Zero-interaction authentication

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Zero-interaction authentication

Full text

Pdf (273 KB)

Source

International Conference on Mobile Computing and Networking archive
Proceedings of the 8th annual international conference on Mobile computing and networking table of contents

Atlanta, Georgia, USA

SESSION: Security table of contents

Pages: 1 - 11

Year of Publication: 2002

ISBN:1-58113-486-X

Authors

Mark D. Corner	University of Michigan
Brian D. Noble	University of Michigan

Sponsors

ACM: Association for Computing Machinery
SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 110, Citation Count: 18

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/570645.570647 What is a DOI?

ABSTRACT

Laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive files. Unfortunately, storing data in a cryptographic file system does not fully address this problem. Such systems ask the user to imbue them with long-term authority for decryption, but that authority can be used by anyone who physically possesses the machine. Forcing the user to frequently reestablish his identity is intrusive, encouraging him to disable encryption.Our solution to this problem is Zero-Interaction Authentication, or ZIA. In ZIA, a user wears a small authentication token that communicates with a laptop over a short-range, wireless link. Whenever the laptop needs decryption authority, it acquires it from the token; authority is retained only as long as necessary. With careful key management, ZIA imposes an overhead of only 9.3% for representative workloads. The largest file cache on our hardware can be re-encrypted within five seconds of the user's departure, and restored in just over six seconds after detecting the user's return. This secures the machine before an attacker can gain physical access, but recovers full performance before a returning user resumes work.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Matt Blaze, A cryptographic file system for UNIX, Proceedings of the 1st ACM conference on Computer and communications security, p.9-16, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168590]
	2	M. Blaze. Key management in an encrypting file system. In Proceedings of the Summer 1994 USENIX Conference, pages 27--35, Boston, MA, June 1994.
	3	Matt Blaze, Oblevious Key Escrow, Proceedings of the First International Workshop on Information Hiding, p.335-343, May 30-June 01, 1996
	4	Stefan Brands , David Chaum, Distance-bounding protocols, Workshop on the theory and application of cryptographic techniques on Advances in cryptology, p.344-359, January 1994, Lofthus, Norway
	5	Michael Burrows , Martin Abadi , Roger Needham, A logic of authentication, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.18-36, Feb. 1990 [doi>10.1145/77648.77649]
	6	Paul C. Clark , Lance J. Hoffman, BITS: a smartcard protected operating system, Communications of the ACM, v.37 n.11, p.66-70, Nov. 1994 [doi>10.1145/188280.188371]
	7	J. Daemen. Cipher and hash function design: strategies based on linear and differential cryptanalysis. PhD thesis, Katholieke Universiteit Leuven, March 1995.
	8	J. Daemen and V. Rijmen. AES proposal: Rijndael. Advanced Encryption Standard Submission, 2nd version, March 1999.
	9	W. Diffie, P. van Oorschot, and M. Wiener. Design Codes and Cryptograhpy. Kluwer Academic Publishers, 1992.
	10	Ensure Technologies. http://www.ensuretech.com/.
	11	John S. Heidemann , Gerald J. Popek, File-system development with stackable layers, ACM Transactions on Computer Systems (TOCS), v.12 n.1, p.58-89, Feb. 1994 [doi>10.1145/174613.174616]
