02:44 PM
Connect Directly

'MULE' Prototype Uses Location For Authentication

CMU research creates Mobile User Location-Specific Encryption

Researchers at Carnegie Mellon University (CMU) have built a location-based encryption model aimed at protecting data in lost or stolen laptops with little or no user interaction and IT administrative overhead.

The so-called Mobile User Location-Specific Encryption (MULE) method encrypts only sensitive files on the user's laptop. "Our goal is to remove user effort associated with encryption technology while achieving the same or better security compared to traditional password-based approaches," the CMU researchers say in a paper about MULE.

They tested a plug-and-play scenario representing the user's home, and a corporate scenario representing his office, using special encryption key derivation protocols for each of the two sites. These protocols automatically help authenticate the user in the trusted locations: "For example, with MULE, a user can securely store encrypted copies of bank records and tax returns on a laptop, and automatically gain access when opening those files in the home office," CMU CyLab technical director Adrian Perrig and CMU graduate student Ahren Studer write in their paper on MULE. "After a thief steals the laptop, the only way to recover the files is to break into the user's home."

In the corporate site, the IT administrator would remove the stolen laptop's identification from a whitelist of laptops if it were stolen, the researchers say.

The key exchange process relies on Webcams installed within the laptops with Trusted Platform Modules (TPMs). A Trusted Location Device provides the location-specific information and responds to a machine that wants to derive the encryption key to access a file. The researchers deployed their MULE prototype on an HP laptop running Ubuntu for the user machine, and a Dell Optiplex as the TLD, with an infrared LED, which handles the transmission of data.

The researchers found that it takes less than five seconds for the decryption process with MULE.

"Users and corporate IT personnel want security solutions that simply work and want to avoid any schemes that require additional effort or administrative overhead," the CMU researchers wrote in their paper (PDF). They say MULE requires "zero" user effort and limited IT administration.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: At least with wireless, my coffee's more secure.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.