Forgot your password?
typodupeerror
Cellphones Handhelds Security

Making Sensitive Data Location Aware 69

Posted by timothy
from the sieve-of-permissions dept.
An anonymous reader writes "In a breakthrough that could aid spies, keepers of medical records, and parents who want to prevent their kids from 'sexting,' a team of Virginia Tech researchers has created software to remotely put smart phones under lockdown. The phones are given permission to access sensitive data while in a particular room, but when the devices leave the room, the data is completely wiped. A general, for example, could access secret intelligence while visiting a secure government facility without fear that his or her smart phone or tablet computer might later be lost or stolen, the team's lead researcher said. 'This system provides something that has never been available before. It puts physical boundaries around information in cyberspace.'" Unless the phone or other device can also take screenshots, or doesn't have that software installed.
This discussion has been archived. No new comments can be posted.

Making Sensitive Data Location Aware

Comments Filter:
  • by SendBot (29932) on Tuesday October 18, 2011 @09:47AM (#37749234) Homepage Journal

    a radio host just took a picture of the pictures on the phone's screen with his phone's camera

  • and/or create tarballs or similar
    • The issue is not necessarily that it can be gotten around, so much as that it will make it harder for someone to use the information from an unauthorized location.

      • by jhigh (657789)
        Right - there is not a security control available that doesn't have limitations. That's why we (should) employ defense in depth. The reality is that this device makes it harder for the bad guys to get your data, and that is the goal.
        • by Jbcarpen (883850)
          Exactly. If someone who HAD access to that data wanted to break security it would be trivial. The point of this technology is that if they forget to delete the data when they're one with it, it will do it for them. It's for the benefit of non-technologically-inclined people.
  • by Anonymous Coward

    "parents who want to prevent their kids from 'sexting,'" - so they can only sext from a particular room?

    • I guess taking pictures would be allowed only in areas where other people are expected to be around. It's highly unlikely the kids would 'sext' there, and if they did, it certainly wouldn't go unnoticed.

      • The only way this would work if it was ubiquitous and mandatory. "No pictures here" signal in public bathrooms, changing rooms etc would be grand.

        I don't see how this is related to "sexting", though.
        • by anyGould (1295481)

          The only way this would work if it was ubiquitous and mandatory. "No pictures here" signal in public bathrooms, changing rooms etc would be grand. I don't see how this is related to "sexting", though.

          It's related in the "this is a buzzword that will get us in the newspapers". See "protect the children".

    • by anyGould (1295481)

      Ah, another engineer who thinks they can outsmart the combined hormones of every high school student in America.

    • More like now they will find a "particular room" and just do it the old fashioned way.
  • If you can put 100% trust in a programmable device, and tell it to behave in a certain way, you can be sure that it will behave in a certain way!

    It's Genius!
    • by Anonymous Coward

      how has region encoding been working on DVD's for the mpaa?

      • by xTantrum (919048)
        I'm not sure but I think this may be at the kernal level. Still Android is just a modified nix platform so for most /. Users probably easily circumvented. On another note the article didnt really say much but I love the shameless school plug and marketing in the last TWO paragraphs.
  • by Anonymous Coward

    why would you ever bother looking at information on your smart phone? the example given of a general viewing classified information inside a secure facility is idiotic. They're in a secure facility, with some sort of digital copy of the information present. Why would they ever transfer that information to their phone or tablet instead of just viewing it on a terminal in the facility?

    • maybe because sometimes you want to be able to take those documents to a meeting with you...which may very well be in the same secure facility, but not near a terminal.

      sometimes when i am at work i like carrying my laptop to a meeting so i can show others the stuff i was working on, so even in a facility with terminals all over the place it is still nice if the data can remain somewhat portable.

      • Generally, classified data is not allowed on laptop computers, except under some quite strict conditions.
        • And, assuming that the government approves this technology for handling classified materials, this will be included in among those strict conditions. Obviously there are procedural and regulatory hurdles to overcome here, but what you point out is precisely the problem that this technology seeks to solve. In the non-classified world, many of us carry some sort of laptop, tablet or phone with us all the time, and use it to take notes, respond to e-mail, etc in meetings and classes. this tech could give a

    • by mlts (1038732) *

      Depends on what is "classified".

      True classified/sec/TS/SCI stuff, no way.

      However, company data like next model releases and such are a different story, and if leaked, may hit a rumor mill, but won't be as damaging as a list of agent names (and their families) winding up public.

