Nowadays a lost or stolen laptop can often be recovered thanks to software that automatically transmits the location of the device back to a central server. However, some experts worry that, without additional security measures, this kind of tracking technology could inadvertently make users more vulnerable to spying.
"If you lose your laptop, a commercial service can tell you where it is right now," says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, in Seattle. "The issue, from a privacy perspective, is that this also means that someone who might break into or have access to the commercial service's database might be able to track you even before the laptop leaves your possession."
To address this concern, Kohno and his colleagues at the University of Washington and the University of California, San Diego, have developed Adeona, a free piece of software that records location information in such a way that only a legitimate user should ever be able to gain access to it. Most commercial laptop-tracking services require software installed on a user's machine to periodically update a database with data related to the laptop's physical location, such as its current IP address and local network topology. If the machine is ever stolen, this information will be transmitted the next time it is connected to the Internet. The user can then take it to the police to help them locate the thief.
But Kohno and other security experts worry that, if this data is compromised, it will provide a simple way to monitor the movements of the laptop owner. In a corporate setting, this might enable corporate espionage, Kohno warns. And since this data may be transmitted and stored in unencrypted form, it is particularly vulnerable to interception and attacks on the database, he says. Adeona employs several cryptographic techniques to keep location information secure. A laptop such as IBM 92P1101, ThinkPad R40, ThinkPad R32 running the software still sends location information to a central database--in this case, a completely open server--but the data is encrypted so that it cannot be read without a private cryptographic key.
Even if the laptop is stolen, other cryptographic tricks prevent the tracking information from falling into the wrong hands. When a user installs the software, a cryptographic key (known as a seed) is generated and stored separately--on a USB flash drive or a DVD, for example. The seed is used to generate a unique cipher each time an update is sent to the server. And to prevent a thief from figuring out the original seed by analyzing past messages, the software also generates a new seed by morphing the original one in a seemingly random way each time an update is sent.
Adeona works with Windows, Macintosh, and Linux. For Mac users, there is an add-on that periodically takes photographs using the laptop's built-in camera, to provide even more evidence to show the police. Kohno notes that the software is designed to improve the privacy of laptop-tracking systems. A savvy thief could still get around the systems by wiping clean a stolen laptop's hard drive before connecting it to the Internet.
Nonetheless, some other experts are impressed by the idea. "When your laptop is stolen, you want the chances of it being recovered to be as high as possible," says Lawrence Teo, vice president of development at Calyptix Security, based in Charlotte, NC, who has been testing Adeona on his own system for several months. A lazy or careless thief may leave the tool in place, Teo says, giving the software enough time to work.
"It's much easier to build a laptop-recovery system that is detrimental to privacy rather than one that preserves it," says Aviel Rubin, a security and privacy researcher and professor of computer science at Johns Hopkins University. "Most people are focusing on convenience and data-mining capabilities and forgetting about privacy. Seeing an effort to build something that will not compromise privacy even though it has every potential to--for me, it's refreshing."
Furthermore, since the source code for Adeona has also been published openly, Rubin says that users should feel better able to trust its security. "People can look at the software and see that there are no back doors, and that it really does preserve privacy the way that they say," he points out. "They're basically putting all their cards on the table."
The researchers are currently working on a version of Adeona for the iPhone, and Kohno hopes that other software developers will contribute to the project. "We're hoping other people will take this idea and extend it in other ways to make it more useful--for other types of electronic devices, or for other types of forensic confirmation," he says.