Wireless lock

Last updated

Wireless lock is a protection concept for authenticated LAN or WLAN network clients offered from various vendors in various functional shapes and physical designs. In contrast to wireless keys, wireless lock puts emphasis on automatic locking instead of just locking by time-out or unlocking.

Contents

The wireless lock concept supports initialising the client with authentication and log-on as electronic key solutions. Beyond that a wireless lock supports automatic log-off after user leaves unlocked network client and independent from time-out conditions. Protection comes into effect, while integrated or galvanically attached and paired receiver/transceiver stays connected with protected client object as soon as wireless token gets separated from client exceeding a set maximum allowed distance, generally the manual reach required for operating keyboard attached to client.

Currently (2011-07) there is no general standard supporting inter-operability of wireless lock concepts.

Usage principles

The wireless token serves as an independent second authentication factor. Local pairing of token with protected networked client object is the authentication procedure. Personalisation of token with user is a preparative action that may be administered apart from network. Allocated user credentials shall be served from networked authorisation server for allowed access to data and function and from authentication server for allowed access to network and clients.

A wireless communication distance metrics sets the protected object to "locked", as soon as the set distance level between paired transmitter and receiver of a wireless signal transmission is exceeded. The protected object returns to status "unlocked" as soon as the distance gets lesser and the received signal strength level higher than set limit. Transmitters may be worn by the owner of an object, whereas the other receiver item gets attached to the protected object for logically protecting it to usage by the owner only.

Basic electronic gadget is a wireless token that communicates with a counterpart attached to the object to be controlled wirelessly. User guides for mode of operation recommend to bear a very light designed alarm token with a necklace, a wristband or similarly directly bound to the body. Very low transmission power levels secure low electromagnetic interference as well as entirely biologically harmless operation

After setting the object to protect to work and initially pairing the two wireless token devices with each other, the protected object refuses operation when exceeding the set distance between token and protected object.

Advanced solutions offer communications on the basis of standardized communication protocols and based on standardized air interface links.

Simple solutions make use of passive RFID tokens, thus requiring a higher transmission level from a reader attached to the protected object and illuminating the token for response. Chosen frequency band and allowed maximum transmission power level define the possible reach for the response from the token in the vicinity of the protected object.

Applications

Application is mainly known PC locking under for authenticated log-in conditions. Protected object controlling works with the token at hands working as a transceiver (RFID passive) or beacon transmitter (RFID active. Currently some similar applications are offered by several no-name vendors and under non-guaranteed specification.

Standardization

Relevant existing standard for such application is Bluetooth V4.0 Low Energy of 2009-12-17 with the profiles Find Me and Proximity. [2]

Security modes

Published concepts for secure key transmission are published in several context. [3] Standardisation in IETF (PKI), W3C (XML), ITU (X.509) is going on. Basically there are different concepts available for implementing a sound security concept:

Metrics options

The metrics options for detecting separation of protected object and authenticated user have to take into account various physical phenomena and thus offer a variety of signal processing to overcome

The safe approach is travel time estimation with ultra-short pulses (e.g. UWB and CSS), the cheap approach is RSSI estimate with just variation of power levels.[ citation needed ]

Standards based products available

Many current product offers with reference to communication standards are just prototypes. Basic design is proposed e.g. with Texas Instruments sample offer using Bluetooth V4.0 low energy protocol standard [4] and with comparable proposals of other chip foundries.

Critics

Currently (2011-07) there is no certified product according to ISO/IEC 15408 security requirements on offer. However any workable solution is better than nothing compared to logged-in work positions left unobserved.[ citation needed ]

Freeware implementation

Well known implementation is Linux and Windows available BlueProximity [5] solution. The hosting on PC like systems allows for detecting presence of mobile phones in proximity to PC-attached Bluetooth dongle or equivalent interface. PC gets locked on leave. Reported and other simple deficiencies of this solution are:

However this Bluetooth based approach is the best protected solution compared to other proprietary approaches without means comparable to mobile phone SIM locking or to Bluetooth link protection.

Advantages

Basic infrastructure requirements with wireless locking are very low. There are no additional server function requirements beyond public key infrastructure standards. The infrastructure requirement to include wireless receiver to protected objects via integration or using dongles is state-of-the-art. All tampering may be detected automatically. Attachment of receiver/transmitter in dongle shaping to protected object is easily made via USB port. Small security application will make use of protection mechanisms of operating system of protected object. Neither dongle nor protected unit may be compromised as long as any tampering of security application gets detected.

Major advantage with wireless locking comes with automating log-off. Hence common lacking of caution by mobile users may be entirely compensated. Automatic wireless authentication factors do not require any handling. The only requirement to the user just to wear a token without any keying is unsurpassed in comfort and functional value. Wireless locking provides additional security for networks against fraudulent access and usage. Reported security deficits with second factor authentication may be compensated by reducing all burdens with keeping, handling and wearing such factors. [6]

Transmission power of the wireless token for the object may be very low in the 1 mW range, as just the distance between the bearer and the item to be protected shall be bridged. That is a level causing no harm in any environment nor electromagnetic interference to sensitive may occur, i.e. interference with medical devices may be neglected.

