Open source laptop tracking and recovery
Science Behind Adeona
According to the project lead's paper from 17th USENIX Security Symposium , the client consists of two modules: a location-finding module and a cryptographic core.
The paper says, "With a small amount of state, the core utilizes a forward-secure pseudorandom generator (FSPRG) to efficiently and deterministically encapsulate updates.
The core ensures forward-privacy: a thief, after determining all of the internal states of the client and even with access to all data on the remote storage, cannot use Adeona to reveal past locations of the device. The owner, with a copy of the initial state of the client, can efficiently search the remote storage for the updates.
The cryptographic core uses only a sparing number of calls to AES per update." Figure 3 details forward-secure pseudorandom generator (FSPRG) methodology.
I can't think of a single reason why you shouldn't install Adeona on your laptop. For that matter, you might want to install it on your desktop PCs and your servers. Although they're less likely to walk off than your laptop, they could be stolen. Be sure to store the unique .ost file for each device safely, somewhere other than the device to which it belongs. Future development might even lead to Adeona clients for mobile devices such as iPhones.
The project leads have also indicated the prospect of adding functionality to send authenticated commands back to the laptop (for example, delete sensitive data). OpenDHT, the remote storage service, would act as a private, anonymous intermediary for relaying communication between the laptop and its owner. Further engineering might include hardening the Adeona client via kernel-level support or even hardware support,to be significantly more resistant to thieves attempting to disable it.
You'll want to keep a close eye on this project – the benefits for enhancing laptop security are obvious, and the roadmap toward support for other devices looks promising. May your laptop remain in your possession at all times but, should that fail, may Adeona bless it with many safe returns.
- DATALOSS db: http://datalossdb.org/
- The Data Breach Blog: http://breach.scmagazineblogs.com/?s=laptop
- "Study: 800,000 laptops lost each year in airports," by Stevie Smith: http://www.thetechherald.com/article.php/200831/1604/Study-800-000-laptops-lost-each-year-in-airports
- Adeona: http://adeona.cs.washington.edu/index.html
- Adiona: http://www.thaliatook.com/OGOD/adiona.html
- OpenDHT: http://www.opendht.org/
- iSight CLI image capture: http://www.intergalactic.de/pages/iSight.html
- "Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs": http://adeona.cs.washington.edu/papers/adeona-usenixsecurity08.pdf
Buy this article as PDF
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
FOSS community acts to protect freedom of choice for laptop devices.