      I would love to see this implemented on servers in an encrypted HDD controller. If the server is moved, access to the data on the HDDs is lost until a proper smart card is inserted and a PIN given. This would help deter data loss if

  • Prevent "sexting"? (Score:3, Insightful)

    by L4t3r4lu5 (1216702) on Tuesday October 18, 2011 @09:58AM (#37749342)
    You mean it'll stop them taking pictures of themselves in the bathroom mirror?

    Seriously, the prudish "adult" world needs to grow the fuck up and stop treating teens as children. They're exploring their sexuality, and they need guidance showing how their actions have repercussions, not a digital chastity belt. This arbitrary "16 and no younger" is great for protecting teens from predators, but crap for biology; Teens' hormones don't comply to the Whatever The Hell Law Makes "Sexting" a Crime Act.
    • 1) It's scientific fact their brians aren't as mature as you seem to think at 16.
      2) It's up to the parent, not to you, me or anyone else, to determine what constitutes healthy sexual exploration and behavior..
      3) There are plenty of people like you who will not use the software, you can all pat yourselves on the back, somehow liking sex means you're more intelligent than the rest of people... somehow..
      4) There are plenty of people who will use this software and not bother you at all about what you do, so
      • 1) It's scientific fact their brians aren't as mature as you seem to think at 16.

        But the day of their 16th birthday they magically become mature?

        • bah, sorry, meant 18th.

          • Technically it takes until after you are 21 for your brain to fully develop. However, what constitutes an adult mind when human beings used to only live to their 30's tops, most dying before the age of 18.
      • 1) It's scientific fact their brians aren't as mature as you seem to think at 16.

        I don't think they're mature at all; I've worked in secondary education, and know very well how teens often have very short term ideas regarding consequence. That is why they need education, not prohibition; To prepare them for later life when consequences can take years to manifest.

        2) It's up to the parent, not to you, me or anyone else, to determine what constitutes healthy sexual exploration and behavior..

        Yes. However, the parent is often, in this day and age, absent. They rely in daycare education to bring up their child, and this kind of technology is just the kind of thing they would grasp with two hands in order to avoid taki

      • 1) Its a scientific fact that people were popping babies out as early as 12, 2000 years ago.

        2) Its a scientific fact that people are not totally monogamous

        3) Its a scientific fact that people have been "doing it" before marriage for over 50,000 years

        4) Its a scientific fact that people crave sex for reproduction of the human race

        5) Its a scientific fact that STD's can be minimized significantly with protection

        6) Its a scientific fact that during puberty, your hormones are encouraging sex more than as a

        • by hazah (807503)
          Very similar experience. I simply do not comprehend the prohibitive tendencies, though, it seems to me, that these manifest themselves, more often than not, in the minds of ignorant people. Not necessarily stupid. For instance, my wife could not watch "The Simpsons" as a child, where as I could. The only difference between us was that she ended up watching it in secret anyway, and the whole thing was just pointless theatrics of "responsibility".
    • by fermion (181285)
      The crime is there and in most cases is punished appropriately, meaning that the deterrent is there to stop repeated action. From what I can tell many of these cases get a slap on the wrist or some equivalent. At the basics, this is just child molestation which we have been dealing with for years. It often takes the form of an older boy having sex with a younger girl and then the girl claiming rape, or the parent freaking in general. Parents are going to pretend 'their kids' are saints, and only act ba
      • You do know that "sexting" is sending someone a lewd photo of yourself using a mobile phone, right? Nothing to do with actual physical contact between two people.

        Your comment deals with issues which are not related to the subject at all. Important issues, but totally irrelevant here.
  • Unless the phone or other device can also take screenshots, or doesn't have that software installed ... or ... or ... or ...

    Santa just called. He wants his elf-master of the list back before this junket of free association into the infinite void permanently curls his toes into cranky hang nails. Santa's old experiment with CRM114 automation did not go well. Return the elf, now!

  • by Anonymous Coward

    In related news, a team at Harvard/MIT/(your favorite school here) has developed stupidity-aware smartphones. On detecting the low brainwave activity of a stupid person, the phone immediately shuts down. The device was invented last year, but public relations officials at the universities had been unable to get the news out by phone. They hit upon the strategy of using the internet only earlier this week.

