ciscor.com]
Re:Not totally secure? (Score:2)
Either you're coining a subtle and witty new verb related to finding something with a GPS transponder ("can you 'here' my stolen laptop, officer?"), or you are getting your homonyms mixed up. Given this site, I'll take the odds on a language blunder.
Or other more malign actions (Score:5, Funny)
Alarms (Score:5, Funny)
Re:Alarms (Score:2)
This, however, only requires interest and intervention from paid security officers working for the company.
Does not work for cars too well (Score:3, Interesting)
Or does it?
Re:Does not work for cars too well (Score:2)
LoJack does work, apparently:
Google Answers [google.com] that links to a Carnegie-Mellon study about it.
--RJ
Re:Does not work for cars too well (Score:2)
It's quite obvious that the systems won't stop a dedicated thief, nor will they prevent many other sorts of insurable damage. But they obviously have some overall effect.
Re:Does not work for cars too well (Score:2)
Re:Does not work for cars too well (Score:2)
Re:Does not work for cars too well (Score:2)
This could be applied to other things as well (Score:3, Interesting)
"Hey, I'm being towed away from the parking garage, even though my keys are more than 100 yards from me"
Zztxt Flrqtp fnz p47eltnzd. (Score:4, Funny)
Oh, I'm sorry, you need to move two steps to the left.
Re:Zztxt Flrqtp fnz p47eltnzd. (Score:2)
Let's try two steps forward...
Qqbwb $9vzb/ 4yq /fjc9byq3
Still no dice, even with a wraparound keyboard...
Do you keep your laptop solely in the office? (Score:5, Insightful)
Re:Do you keep your laptop solely in the office? (Score:2)
Do you fly? (Score:2)
In other news... (Score:2, Interesting)
Um.. (Score:3)
It's not like you'd buy a laptop so you could TAKE IT WITH YOU and work outside of the office, or anything..
Shut Down? (Score:5, Insightful)
Ok, may be I'm missing something, but wouldn't a simple shut down get rid of this 'feature'?
And before you tell me how you can't shut it down without the apropriate password: Unplug / get rid of the battery. If you're stealing the notebook, why would you mind turning it off? After all, there'll be plenty of time back home to retrive the data.
Re:Shut Down? (Score:2)
Re:Shut Down? (Score:2, Insightful)
Unless you knowingly turn the watchdog off, I can't see a way to work around this that doesn't involve meddling with the server or alarm -- if you use some secure ping like choosing a random number and running some private key cryptographic tool on both ends.
"Unplug / get rid of the battery" (Score:4, Informative)
Also one should note that in most cases, when someones steals a laptop, it is for the laptop itself, and they couldn't care less for the data on it...as long as they can download the corresponding drivers later on...
One the laptop get sold, it'll suffer a quick reinstall. and the security dongle will become a nice high tech keychain 8)
+ This system assumes I have a physical access to the machine...
If I have physical access to the machine (usually you find them plugged into the network, and no screensaver password...) all I have to do is either install a quick soft from the net or from the cd/usb key I have with me...
Keylogger/bot/zombie/spyware/remote desktop... I can do whatever I want...and your security is breached...
I can see the error messages now... (Score:3, Funny)
In order to open this file you must move 3 metres northwest of your present position
Okay (Score:2)
It is dark. You might be eaten by a grue.
British intelligence and self-destructo laptops (Score:5, Informative)
Re:British intelligence and self-destructo laptops (Score:2)
The call-home program exists commercially and allows a machine to register its presence with a remote control.
Re:British intelligence and self-destructo laptops (Score:2)
Anyone know what could be small a
Re:British intelligence and self-destructo laptops (Score:2)
How about encrypting the whole hard drive, either by using an encrypted file system, or a HDD controller which encrypts all the data written to the disk on the fly. Store the encryption key in Flash or RAM or whatever. When any kind of unauthorized access is attempted, wipe the key, and nobody can access the disk anymore. This could be as simple as keeping the key in a bit of battery-powered RAM, and connecting this to a chassis intrusion switch, which will cut off power when the case is opened.
Don't forge
For a laptop? (Score:3, Insightful)
It seems like this would be more useful for company systems that have highly proprietary, sensitive data on them that you wouldn't want moving around. I could see a very nice, dual G5 screaming "I'm being stolen" as the janitor carts it out with his supplies (though how it does that without a power source is beyond me, I guess you would need a secondary power source just for this system).
Also, and I'm really not trying to start a flame war here, but first, what's wrong with a janitor having a laptop, and why assume that it's a janitor stealing the laptop? I would guess that it's a disgruntled employee or just-fired employee (that's not properly escorted out) that would pull a stunt like that. And I would think that laptops are stolen from public places like libraries and parks rather and work places where I think a system like this might not be as useful.