Wireless locking offers best robustness against de-authentication attacks. Continuous connection based encrypted key exchange between active token and receiver dongle provides a sufficient security level prepared for certification under ISO/IEC 15408 common criteria specification. Initially connection based encrypted key exchange serves for a lower security level which appears sufficient for most requirements.

Disadvantages

All known approaches for wireless locking are either proprietary [7] or just industrial standard, as e.g. ZigBee, ANT or other communication platforms, hence requiring special pairing of token and receiver/transmitter resp. Adherence to wireless air interface standards and wireless communications protocols compensates for such top level standardisation gap.

Unidirectional communication between beaconing token and receiver dongle may be hacked with Man-in-the-middle attack. [8] However, connection based challenge–response initialisation serves a much higher security level.

Clear specification of battery wear is not published with all known vendors' offerings.

See also

Transmission concepts

Related Research Articles

Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limited to 2.5 milliwatts, giving it a very short range of up to 10 metres (33 ft). It employs UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz. It is mainly used as an alternative to wire connections, to exchange files between nearby portable devices and connect cell phones and music players with wireless headphones.

<span class="mw-page-title-main">Access control</span> Selective restriction of access to a place or other resource, allowing only authorized users

In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion, often the identity of a computer system user

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. Hence, Zigbee is a low-power, low data rate, and close proximity wireless ad hoc network.

<span class="mw-page-title-main">Software protection dongle</span> Electronic software copy protection device

A software protection dongle is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.

<span class="mw-page-title-main">Security token</span> Device used to access electronically restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens include wireless keycards used to open locked doors, or a banking token used as a digital authenticator for signing in to online banking, or signing a transaction such as a wire transfer.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some protocols and optional in others (TLS).

Proximity marketing is the localized wireless distribution of advertising content associated with a particular place. Transmissions can be received by individuals in that location who wish to receive them and have the necessary equipment to do so.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

<span class="mw-page-title-main">Indoor positioning system</span>

An indoor positioning system (IPS) is a network of devices used to locate people or objects where GPS and other satellite technologies lack precision or fail entirely, such as inside multistory buildings, airports, alleys, parking garages, and underground locations.

Bluetooth advertising is a method of mobile marketing that utilizes Bluetooth technology to deliver content such as message, information or advertisement to mobile devices such as cellular phones or tablet computer. Bluetooth advertising can also be received via laptop or PDA.

<span class="mw-page-title-main">Radio</span> Technology of using radio waves to carry information

Radio is the technology of signaling and communicating using radio waves. Radio waves are electromagnetic waves of frequency between 3 hertz (Hz) and 300 gigahertz (GHz). They are generated by an electronic device called a transmitter connected to an antenna which radiates the waves, and received by another antenna connected to a radio receiver. Radio is widely used in modern technology, in radio communication, radar, radio navigation, remote control, remote sensing, and other applications.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence. MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

<span class="mw-page-title-main">Silicon Labs</span> Global technology company

Silicon Laboratories, Inc. is a fabless global technology company that designs and manufactures semiconductors, other silicon devices and software, which it sells to electronics design engineers and manufacturers in Internet of Things (IoT) infrastructure worldwide.

<span class="mw-page-title-main">RF module</span>

An RF module is a (usually) small electronic device used to transmit and/or receive radio signals between two devices. In an embedded system it is often desirable to communicate with another device wirelessly. This wireless communication may be accomplished through optical communication or through radio-frequency (RF) communication. For many applications, the medium of choice is RF since it does not require line of sight. RF communications incorporate a transmitter and a receiver. They are of various types and ranges. Some can transmit up to 500 feet. RF modules are typically fabricated using RF CMOS technology.

A short-range device (SRD), described by ECC Recommendation 70-03, is a radio-frequency transmitter device used in telecommunication for the transmission of information, which has low capability of causing harmful interference to other radio equipment.

Bluetooth beacons are hardware transmitters — a class of Bluetooth Low Energy (LE) devices that broadcast their identifier to nearby portable electronic devices. The technology enables smartphones, tablets and other devices to perform actions when in close proximity to a beacon.

GateKeeper is a wireless proximity-based access control and authentication device that allows a user to automatically lock their computer by walking away and unlock it by walking back. The GateKeeper consists of a key fob, a USB dongle to transmit the wireless signal, and software to manage user credentials. The device also functions as a password manager.

References

  1. Mass market proximity sensing and security
  2. Buckley, Paul (5 July 2011). "Finalization of Bluetooth low energy Find Me and Proximity profiles opens path to mass-market proximity sensing and security". eeNews Analog. Retrieved 9 August 2019.
  3. Toorani, M; Beheshti, A. A (2010). "LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments". 2008 11th IEEE Singapore International Conference on Communication Systems. pp. 162–166. arXiv: 1002.3299 . doi:10.1109/ICCS.2008.4737164. ISBN   978-1-4244-2423-8. S2CID   6663986.
  4. 2.4 GHz Bluetooth® low energy system-on-chip
  5. BlueProximity
  6. Bruce Schneier on security: The failure of two factor authentication
  7. Wireless PC Lock
  8. Bruce Schneier on security: Hacking Two-Factor Authentication
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.