	12	John H. Howard , Michael L. Kazar , Sherri G. Menees , David A. Nichols , M. Satyanarayanan , Robert N. Sidebotham , Michael J. West, Scale and performance in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.51-81, Feb. 1988 [doi>10.1145/35037.35059]
	13	Y. Hu, A. Perrig, and D. B. Johnson. Wormhole detection in wireless ad hoc networks. Technical report, Rice University Department of Computer Science, June 2002.
	14	Naomaru Itoi , William A. Arbaugh , Samuela J. Pollack , Daniel M. Reeves, Personal Secure Booting, Proceedings of the 6th Australasian Conference on Information Security and Privacy, p.130-144, July 11-13, 2001
	15	S. R. Kleiman. Vnodes: An architecture for multiple file system types in Sun UNIX. In USENIX Association Summer Conference Proceedings, pages 238--47, Atlanta, GA, June 1986.
	16	C. E. Landwehr, Protecting unattended computers without software, Proceedings of the 13th Annual Computer Security Applications Conference, p.274, December 08-12, 1997
	17	Philip MacKenzie , Michael K. Reiter, Networked Cryptographic Devices Resilient to Capture, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.12, May 14-16, 2001
	18	Marshall K. McKusick , William N. Joy , Samuel J. Leffler , Robert S. Fabry, A fast file system for UNIX, ACM Transactions on Computer Systems (TOCS), v.2 n.3, p.181-197, Aug. 1984 [doi>10.1145/989.990]
	19	Microsoft Corporation. Encrypting File System for Windows 2000. http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp.
	20	Chandra Narayanaswami , M. T. Raghunath, Application Design for a Smart Watch with a High Resolution Display, Proceedings of the 4th IEEE International Symposium on Wearable Computers, p.7, October 18-21, 2000
	21	National Institute of Standards and Technology. Computer data authentication. FIPS Publication #113, May 1985.
	22	Roger M. Needham , Michael D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978 [doi>10.1145/359657.359659]
	23	Michael Negin , Thomas A. Chmielewski , Marcos Salganicoff , Theodore A. Camus , Ulf M. Cahn von Seelen , Péter L. Venetianer , Guanghua G. Zhang, An Iris Biometric System for Public and Personal Use, Computer, v.33 n.2, p.70-75, February 2000 [doi>10.1109/2.820042]
	24	B. D. Noble and M. D. Corner. The case for transient authentication. In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emillion, France, September 2002.
	25	P. Jonathon Phillips , Alvin Martin , C. l. Wilson , Mark Przybocki, An Introduction to Evaluating Biometric Systems, Computer, v.33 n.2, p.56-63, February 2000 [doi>10.1109/2.820040]
	26	N. Provos. Encrypting virtual memory. In Proceedings of the Ninth USENIX Security Symposium, pages 35--44, Denver, CO, August 2000.
	27	D. Rosenthal. Evolving the vnode interface. In USENIX Association Conference Proceedings, pages 107--118, June 1990.
	28	M. Satyanarayanan, Integrating security in a large distributed system, ACM Transactions on Computer Systems (TOCS), v.7 n.3, p.247-280, Aug. 1989 [doi>10.1145/65000.65002]
	29	Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop, p.191-204, December 09-11, 1993
	30	Keith A. Smith , Margo I. Seltzer, File system aging—increasing the relevance of file system benchmarks, Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, p.203-213, June 15-18, 1997, Seattle, Washington, United States
	31	B. Yee and J. D. Tygar. Secure coprocessors in electronic commerce applications. In Proceedings of the First USENIX Workship of Electronic Commerce, pages 155--70, New York, NY, July 1995.
	32	E. Zadok, I. Badulescu, and A. Shender. Cryptfs: A stackable vnode level encryption file system. Technical Report CUCS-021-98, Computer Science Department, Columbia University, 1998.
	33	E. Zadok and J. Nieh. FiST: a language for stackable file systems. In Proceedings of the 2000 USENIX Annual Technical Conference, pages 55--70, San Diego, CA, June 2000.