Re:For a laptop? (Score:2)
I don't have any numbers, but m
Re:For a laptop? (Score:2)
Thank you for mentioning this. M
I'm being stolen! (Score:2)
[Security guy shows up, gun drawn]
Security guy: "You there! Hands up"
Innocent guy: "But, I'm just bringing Bob's laptop over to him in building 4!"
I do like the idea, however, even though it may have issues. You could also use a wireless signal that pervades your company that is used as a key to decrypt.
Quote from article (Score:2, Insightful)
proprietary != secure from sniffing
I wonder if it's based on the current wireless encryption or if it's something completely new.
Re:Quote from article (Score:2)
Thinkpads and RFID (Score:5, Informative)
Mobile PC. (Score:2)
Or if it is to be used in 2 places use 2 desktops? what am i missing?
Ok, this is no solution for the boss who must have the most fancy laptop there is to see the best screensaver. (dilbert)
Not a lo-jack (Score:2)
This could only possibly work with other layers of security - GPS data isn't what I'd choose unless you can afford to launch some slightly more "useful" satellites of your own. Those sattelites would have to encode a sort of "encrypted timestamp" into the their data, so that that y
Why must it always be "the janitor"?? (Score:4, Insightful)
A few years ago, a securtity head-honcho at my company gave a presentation about keeping confidential documents off our desks, because "you never know when the janitors can come in and just swipe it out with them. I know they don't speak Englis, but it doesn't take a lot to swipe stuff off a desk..."
I've had my fair share of stuff stolen, and it's never been a janitor.
Re:Why must it always be "the janitor"?? (Score:3)
It's easy to blame the person who's not in the room. Why do you think they blame the project's current problems on the person who jumped ship and left the company?
And FWIW, there were only two occasions I
Re:Why must it always be "the janitor"?? (Score:3, Insightful)
I don't think I've ever had anything stolen at the office. I've been a janitor, too.
If the janitors think they have a soft job with high pay, they aren't going to jeapordize it by stealing a laptop or a paper off your desk.
If they figure that they wouldn't get screwed any worse elsewhere, I guess the situation would be different.
The point here is that the janitors are just like you: if they're feeling screwed, they are a lot mor
Re:Why must it always be "the janitor"?? (Score:2, Funny)
Re:Why must it always be "the janitor"?? (Score:4, Interesting)
In my place the high paid engineers do all the stealing of laptops. The rest of us don't have access to them...
They take them home to do work in the evenings. They dial into the network for free internet. Their kids download Britney. Their begged CD burner is constantly burning audio CDs - they have to beg because there is no real reason for laptops having burners...
...they find out that they are unable to install latest_spyware_infested_program. They wipe the hard drive, install their own software (disabling dial-in in the process) and the laptop never sees the office again. They know they'll have a lot of explaining to do if the laptop ever needs rebuilding.
They see it as one of the perks of the job.
Re:Why must it always be "the janitor"?? (Score:2)
Not where you work. I burn work-related disks frequently. It's expected now, though I attempt to get people to use the network instead.
Re:Why must it always be "the janitor"?? (Score:2)
The custodians who steal tend to be temps/contractors.
Re:Why must it always be "the janitor"?? (Score:2)
The funniest one was right after stealing some equioment, the guilty janitor (who also had keys to the server room) went to 'pop the tape' and found it was entirely hard drive based. The guy still kept the computers and had his house raided to return the stolen equipment.
Lesson? Don't let anyone have keys to the !@#$!@#$! server room! Extrapolate other lessons from there....
They're small fry next to the white middle class (Score:2)
Well, how else are they supposed to get in on the $300 billion annual orgy of white collar crime [cornell.edu]? Or use this honcho's services [federalcrimes.com]?
Re:Why must it always be "the janitor"?? (Score:2)
Re:Why must it always be "the janitor"?? (Score:2)
He must work for a detective agency.
They are called SECURITY CAMERAS. Most small to moderate facilities have them.
Re:Why must it always be "the janitor"?? (Score:2)
People are stupid.
Re:Why must it always be "the janitor"?? (Score:2)
Me, nope, I wouldn't be surprised. [slashdot.org] Stupidity on both ends of the theft -- the thief and the guardians -- seems to be the norm.
Yep.
Re:Why must it always be "the janitor"?? (Score:2)
GPS spoofing (Score:3)
Re:GPS spoofing (Score:2)
Oh Come ON! (Score:2)
I can see the security department scratching their heads while saying "who would have thought of putting all that data on a floppy disk"!
Re:floppy? (Score:2)
DVD Regional restrictions redux? (Score:2)
Spoof (Score:2)
Reliable GPS *INDOORS*??? (Score:2, Insightful)
Re:Reliable GPS *INDOORS*??? (Score:2)
GPS and Signal. (Score:3, Insightful)
Re:GPS and Signal. (Score:2)
Woz? (Score:2)
good against wardriving (Score:3, Interesting)
Easy to overcome... (Score:2)
Re:Easy to overcome... (Score:2)
Keeping your data safe from thieves (Score:2)
Getting stupid... (Score:2)
Put 2.5" HDDs in a bit of a caddy to protect it, then you just pull it out and put it in your pocket. Notebooks could be made so that they pop the HDD out when the lid is closed, it is shut-down, or put into standby, and beep after a few seconds if the HDD hasn't been removed.
