Thursday, April 17, 2003
Noon - 1:30 pm
Intel Seminar (417 S. Craig Street - 3rd Floor)
EVENTS PAGE: http://www.intel-research.net/pittsburgh/events.htm
University of Michigan
Transient Authentication for Mobile Devices
Laptops are vulnerable to theft, greatly increasing the likelihood of
exposing sensitive information. Unfortunately, encryption alone does not
address this problem. Current systems require users to imbue them with
long-term authority for decryption, but that authority can be used by
anyone who physically possesses the machine. Forcing the user to frequently
reestablish his identity is intrusive and discourages use.
This tension between usability and security is eliminated through Transient
Authentication, in which a small hardware token continuously authenticates
the user's presence to the laptop over a short-range, wireless link. In
this talk I present the four principles underlying Transient Authentication,
and describe two concrete applications of the principles: protecting a
file system and protecting application data. The ZIA encrypted file system
requires decryption keys from the token; this dependency prevents access
while the user is absent. Applications can be protected transparently
by encrypting in-memory state when the user departs. This technique is
effective but indiscriminate. Instead, applications can utilize an API
for Transient Authentication, protecting only sensitive state.
Mark D. Corner is currently finishing his Ph.D. in Electrical Engineering
Systems at the University of Michigan. He received the B.S. and M.S. degrees
in Electrical Engineering from the University of Virginia. He has conducted
research in cable modem MAC protocols, end-host adaptation in wireless
networks, and mobile device security. His interests include mobile computing,
operating systems, wireless networking, file systems, and security. Mr.
Corner is a member of Eta Kappa Nu and Tau Beta Pi.
Contact Kim Kaan, 412-605-1203,
or visit http://www.intel-research.net.
SDI Home: http://www.pdl.cmu.edu/SDI/