Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
Event Calendar
Archives
     2012
     2011
     2010
     2009
     2008
     2007
     2006
     2005
Article Code

Partner Links
Make your own website
WinWeb OnlineOffice
Comparing prices of hardware is worth it.
Price Comparison
What:
Where:
Country:
vacatures Netherlands njobs Linux vacatures
arbeit Deutschland njobs Linux arbeit
work United Kingdom njobs Linux jobs
Lavoro Italia njobs Linux lavoro
Emploi France njobs Linux emploi
trabajo Espana njobs Linux trabajo

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

 ADMIN - Explore the new world of system administration! ADMIN is a smart, technical magazine for IT pros on heterogeneous networks. Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linux-magazine.com » Issues » 2009 » 100 » Adeona  

Print this page. Recommend
Share

Science Behind Adeona

According to the project lead's paper from 17th USENIX Security Symposium [8], the client consists of two modules: a location-finding module and a cryptographic core.

The paper says, "With a small amount of state, the core utilizes a forward-secure pseudorandom generator (FSPRG) to efficiently and deterministically encapsulate updates.

The core ensures forward-privacy: a thief, after determining all of the internal states of the client and even with access to all data on the remote storage, cannot use Adeona to reveal past locations of the device. The owner, with a copy of the initial state of the client, can efficiently search the remote storage for the updates.

The cryptographic core uses only a sparing number of calls to AES per update." Figure 3 details forward-secure pseudorandom generator (FSPRG) methodology.

Figure 3: (Left) The Adeona core, where E is a block cipher (e.g., AES) instantiating the FSPRG and Enc is a standard encryption scheme. (Right) Close-up of the core's forward-private location caching.

Future Development

I can't think of a single reason why you shouldn't install Adeona on your laptop. For that matter, you might want to install it on your desktop PCs and your servers. Although they're less likely to walk off than your laptop, they could be stolen. Be sure to store the unique .ost file for each device safely, somewhere other than the device to which it belongs. Future development might even lead to Adeona clients for mobile devices such as iPhones.

The project leads have also indicated the prospect of adding functionality to send authenticated commands back to the laptop (for example, delete sensitive data). OpenDHT, the remote storage service, would act as a private, anonymous intermediary for relaying communication between the laptop and its owner. Further engineering might include hardening the Adeona client via kernel-level support or even hardware support,to be significantly more resistant to thieves attempting to disable it.

Conclusion

You'll want to keep a close eye on this project – the benefits for enhancing laptop security are obvious, and the roadmap toward support for other devices looks promising. May your laptop remain in your possession at all times but, should that fail, may Adeona bless it with many safe returns.

Infos

  1. DATALOSS db: http://datalossdb.org/
  2. The Data Breach Blog: http://breach.scmagazineblogs.com/?s=laptop
  3. "Study: 800,000 laptops lost each year in airports," by Stevie Smith: http://www.thetechherald.com/article.php/200831/1604/Study-800-000-laptops-lost-each-year-in-airports
  4. Adeona: http://adeona.cs.washington.edu/index.html
  5. Adiona: http://www.thaliatook.com/OGOD/adiona.html
  6. OpenDHT: http://www.opendht.org/
  7. iSight CLI image capture: http://www.intergalactic.de/pages/iSight.html
  8. "Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs": http://adeona.cs.washington.edu/papers/adeona-usenixsecurity08.pdf

The Author

Russ McRee, GCIH, GCFA, CISSP, is a security analyst, researcher, and founder of holisticinfosec.org, where he advocates a holistic approach to the practice of information assurance. Russ conducts constant vulnerability and malware research and currently works for Microsoft Online Service's Security Incident Management team. A frequent speaker at industry events, Russ also writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications, including Information Security, (IN)SECURE, Sys Admin, and OWASP. Russ thanks Tadayoshi Kohno and Tom Ristenpart, Adeona project leads, for their contributions to this article.

« Previous 1 2

Read full article as PDF » Adeona_Laptop_Tracking.pdf 452.81 kB


Comments

Adeona outage due to OpenDHT

Adeona project Jun 25, 2009 10:06pm GMT

Adeona is currently not working because the back-end service (OpenDHT on PlanetLab) is proving to be unreliable. If you would like to help us, please subscribe to the adeona-developers mailing list and see this initial post. Users may wish to subscribe to adeona-users for announcements.
http://adeona.cs.washington.edu/
http://groups.google.com/gr.../thread/81aa1831d09517f7?pli=1

ADEONA

Don Birdsall Mar 31, 2009 6:56pm GMT

I bought the magazine for this article, When it didn't work I searched the web and found this post. I am not wasting any more time but unfortunately bookstores do not refund magazines for bad articles.

Seriously - Do you guys test this stuff?

Miffed Feb 17, 2009 9:24am GMT

So, if you read the Adeona group message boards, you will discover that Adeona has not functioned for the past four to five months due to OpenDHT server issues. That said in the group discussion forum there are tons of people who say the software does not work, people who had had their laptop stolen and not able to recover data etc. I have installed this on several systems and found that low and behold it does not work when you try to retrieve data. I was pretty ticked off about it.

Then I get my Linux Mag and there is a review talking about how great it is. The problem is IT DOES NOT WORK. Did you guys actually test the software? Either this was written a long long time ago, or it was not tested at all.

Print this page. Recommend
Share
Rikki's Open Source Exchange

Stop by Rikki's Open Source Exchange for dispatches from the world of women in open source.

Rikki Kite examines the experience of women across the spectrum of open source –
the people, projects, organizations, events, articles, issues, and news.

more...

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.

© 2012Linux New Media USA, LLC

Linux New Media Websites
International: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer] [Linux Magazine Academy]
North America: [Linux Pro Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer]
Germany: [Linux-Magazin] [ADMIN Magazin] [LinuxUser] [EasyLinux] [Linux-Community]
[Ubuntu User] [Smart Developer] [Android User] [Linux-Magazin Academy]
Poland: [Linux Magazine] [EasyLinux]
Spain: [Linux Magazine] [Ubunutu User]
Netherlands: [Linux Magazine Academy]
Brazil: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Guia de TI]