Open source laptop tracking and recovery

Science Behind Adeona

According to the project lead's paper from 17th USENIX Security Symposium [8], the client consists of two modules: a location-finding module and a cryptographic core.

The paper says, "With a small amount of state, the core utilizes a forward-secure pseudorandom generator (FSPRG) to efficiently and deterministically encapsulate updates.

The core ensures forward-privacy: a thief, after determining all of the internal states of the client and even with access to all data on the remote storage, cannot use Adeona to reveal past locations of the device. The owner, with a copy of the initial state of the client, can efficiently search the remote storage for the updates.

The cryptographic core uses only a sparing number of calls to AES per update." Figure 3 details forward-secure pseudorandom generator (FSPRG) methodology.

Figure 3: (Left) The Adeona core, where E is a block cipher (e.g., AES) instantiating the FSPRG and Enc is a standard encryption scheme. (Right) Close-up of the core's forward-private location caching.

Future Development

I can't think of a single reason why you shouldn't install Adeona on your laptop. For that matter, you might want to install it on your desktop PCs and your servers. Although they're less likely to walk off than your laptop, they could be stolen. Be sure to store the unique .ost file for each device safely, somewhere other than the device to which it belongs. Future development might even lead to Adeona clients for mobile devices such as iPhones.

The project leads have also indicated the prospect of adding functionality to send authenticated commands back to the laptop (for example, delete sensitive data). OpenDHT, the remote storage service, would act as a private, anonymous intermediary for relaying communication between the laptop and its owner. Further engineering might include hardening the Adeona client via kernel-level support or even hardware support,to be significantly more resistant to thieves attempting to disable it.

Conclusion

You'll want to keep a close eye on this project – the benefits for enhancing laptop security are obvious, and the roadmap toward support for other devices looks promising. May your laptop remain in your possession at all times but, should that fail, may Adeona bless it with many safe returns.

Infos

  1. DATALOSS db: http://datalossdb.org/
  2. The Data Breach Blog: http://breach.scmagazineblogs.com/?s=laptop
  3. "Study: 800,000 laptops lost each year in airports," by Stevie Smith: http://www.thetechherald.com/article.php/200831/1604/Study-800-000-laptops-lost-each-year-in-airports
  4. Adeona: http://adeona.cs.washington.edu/index.html
  5. Adiona: http://www.thaliatook.com/OGOD/adiona.html
  6. OpenDHT: http://www.opendht.org/
  7. iSight CLI image capture: http://www.intergalactic.de/pages/iSight.html
  8. "Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs": http://adeona.cs.washington.edu/papers/adeona-usenixsecurity08.pdf

The Author

Russ McRee, GCIH, GCFA, CISSP, is a security analyst, researcher, and founder of holisticinfosec.org, where he advocates a holistic approach to the practice of information assurance. Russ conducts constant vulnerability and malware research and currently works for Microsoft Online Service's Security Incident Management team. A frequent speaker at industry events, Russ also writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications, including Information Security, (IN)SECURE, Sys Admin, and OWASP. Russ thanks Tadayoshi Kohno and Tom Ristenpart, Adeona project leads, for their contributions to this article.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Box Backup

    The Box Backup network backup tool is a simple and secure solution for traveling clients. We'll show you how to get started with this open source tool.

  • Tutorial – gpsd

    Even though your computer does not come with its own GPS, you can hack one onto it using a mobile phone. Although, it does take quite a bit of fiddling.

  • OpenVPN

    Wireless networks are practical but dangerous at the same time.WEP encryption is unlikely to stop an attacker. But help is at hand in the form of add-on security measures such as an encrypted OpenVPN tunnel.

  • Access Your Apps and Docs Remotely with FreeNX
  • Inventory Tools

    As a network grows in size, it becomes increasingly difficult to keep track of hardware, software, licenses, and infrastructure. Inventory solutions can provide significant relief.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News