Article

Zero-interaction authentication

Authors:
Mark D. Corner

University of Michigan

University of Michigan
View Profile

,
Brian D. Noble

University of Michigan

University of Michigan
View Profile

MobiCom '02: Proceedings of the 8th annual international conference on Mobile computing and networkingSeptember 2002Pages 1–11https://doi.org/10.1145/570645.570647

Published:23 September 2002Publication History

MobiCom '02: Proceedings of the 8th annual international conference on Mobile computing and networking

Pages 1–11

ABSTRACT

Laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive files. Unfortunately, storing data in a cryptographic file system does not fully address this problem. Such systems ask the user to imbue them with long-term authority for decryption, but that authority can be used by anyone who physically possesses the machine. Forcing the user to frequently reestablish his identity is intrusive, encouraging him to disable encryption.Our solution to this problem is Zero-Interaction Authentication, or ZIA. In ZIA, a user wears a small authentication token that communicates with a laptop over a short-range, wireless link. Whenever the laptop needs decryption authority, it acquires it from the token; authority is retained only as long as necessary. With careful key management, ZIA imposes an overhead of only 9.3% for representative workloads. The largest file cache on our hardware can be re-encrypted within five seconds of the user's departure, and restored in just over six seconds after detecting the user's return. This secures the machine before an attacker can gain physical access, but recovers full performance before a returning user resumes work.

References

M. Blaze. A cryptographic file system for UNIX. In Proceedings of the First ACM Conference on Computer and Communications Security, pages 9--16, Fairfax, VA, November 1993.]] Google ScholarDigital Library
M. Blaze. Key management in an encrypting file system. In Proceedings of the Summer 1994 USENIX Conference, pages 27--35, Boston, MA, June 1994.]] Google ScholarDigital Library
M. Blaze. Oblivious key escrow. In Information Hiding, First International Workshop Proceedings, pages 335--43, Cambridge, UK, 1996.]] Google ScholarDigital Library
S. Brands and D. Chaum. Distance-bounding protocols. In Proceedings of EUROCRYPT '93, Lecture Notes in Computer Science, no. 765, pages 344--359. Springer-Verlag, 1993.]] Google ScholarDigital Library
M. Burrows, M. Abadi, and R. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990.]] Google ScholarDigital Library
P. C. Clark and L. J. Hoffman. BITS: A Smartcard protected operating system. Communications of the ACM, 37(11):66--70, 1994.]] Google ScholarDigital Library
J. Daemen. Cipher and hash function design: strategies based on linear and differential cryptanalysis. PhD thesis, Katholieke Universiteit Leuven, March 1995.]]Google Scholar
J. Daemen and V. Rijmen. AES proposal: Rijndael. Advanced Encryption Standard Submission, 2nd version, March 1999.]]Google Scholar
W. Diffie, P. van Oorschot, and M. Wiener. Design Codes and Cryptograhpy. Kluwer Academic Publishers, 1992.]]Google Scholar
Ensure Technologies. http://www.ensuretech.com/.]]Google Scholar
J. S. Heidmann and G. J. Popek. File-system development with stackable layers. ACM Transactions on Computer Systems, 12(1):58--89, February 1994.]] Google ScholarDigital Library
J. H. Howard, M. L. Kazar, S. G. Menees, D. A. Nichols, M. Satyanarayanan, R. N. Sidebotham, and M. J. West. Scale and performance in a distributed file system. ACM Transactions on Computer Systems, 6(1):51--81, February 1988.]] Google ScholarDigital Library
Y. Hu, A. Perrig, and D. B. Johnson. Wormhole detection in wireless ad hoc networks. Technical report, Rice University Department of Computer Science, June 2002.]]Google Scholar
N. Itoi, W. A. Arbaugh, S. J. Pollack, and D. M. Reeves. Personal secure booting. In Proceedings of ACISP 2001, Syndney, Australia, July 2001.]] Google ScholarDigital Library
S. R. Kleiman. Vnodes: An architecture for multiple file system types in Sun UNIX. In USENIX Association Summer Conference Proceedings, pages 238--47, Atlanta, GA, June 1986.]]Google Scholar
C. E. Landwehr. Protecting unattended computers without software. In Proceedings of the 13th Annual Computer Security Applications Conference, pages 274--283, San Diego, CA, December 1997.]] Google ScholarDigital Library
P. MacKenzie and M. K. Reiter. Networked cryptographic devices resilient to capture. In Proceedings 2001 IEEE Symposium on Security and Privacy, pages 12--25, Oakland, CA, May 2001.]] Google ScholarDigital Library
M. K. McKusick, W. N. Joy, S. J. Leffler, and R. S. Fabry. A fast file system for UNIX. Computer Systems, 2(3):181--197, 1984.]] Google ScholarDigital Library
Microsoft Corporation. Encrypting File System for Windows 2000. http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp.]]Google Scholar
C. Narayanaswami and M. T. Raghunath. Application design for a smart watch with a high resolution display. In Proceedings of the Fourth International Symposium on Wearable Computers, pages 7--14, Atlanta, GA, October 2000.]] Google ScholarDigital Library
National Institute of Standards and Technology. Computer data authentication. FIPS Publication #113, May 1985.]]Google Scholar
R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993--9, December 1978.]] Google ScholarDigital Library
M. Negin, T. A. Chemielewski Jr., M. Salganicoff, T. A. Camus, U. M. Cahn von Seelen, P. L. Venetianer, and G. G. Zhang. An iris biometric system for public and personal use. IEEE Computer, 33(2):70--5, February 2000.]] Google ScholarDigital Library
B. D. Noble and M. D. Corner. The case for transient authentication. In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emillion, France, September 2002.]] Google ScholarDigital Library
P. J. Phillips, A. Martin, C. L. Wilson, and M. Przybocki. An introduction to evaluating biometric systems. IEEE Computer, 33(2):56--63, February 2000.]] Google ScholarDigital Library
N. Provos. Encrypting virtual memory. In Proceedings of the Ninth USENIX Security Symposium, pages 35--44, Denver, CO, August 2000.]] Google ScholarDigital Library
D. Rosenthal. Evolving the vnode interface. In USENIX Association Conference Proceedings, pages 107--118, June 1990.]]Google Scholar
M. Satyanarayanan. Integrating security in a large distributed system. ACM Transactions on Computer Systems, 7(3):247--80, August 1989.]] Google ScholarDigital Library
B. Schneier. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Fast Software Encryption, Lecture Notes in Computer Science, pages 191--204. Spring-Verlag, 1994.]] Google Scholar
K. A. Smith and M. I. Seltzer. File system aging---increasing the relevance of file system benchmarks. In ACM International Conference on Measurement and Modeling of Computer Systems, pages 203--13, Seattle, WA, June 1997.]] Google ScholarDigital Library
B. Yee and J. D. Tygar. Secure coprocessors in electronic commerce applications. In Proceedings of the First USENIX Workship of Electronic Commerce, pages 155--70, New York, NY, July 1995.]] Google ScholarDigital Library
E. Zadok, I. Badulescu, and A. Shender. Cryptfs: A stackable vnode level encryption file system. Technical Report CUCS-021-98, Computer Science Department, Columbia University, 1998.]]Google Scholar
E. Zadok and J. Nieh. FiST: a language for stackable file systems. In Proceedings of the 2000 USENIX Annual Technical Conference, pages 55--70, San Diego, CA, June 2000.]] Google ScholarDigital Library

