'MULE' Prototype Uses Location For Authentication
CMU research creates Mobile User Location-Specific Encryption
Researchers at Carnegie Mellon University (CMU) have built a location-based encryption model aimed at protecting data in lost or stolen laptops with little or no user interaction and IT administrative overhead.
The so-called Mobile User Location-Specific Encryption (MULE) method encrypts only sensitive files on the user's laptop. "Our goal is to remove user effort associated with encryption technology while achieving the same or better security compared to traditional password-based approaches," the CMU researchers say in a paper about MULE.
They tested a plug-and-play scenario representing the user's home, and a corporate scenario representing his office, using special encryption key derivation protocols for each of the two sites. These protocols automatically help authenticate the user in the trusted locations: "For example, with MULE, a user can securely store encrypted copies of bank records and tax returns on a laptop, and automatically gain access when opening those files in the home office," CMU CyLab technical director Adrian Perrig and CMU graduate student Ahren Studer write in their paper on MULE. "After a thief steals the laptop, the only way to recover the files is to break into the user's home."
In the corporate site, the IT administrator would remove the stolen laptop's identification from a whitelist of laptops if it were stolen, the researchers say.
The key exchange process relies on Webcams installed within the laptops with Trusted Platform Modules (TPMs). A Trusted Location Device provides the location-specific information and responds to a machine that wants to derive the encryption key to access a file. The researchers deployed their MULE prototype on an HP laptop running Ubuntu for the user machine, and a Dell Optiplex as the TLD, with an infrared LED, which handles the transmission of data.
The researchers found that it takes less than five seconds for the decryption process with MULE.
"Users and corporate IT personnel want security solutions that simply work and want to avoid any schemes that require additional effort or administrative overhead," the CMU researchers wrote in their paper (PDF). They say MULE requires "zero" user effort and limited IT administration.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024