  • The one I like the most is location-based reminders, where the alarm is activated when you go at a specific place, like 'don't forget to buy milk' when you go to the supermarket.

    • The one I like the most is location-based reminders, where the alarm is activated when you go at a specific place, like 'don't forget to buy milk' when you go to the supermarket.

      In that case, don't forget about the alarm for "don't forget to go to the supermarket" when you are anyplace but the supermarket.

    • Thank you. This is just another GPS based program that deletes instead of reminds. Nothing to see here. 'Researchers' is probably euphemism for fourth year student project that the fourth year students think is cool or novel but really isn't. And if they are really researchers, then why the hell is the U.S. government and the university wasting money on researchers who can only come up with something a fourth year student is probably capable of? Or is this the state of schools now? *sigh*
      • by Alex Belits (437) *

        fourth year students

        Second-year students. It's the time when students know enough to do something but not enough to avoid doing it seriously wrong.

  • I'll just chime in like the rest. A system like this fails to appreciate that data is the thing and it is not executable.

    Once data is made accessible, then the device accessing it, can do whatever it wants. Such software based systems rely on the integrity of the client which should never be relied upon.

    All one would need is some means of capturing and copying the data once presented. After that, the game is over.

    Would this work for 95% of all users? Probably... unless the purpose is restricting teens.

    • by Surt (22457)

      I think the examples involving cooperative clients who WANT to protect themselves but might make an error made a lot more sense. This technology makes a great deal more sense in that context.

    • in the case of teens, it is going to be a rate between 33% and 75% in my estimation depending on how difficult the solution is to implement.

      Actually, they'll probably just do it the old fashioned way - pull her boyfriend into the bathroom and show him in person.

  • Don't bother watching this, unless you happened to click through from the main page because it had Virginia Tech in the headline.

    http://www.youtube.com/watch?v=-4LssHXZjIA [youtube.com]

    I'm not sure whether to be excited that VT had made it so mainstream in the last 25 years, or saddened that it took football to raise the profile of a primarily academic/technical institution. Actually, now that I come to think of it, I don't give a shit - I'm just happy to see us on TV. :-)

  • by Insightfill (554828) on Tuesday October 18, 2011 @10:32AM (#37749698) Homepage

    A general, for example, could access secret intelligence while visiting a secure government facility without fear that his or her smart phone or tablet computer might later be lost or stolen, the team's lead researcher said.

    More likely: that general would leave the room, discover that the data he needed for his upcoming meeting had been removed from the phone, and then raise holy hell to have the damn system shut down forever.

  • I don't have any idea how this works, but one of the biggest problems facing any company is information that "migrates" outside the company and most of it is confidential files.

    They seemed to talk of phones and pads/tablets in the article, but I wonder if it extends to laptops and other computer equipment. More info is needed.

    Obviously a photo from any camera can not be locked down as there is no electronic connection to an isolated camera.

  • Problem: You can't trust your device to reliably store information without leaking it.
    Solution: Trust your device to reliably delete that data automatically.

    Actual solution: Stop relying on untrusted blackbox devices. Particularly in the military, which can theoretically afford the technical manpower to scrutinize and audit source code, closed-source software should be banned. The general in the example is smart enough to know when to delete stuff from his phone, but he needs to be sure the information is a

    • by mjr167 (2477430)
      I think the bigger problem is you don't trust the device. If you don't trust the device enough to let it have the data, why the fuck do you trust it enough to let it on your network? You don't know where that device has been or who it has been with.
  • Oh, this is a Software Solution..... yeah, that will will work properly 100% of the time. Move along.

  • I don't see too many details in this article, but there was something that sounds awful similar from Carnegie Mellon University a little while back called MULE (Mobile User Location-specific Encryption). http://sparrow.ece.cmu.edu/group/pub/studer_wisec10.pdf [cmu.edu] [pdf warning]
    • by flonker (526111)

      I was thinking along the same lines. Why just transmit a binary in-range/not-in-range signal, when you can transmit a key instead (with proper anti-sniffing safeguards)?

      Another possible solution to this problem is remote storage of the sensitive files; out of range, can't access the files.

      Of course, all of these options require a modification to the device so that the application gets killed and memory gets wiped when you leave the range of the file.

  • or the phone can fake the location data. which I suspect isn't hard if you have a reason to do it.

  • There is already software in the market place that does this? Even McAfee offers it in their mobile device management solution.

God made machine language; all the rest is the work of man.

Working...