MULE looks to revolutionize laptop security by using location
Keeping data secure is not easy. With one lapse of judgment and one lost laptop, millions of credit card and Social Security numbers can fall into the hands of fraudsters and criminals. Average people also have some amount of personal information on their computers that they would not want to be made available to the highest bidder. However, only a few people are paranoid enough to take effective measures against such possibilities. Carnegie Mellon professor Adrian Perrig and Ph.D. student Ahren Studer may have a solution for everyone.
According to a Carnegie Mellon press release, Perrig and Studer’s project, called MULE (Mobile User Location-specific Encryption), provides a way for the average user to effortlessly ensure that his or her sensitive digital files are safe even when the laptop that contains them is lost or stolen. According to Studer, MULE is a “means to protect sensitive documents on laptops, so that if you lose your laptop, all of your sensitive documents would still be secure.”
Traditionally, the reason security is compromised is not because the technology is not powerful enough, but because people cannot be bothered to jump through the hoops needed for security. People want passwords that are easy to remember, but such passwords are often easily broken by guessing randomly. The team has come up with the innovative idea of having the user’s location act as the “password.”
They noticed that people usually access sensitive data in trusted locations. Most people would prefer to file their tax returns at home rather than at a coffee shop. Employees tend to look at confidential documents at the office rather than on a park bench. Thus, by ensuring that certain pieces of data can only be accessed certain locations, a thief would have to return to the person’s home in order to access the data, an unlikely occurrence.
Perrig and Studer ensure that the sensitive data can only be accessed at the trusted location by encrypting the data, rendering it unreadable, and then ensuring that it can only be decrypted using information that is only available at the trusted location. According to the researcher’s project report, found online at sparrow.ece.cmu.edu/group/pub/studer_wisec10.pdf, all one needs is a webcam installed with Trusted Platform Modules, which are already installed with most webcams. The user would then have to install a trusted location device that would send location data to the laptop. This information is transmitted to the computer through an infrared transmitter similar to the one in a TV remote and is received by a webcam that many laptops already have built in.
Since infrared signals cannot pass through walls, anyone who cannot see the transmitter cannot decrypt the data. In addition, since the signal is invisible, it can be kept running continuously, reducing the need for the user to interact with it.
This forms part of Studer’s larger research interest, which is about physical security as digital security. His idea is simple: If your data is in a place where thieves cannot get to it physically, they are also unable to get to it though digital means like hacking. He hopes that enough people will be interested in the research to pick it up for production or to work with him to popularize it.