How to protect your laptop—even when it's asleep

November 23, 2016
Credit: Concordia University

In the age of WikiLeaks, Russian hacks and increased government surveillance, many computer users are feeling increasingly worried about how best to protect their personal information—even if they aren't guarding state secrets.

Luckily, there's a solution: Hypnoguard, powerful new software developed by Concordia University researchers to safeguard even when computer is in .

Sweet dreams are made of this

"Protecting data is especially difficult when a computer goes to sleep, which happens when a laptop's lid is closed, or after a certain period of user inactivity," explains PhD candidate Lianying Zhao.

He explains that if a computer in this mode falls into the wrong hands, a malicious person can extract the data found in the machine's random-access memory (RAM) in a number of technical ways.

"It's been a known problem for several years, but no one's proposed a viable way to solve it. Until now."

You are getting sleepy ...

Zhao developed the Hynoguard system with Mohammad Mannan, an associate professor with the Concordia Institute for Information Systems Engineering.,

It's designed to protect "data-in-sleep." When installed, the system encrypts the computer's RAM before it enters sleep mode, and then decrypts the data upon waking with hardware-backed uncircumventible user re-authentication.

"The entire process is transparent to the user, who simply enters a regular 'unlock' password when the computer wakes up," explains Mannan. "There's almost no impact on usability. For an average computer with eight gigabytes of memory, the process only takes about a second."

He and Zhao designed the system by carefully integrating password-based authentication with widely available hardware security features in modern consumer-grade computers. They unveiled their work at the 2016 ACM Conference on Computer and Communications Security this October in Vienna.

Coming to a laptop near you

Having just filed a provisional US patent for the system, Mannan and Zhao hope that members of the general population as well as corporate and state users will soon be able to use Hypnoguard to protect critical data.

"Professionals for whom security is paramount—people like government agents, journalists and businessmen—should benefit the most in terms of protecting secrets in RAM. If their is lost or stolen, or if they are forced to reveal their password, Hypnoguard will provide that extra layer of protection. And if it's combined with Gracewipe, another of our security systems, both RAM and disk data will be safe against password guessing and coercion attacks."

Explore further: Will the hack of 500 million Yahoo accounts get everyone to protect their passwords?

More information: 1. Read the Hypnoguard paper from the ACM Conference proceedings.

2. Read the Gracewipe paper from the ISOC proceedings.

Related Stories

Changing SIM card number for more secure mobile phone

November 23, 2016

A continuously changing SIM card number ensures that your mobile phone can no longer be traced and tapped and enables it to check whether it is in contact with an authentic radio tower. Computer scientist Fabian van den Broek ...

Not so safe: Security software can put computers at risk

May 4, 2016

Is the antivirus program running on your computer really making your computers safer to use, say, for online banking? Is the parental control software you bought to keep your 13-year-old off porn sites downgrading the overall ...

Protecting data assets with two-factor authentication

February 3, 2016

To better protect the Institute's data – including employee data – from future cyber risks, the Office of Information Technology (OIT) will begin deploying two-factor authentication to early adopters across campus in ...

Recommended for you

Firms push hydrogen as top green energy source

January 18, 2017

Over a dozen leading European and Asian firms have teamed up to promote the use of hydrogen as a clean fuel and cut the production of harmful gasses that lead to global warming.

WhatsApp vulnerable to snooping: report

January 13, 2017

The Facebook-owned mobile messaging service WhatsApp is vulnerable to interception, the Guardian newspaper reported on Friday, sparking concern over an app advertised as putting an emphasis on privacy.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.