CSE News and Announcements

Sep 26, 2002
Prof. Noble's research featured in New York Times article    Bookmark and Share
New York Times (9/26/2002)
For Users Who Dash Back and Forth, a Watchful Laptop


LOSING a laptop computer is one of the hazards of the mobile age. But laptops and the data they contain do not have to be lost for snoopers to get hold of their secrets.

Walk away from an operating laptop for a few moments, and interlopers can help themselves, even if the computer has a cryptographic file system to keep sensitive information secure. That is because once the owner has supplied the initial decryption key, typically when logging in, anyone using the laptop has access to data stored on the disk.

To limit vulnerability to intrusions, some systems ask users to prove who they are by regularly resupplying their password each time the laptop awakens from its "sleep" mode. The password is then used to derive a decryption key.

But many people dislike features of this sort and disable them or reset the prompts for longer intervals.

"There's a tension," said Brian D. Noble, an assistant professor of electrical engineering and computer science at the University of Michigan who specializes in research on mobile computing. "For a security system to be effective, the laptop must constantly ask you to prove who you are. But the user wants that to happen as infrequently as possible."

Now Dr. Noble and one of his graduate students, Mark Corner, have come up with a high-security system for the slothful. The new system protects data by automatically scrambling it the moment users walk away, then quickly restoring it upon their return.

Called Zero-Interaction Authentication or ZIA, the system requires that laptop owners wear a small device or token — in this case a wristwatch equipped with a processor and a short-range wireless link — to communicate with the laptop. When the token moves out of range, ZIA re-encrypts information on the laptop within five seconds, before someone else can gain access to it. When the laptop detects that the token is back within range, the system decrypts the data within six seconds.

At the beginning of the process, the user enters a password on the watch. "That's to make sure an imposter isn't wearing your token," Dr. Noble said. Then, each second, the laptop broadcasts a cryptographic request that only the token can correctly answer. This procedure, an exchange of cryptographic numbers, is a standard security measure.

But Dr. Noble has endowed the token with another function: the token, not the laptop, holds the master key to the cryptographic process for securing data on the computer.

"Our project is about moving the master key away from the laptop, so that the token has the master key," he explained. When users want to get data off the disk, they must have the key. "Only the token knows this key," he said. "So, no token nearby, no decryption of data from the disk."

Neither the modest processing power of the token nor the slowness of wireless connections poses a problem for encryption or decryption, he said. "The stored keys that you are decrypting on the token are small enough to enable the process," he said. "Individual users should not notice any slowness in the exchange."

The wristwatch, which runs the Linux operating system, was designed at I.B.M. under the direction of Chandra Narayanaswami, manager of wearable computing at the company's T. J. Watson Research Center in Yorktown Heights, N.Y.

David Johnson, an associate professor of computer science and of electrical and computer engineering at Rice University, said that ZIA had a noteworthy design, particularly in the way that encryption and decryption are handled in the operating system's disk cache, the spot in the system where data is temporarily deposited when it is pulled from the hard disk.

When users leave, the system re-encrypts data in the cache. "When they return and want to use that data again," Dr. Johnson said, "ZIA can decrypt it faster than by going back to the disk to get a fresh copy." ZIA takes advantage of the cache's tendency to be reused.

While ZIA is a prototype, systems using other approaches to block unauthorized access to a laptop are commercially available.

Ensure Technologies of Ann Arbor, Mich., uses a wireless radio transmitter embedded in a badge to communicate with the computer, which is equipped with a plug-in radio transceiver. The system automatically locks the keyboard and renders the screen blank within 1.6 seconds, said George Brostoff, the company's president.

The distance between badge and machine can be set so finely that the system will shut off access even if the user simply swivels away from the screen, he said. The user can set a longer distance, for instance, for working in an airport lounge or for making presentations from a laptop. In the future, Mr. Brostoff said, the company plans on embedding the transmitter in watches, cellphones and other devices.

Dr. Noble said he hoped that ZIA's token encryption would help laptop owners, especially doctors, maintain security with little effort. "I first thought of this system for use in hospitals," he said, after talks with his wife, who is a doctor, and with doctors at the University of Michigan hospital.