Index Terms

Zero-interaction authentication
1. Security and privacy
  1. Security services
    1. Authentication
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        File systems management

Recommendations

Mobile Device Security Using Transient Authentication

Mobile devices are vulnerable to theft and loss due to their small size and the characteristics of their common usage environment. Since they allow users to work while away from their desk, they are most useful in public locations and while traveling. ...
Read More
CRUST: cryptographic remote untrusted storage without public keys

This paper presents CRUST, a stackable file system layer designed to provide secure file sharing over remote untrusted storage systems. CRUST is intended to be layered over insecure network file systems without changing the existing systems. In our ...
Read More
Secure human face authentication for mobile e-government transactions

This paper describes a joint biometric-cryptographic authentication system for mobile e-government transactions. The system can be used to verify, prove, and enforce 'mobile contracts'. The proposed system offers a cryptographical mutually-authenticated ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MobiCom '02: Proceedings of the 8th annual international conference on Mobile computing and networking
September 2002
296 pages
ISBN:158113486X
DOI:10.1145/570645
General Chairs:
Ian F. Akyildiz
Georgia Institute of Technology
,
Jason Y. B. Lin
National Chiao Tung University, Taiwan
,
Ravi Jain
NTT DoCoMo
,
Program Chairs:
Vaduvur Bharghavan
Meru Networks
,
Andrew T. Campbell
Columbia University
Copyright © 2002 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 23 September 2002
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cryptographic file systems
mobile computing
stackable file systems
transient authentication
Qualifiers
- Article
Conference

Acceptance Rates
MobiCom '02 Paper Acceptance Rate26of364submissions,7%Overall Acceptance Rate440of2,972submissions,15%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 96
  Total Citations
  View Citations
- 2,043
  Total Downloads
- Downloads (Last 12 months)23
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Zero-interaction authentication

MobiCom '02: Proceedings of the 8th annual international conference on Mobile computing and networking

ABSTRACT

References

Cited By

Index Terms

Recommendations

Mobile Device Security Using Transient Authentication

CRUST: cryptographic remote untrusted storage without public keys

Secure human face authentication for mobile e-government transactions