LERSSE-RefJnlPaper-2017-001

Decoupling data-at-rest encryption and smartphone locking with wearable devices

Ildar Muslukhov ; San-Tsai Sun ; Primal Wijesekera ; Yazan Boshmaf ; Konstantin Beznosov

05 July 2016

Abstract: Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones allow users to enable data encryption, which uses a locking password to protect the data encryption key. Unfortunately, users either do not lock their devices at all, due to usability issues, or use weak and easy to guess 4-digit PINs. This makes the current approach of protecting confidential data-at-rest ineffective against password guessing attackers. To address this problem we design, implement and evaluate the Sidekick system — a system that uses a wearable device to decouple data encryption and smartphone locking. Evaluation of the Sidekick system revealed that the proposal can run on an 8-bit System-on-Chip, uses only 4 Kb/20 Kb of RAM/ROM, allows data encryption key fetching in less than two seconds, while lasting for more than a year on a single coin-cell battery.


Published in: I. Muslukhov, S.-T. Sun, P. Wijesekera, Y. Boshmaf, K. Beznosov, “Decoupling data-at-rest encryption and smartphone locking with wearable devices,” Pervasive and Mobile Computing, v. 32, 2016, 26-34.:

The record appears in these collections:
Refereed Journal Papers

 Record created 2017-07-12, last modified 2017-07-12


Fulltext:
Download fulltextPDF Download fulltextPDF (PDFA)
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)