But he learned that while many doctors like using laptops on their rounds, they often leave their machines behind, for instance, while doing tests. "Confidential patient records could be exposed then," he said.

"But the doctors didn't like the constant reauthentication needed to prevent this," he said, "so I wanted something that required nothing of them at all."

EECS News by Topic
EECS News by Faculty Name
CSE in the News 
04/17/14 Scientific American: Heartbleed Software Snafu: The Good, the Bad and the Ugly
04/17/14 New York Times: Study Finds No Evidence of Heartbleed Attacks Before the Bug Was E...
04/15/14 Michigan Daily: Internet security flaw left University sites vulnerable
04/15/14 ARS Technica: Researchers find thousands of potential targets for Heartbleed OpenS...
04/15/14 Bloomberg: Hacker From China Wastes Little Time in Exploiting Heartbleed
04/15/14 Bloomberg: Heartbleed Hackers Steal Encryption Keys in Threat Test

CSE Research News 
04/17/14 Halderman and Lafortune Join TerraSwarm Research Center
04/07/14 Michael Lewis says the market is rigged. But his Flash Boys rigged themselves.
04/01/14 Researchers Win Best Paper Award at ISPASS 2014
04/01/14 Technological Singularity Passes, Unnoticed Until Now
03/05/14 Michael Wellman Recognized with ACM/SIGAI Autonomous Agents Research Award
02/21/14 New Center Develops Technologies to Help Youths with Disabilities

CSE News 
03/26/14 CSE Connects at SXSW 2014
03/24/14 Prospective Grad Students Visit, Learn About CSE
03/13/14 CSE Connects at Tapia Celebration of Diversity in Computing
02/03/14 Karem Sakallah Continues Commitment to Qatar Computing Research Institute
01/30/14 State Farm Gift Supports Student Projects Lab
01/23/14 Career Center Report Shows Computer Scientists Highly Sought, Best Compensated

CSE Faculty and Staff Awards 
04/03/14 Noble and Wilson Named as Learning Analytics Fellows
03/26/14 Kevin Fu Selected for World Economic Forum Young Scientist Award
02/25/14 Narayanasamy and Olson Named Morris Wellman Faculty Development Professors
02/07/14 Daniel Atkins Elected to National Academy of Engineering
01/24/14 2014 EECS Outstanding Achievement Awards
01/23/14 Four CSE Faculty Selected for College of Engineering Awards

CSE Student News and Awards 
04/18/14 Jill Bender Chosen for CoE Distinguished Leadership Award
04/16/14 SWE Hosts G.R.E.A.T. Day for Girls
04/11/14 Hands-On Robotics (video)
04/08/14 Forest Agostinelli Selected for NSF Graduate Research Fellowship
04/08/14 Branden Ghena Selected for NSF Graduate Research Fellowship
04/08/14 Elizabeth Mamantov Selected for NSF Graduate Research Fellowship

CSE Alumni News 
03/07/14 Alumni Spotlight-Dawson Yee: Kinect-ing Xbox to the World
03/03/14 CSE Alum Dongyoon Lee Selected for ProQuest Dissertation Award
12/20/13 Hector J. Garcia Selected for Bouchet Graduate Honor Society
11/12/13 CSE Alumna Mona Attariyan Selected for Ritchie Disseration Award
07/23/13 Tony Fadell: From Apple to Nest Labs, Always a Designer
06/26/13 Computer Engineering Alum Marius Eriksen Featured in Wired

CSE Course Announcements 
04/09/14 Fall 2014: Hands-On Robotics
04/03/14 Fall 2014: EECS 598-002 Power Semiconductor Devices
04/03/14 Fall 2014: EECS 598-001 Analysis of Electric Power Distribution Systems and Loads
03/20/14 Fall 2014: Applied matrix algorithms for signal processing, data analysis and mach...
11/26/13 Winter 2014: EECS 498-003 Multidisciplinary Capstone (MDE) Design Pilot
11/06/13 Winter 2014: EECS 598-007 Infrastructure for Vehicle Electrification

Add News Item     Update News Items