Currently, the loss or theft of an unencrypted laptop can be a huge pain for an employee and/or their company.
If a laptop gets stolen out of a person’s car, or just gets forgotten in a train or cafe, it’s entirely possible that the laptop owner will now have to change all their passwords.
And if they were working on some sort of top-secret project, now it’s a major hassle to worry about what might (or might not) have been disclosed to a competitor.
Additionally, travelers to foreign countries with especially valuable company secrets may have to worry about state-sponsored corporate espionage.
If a user really plans to only use certain data while physically at work (and never access this data while off-site), the user’s laptop can have a special hard drive that can only be accessed while within range of a specific WiFi network (see the solid state hard drive mockup in Figure 1).
Thus, if the user misplaces their laptop or has it seized by a foreign government, there is literally no way to decrypt the data. (Unless the laptop makes its way back within range of the company’s WiFi network, but presumably the laptop would be blacklisted as soon as the theft/loss is discovered).
Fig 1: The hard drive is integrated with a WiFi radio; the decryption key must periodically be refreshed by proximity to the company’s WiFi key broadcasting system. If this hard drive is taken out of range, the hard drive locks itself again.
Since the drive must be within the range of the company’s WiFi “key” broadcaster in order to decrypt (Figure 2), it is nearly impossible laptop theft to result in exposure of sensitive data.
(If an adversary did steal an encrypted laptop, they would theoretically be able to access the data if they 1) know the user’s password and 2) are able to drive the laptop to the company’s parking lot (within range of the WiFi) before the theft is discovered and the laptop’s access credentials are revoked).
Fig 2: In order to access the files on the hard drive, the user must be within range of the “key broadcaster” (just a specially-configured WiFi network). Whenever the user takes their laptop off-site, the data will be totally inaccessible even if the user has the correct password.
Would an adversary be able to circumvent this system by having a co-conspirator sit in the company parking lot, capturing all the (encrypted) WiFi traffic and re-broadcasting it over the Internet? (It seems like this method would be extremely labor intensive, plus the parking-lot-infiltrator would need undetected access to the company network.)
PROS: Makes it impossible for foreign travelers to be coerced into revealing their laptop’s contents, since the laptop owner themselves cannot even access the data while traveling.
CONS: Opens up new way for a company to lose all of its data if the decryption broadcasting system fails.
You must be logged in to post a comment.