This won't help immensely if you leave your laptop running, with an open lid, unattended, in a public place, but you probably don't care about security if you d
Better idea - wireless hardware key-pair (Score:2, Interesting)
You'd hang one of these little devices off your belt or on your keys or something. When the laptop is within a few feet of you, you can access the encrypted data. When it's not, you can't. Seems simple enough....now we just have to make sure that nobody gets smar
Same as... (Score:2)
Yawn. It would probably get the same reaction as car alarms do these days: great, some idiot accidentally set off their car alarm again. Where's the coffee?
Stop! (Score:4, Interesting)
I've been in offices for many many years. There has been only one time the Janitor Did It, and it was a case of they put it somewhere we wern't expecting.
Can we stop with the steriotype? All of the janitors I have known have been honest, hardworking people that are just trying to make a living. While I a sure there are dishonest janitors around, I sure that like anywhere else the vast majority are not crooks.
Re:Stop! (Score:3, Interesting)
Re:Stop! (Score:4, Informative)
Generally speaking the theives are coworkers, with sticky fingers. But usually it's people -- dressed nicely -- who just walk in off the street, looking like they belong, and picking something up and quietly taking off.
We've had a fair bit of the latter where I work.
Re:Stop! (Score:2)
-Erwos
Re:Stop! (Score:2)
Wish we had more details (Score:2)
I wouldn't be surprised if in addition to a decent amount of obscurity, the system also has plenty of true security, i.e. it would be secure even if every detail of how the system works was known.
Also, the whole GPS thing doesn't make much sense to me. Too easy to spoof an inco
GPS indoors? (Score:3, Informative)
I am not Woz (Score:2)
Re:I am not Woz (Score:2)
Similar to an idea I recently had (Score:2)
Of course, I haven't sat down to figure out the cryptological protocol needed. For the average thief, a simple insecure method would probably work.
Lots of peoples missing point (Score:2)
Forget about how easy it is to unplug/shutdown said laptop and leave.. obviously it's quite easy.
What this would do is to only allow decryption of the data stored on that laptop while within the vicinity of the approved location.
Anywhere else and the data is encrypted. sure you can wipe the drive, but that is what they want you to do anyways...
And yes people do store sensitive da
Sci-fi comes true again (Score:2)
This sounds a lot like Akili Kuwale's encryption method in Greg Egan's novel Permutation City [wikipedia.org]. It's always good to see sci-fi coming true :)
blech... (Score:2)
Imagine your laptop screaming 'I'm being stolen! I'm being stolen!' and paging security as the janitor walks out the door with it."
myes.... and imagine the look on the face of your boss when he realizes that by "working from home", you really meant working from the strip club ;-)
Re:blech... (Score:2)
Re:w0z is a nutjob at best... (Score:5, Interesting)
He and Jobs didn't start their relationship selling computers together - they originally sold blue boxes. Woz still works for Apple, mostly as a consultant, and he and Jobs still collaborate (though Woz has claimed that on many occasions Jobs credits him with ideas that he had minimal participation in).
Since leaving Apple he's been as much a humanitarian with his skills and money as Bill Gates (though in smaller absolute amounts). He personally provides free tech support for the local school system, and (at least when System 8 was still cutting edge) held computer classes for preschool and elementary school kids. He's sponsered charity concerts, and more.
Problem with Wozniak is he has a great technical mind, a wonderful sense of playfulness, and even a good sense of what users want in products, but his business sense is poor. That's why there hasn't been as much output from Woz since leaving Apple - their hasn't been a Steve Jobs. Wozniak was the Paul Allen to Job's Bill Gates, and much like Allen, Wozniak has dabbled here and their, with no truly successful financial venture yet. That doesn't mean he's worthless
"PAUL ALLEN WAS HERE!" (Score:2)
Wow. You don't live in Seattle, obviously. Otherwise you would have more knowledge about some of the very big things that Paul Allen has his fingers in (and I don't mean EMP). Thing about Allen is that he doesn't seek out the spotlight, so his many ventures don't have "PAUL ALLEN WAS HERE!" plastered all over them.
Re:Indiana Jones (Score:2)
Re:Yawn... (Score:2)
Douglas Engelbart and his team's systems/technologies were way way before their time. Hardly anybody else "got it", or even if they did, they couldn't really make full use of it.
Decades later, people came up with the same ideas but this time the market was ready for their adoption.
Original and interesting ideas are nice, but it can feel like a curse if you have them way too