|New York Times (9/26/2002)|
For Users Who Dash Back and Forth, a Watchful Laptop
By ANNE EISENBERG
LOSING a laptop computer is one of the hazards of the mobile age. But laptops and the data they contain do not have to be lost for snoopers to get hold of their secrets.
Walk away from an operating laptop for a few moments, and interlopers can help themselves, even if the computer has a cryptographic file system to keep sensitive information secure. That is because once the owner has supplied the initial decryption key, typically when logging in, anyone using the laptop has access to data stored on the disk.
To limit vulnerability to intrusions, some systems ask users to prove who they are by regularly resupplying their password each time the laptop awakens from its "sleep" mode. The password is then used to derive a decryption key.
But many people dislike features of this sort and disable them or reset the prompts for longer intervals.
"There's a tension," said Brian D. Noble, an assistant professor of electrical engineering and computer science at the University of Michigan who specializes in research on mobile computing. "For a security system to be effective, the laptop must constantly ask you to prove who you are. But the user wants that to happen as infrequently as possible."
Now Dr. Noble and one of his graduate students, Mark Corner, have come up with a high-security system for the slothful. The new system protects data by automatically scrambling it the moment users walk away, then quickly restoring it upon their return.
Called Zero-Interaction Authentication or ZIA, the system requires that laptop owners wear a small device or token — in this case a wristwatch equipped with a processor and a short-range wireless link — to communicate with the laptop. When the token moves out of range, ZIA re-encrypts information on the laptop within five seconds, before someone else can gain access to it. When the laptop detects that the token is back within range, the system decrypts the data within six seconds.
At the beginning of the process, the user enters a password on the watch. "That's to make sure an imposter isn't wearing your token," Dr. Noble said. Then, each second, the laptop broadcasts a cryptographic request that only the token can correctly answer. This procedure, an exchange of cryptographic numbers, is a standard security measure.
But Dr. Noble has endowed the token with another function: the token, not the laptop, holds the master key to the cryptographic process for securing data on the computer.
"Our project is about moving the master key away from the laptop, so that the token has the master key," he explained. When users want to get data off the disk, they must have the key. "Only the token knows this key," he said. "So, no token nearby, no decryption of data from the disk."
Neither the modest processing power of the token nor the slowness of wireless connections poses a problem for encryption or decryption, he said. "The stored keys that you are decrypting on the token are small enough to enable the process," he said. "Individual users should not notice any slowness in the exchange."
The wristwatch, which runs the Linux operating system, was designed at I.B.M. under the direction of Chandra Narayanaswami, manager of wearable computing at the company's T. J. Watson Research Center in Yorktown Heights, N.Y.
David Johnson, an associate professor of computer science and of electrical and computer engineering at Rice University, said that ZIA had a noteworthy design, particularly in the way that encryption and decryption are handled in the operating system's disk cache, the spot in the system where data is temporarily deposited when it is pulled from the hard disk.
When users leave, the system re-encrypts data in the cache. "When they return and want to use that data again," Dr. Johnson said, "ZIA can decrypt it faster than by going back to the disk to get a fresh copy." ZIA takes advantage of the cache's tendency to be reused.
While ZIA is a prototype, systems using other approaches to block unauthorized access to a laptop are commercially available.
Ensure Technologies of Ann Arbor, Mich., uses a wireless radio transmitter embedded in a badge to communicate with the computer, which is equipped with a plug-in radio transceiver. The system automatically locks the keyboard and renders the screen blank within 1.6 seconds, said George Brostoff, the company's president.
The distance between badge and machine can be set so finely that the system will shut off access even if the user simply swivels away from the screen, he said. The user can set a longer distance, for instance, for working in an airport lounge or for making presentations from a laptop. In the future, Mr. Brostoff said, the company plans on embedding the transmitter in watches, cellphones and other devices.
Dr. Noble said he hoped that ZIA's token encryption would help laptop owners, especially doctors, maintain security with little effort. "I first thought of this system for use in hospitals," he said, after talks with his wife, who is a doctor, and with doctors at the University of Michigan hospital.
But he learned that while many doctors like using laptops on their rounds, they often leave their machines behind, for instance, while doing tests. "Confidential patient records could be exposed then," he said.
"But the doctors didn't like the constant reauthentication needed to prevent this," he said, "so I wanted something that required nothing of them at all."