CITED BY 18

	Shwetak N. Patel , Jeffrey S. Pierce , Gregory D. Abowd, A gesture-based authentication scheme for untrusted public terminals, Proceedings of the 17th annual ACM symposium on User interface software and technology, October 24-27, 2004, Santa Fe, NM, USA
	Khaled Alghathbar , Alaaeldin M. Hafez , Fahad Bin Muhaya , Hanan A. Mahmoud Abd Alla, NMACA: a novel methodology for message authentication code algorithms, Proceedings of the 8th Wseas international conference on Telecommunications and informatics, p.206-210, May 30-June 01, 2009, Istanbul, Turkey
	Brian D. Noble , Mark D. Corner, The case for transient authentication, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Gautam Singaraju , Brent Hoon Kang, Concord: a secure mobile data authorization framework for regulatory compliance, Proceedings of the 22nd conference on Large installation system administration conference, p.91-102, November 09-14, 2008, San Diego, California
	Kenta Matsumiya , Soko Aoki , Masana Murase , Hideyuki Tokuda, A zero-stop authentication system for sensor-based embedded real-time applications, Journal of Embedded Computing, v.1 n.1, p.119-132, January 2005
	Andrew D. Wilson , Raman Sarin, BlueTable: connecting wireless mobile devices on interactive surfaces using vision-based handshaking, Proceedings of Graphics Interface 2007, May 28-30, 2007, Montreal, Canada
	Naveen Sastry , Umesh Shankar , David Wagner, Secure verification of location claims, Proceedings of the 2003 ACM workshop on Wireless security, September 19-19, 2003, San Diego, CA, USA
	Shelley Zhuang , Kevin Lai , Ion Stoica , Randy Katz , Scott Shenker, Host mobility using an internet indirection infrastructure, Wireless Networks, v.11 n.6, p.741-756, November 2005
	Mark D. Corner , Brian D. Noble, Protecting applications with transient authentication, Proceedings of the 1st international conference on Mobile systems, applications and services, p.57-70, May 05-08, 2003, San Francisco, California
	Yih-Chun Hu , Adrian Perrig, A Survey of Secure Wireless Ad Hoc Routing, IEEE Security and Privacy, v.2 n.3, p.28-39, May 2004
	Adnan Vora , Mikhail Nesterenko, Secure Location Verification Using Radio Broadcast, IEEE Transactions on Dependable and Secure Computing, v.3 n.4, p.377-385, October 2006
	Srdjan Capkun , Jean-Pierre Hubaux, BISS: building secure routing out of an incomplete set of security associations, Proceedings of the 2003 ACM workshop on Wireless security, September 19-19, 2003, San Diego, CA, USA
	Levente Buttyán , Jean-Pierre Hubaux, Report on a working session on security in wireless ad hoc networks, ACM SIGMOBILE Mobile Computing and Communications Review, v.7 n.1, January 2003
	Erez Zadok , Rakesh Iyer , Nikolai Joukov , Gopalan Sivathanu , Charles P. Wright, On incremental file system development, ACM Transactions on Storage (TOS), v.2 n.2, p.161-196, May 2006
	Kevin R.B. Butler , Stephen McLaughlin , Patrick D. McDaniel, Rootkit-resistant disks, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Anthony J. Nicholson , Mark D. Corner , Brian D. Noble, Mobile Device Security Using Transient Authentication, IEEE Transactions on Mobile Computing, v.5 n.11, p.1489-1502, November 2006
	Julie Thorpe , P. C. van Oorschot , Anil Somayaji, Pass-thoughts: authenticating with our minds, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	Shelley Zhuang , Kevin Lai , Ion Stoica , Randy Katz , Scott Shenker, Host Mobility Using an Internet Indirection Infrastructure, Proceedings of the 1st international conference on Mobile systems, applications and services, p.129-144, May 05-08, 2003, San Francisco, California

INDEX TERMS

Primary Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.6 Security and Protection
Subjects: Authentication

Additional Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.3 File Systems Management

General Terms:
Human Factors, Performance, Security

Keywords:
cryptographic file systems, mobile computing, stackable file systems, transient authentication

Collaborative Colleagues:

Mark D. Corner: colleagues

Brian D. Noble: colleagues

Peer to Peer - Readers of this Article have also read:

Constructing reality Proceedings of the 11th annual international conference on Systems documentation
Douglas A. Powell , Norman R. Ball , Mansel W. Griffiths
Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher
An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
Gwo-Dong Chen , Daniel D. Gajski
The GemStone object database management system Communications of the ACM 34, 10
Paul Butterworth , Allen Otis , Jacob Stein

Adobe Acrobat

QuickTime

Windows Media Player

Real Player