Decoupling data-at-rest encryption and smartphone locking with wearable devices

Ildar Muslukhov, San Tsai Sun, Primal Wijesekera, Yazan Boshmaf, Konstantin Beznosov

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones allow users to enable data encryption, which uses a locking password to protect the data encryption key. Unfortunately, users either do not lock their devices at all, due to usability issues, or use weak and easy to guess 4-digit PINs. This makes the current approach of protecting confidential data-at-rest ineffective against password guessing attackers. To address this problem we design, implement and evaluate the Sidekick system — a system that uses a wearable device to decouple data encryption and smartphone locking. Evaluation of the Sidekick system revealed that the proposal can run on an 8-bit System-on-Chip, uses only 4 Kb/20 Kb of RAM/ROM, allows data encryption key fetching in less than two seconds, while lasting for more than a year on a single coin-cell battery.

Original languageEnglish
Pages (from-to)26-34
Number of pages9
JournalPervasive and Mobile Computing
Volume32
DOIs
Publication statusPublished - 1 Oct 2016
Externally publishedYes

Fingerprint

Smartphones
Locking
Decoupling
Encryption
Cryptography
Password
ROM
Electronic mail
Random access storage
Disclosure
Guess
Electronic Mail
Digit
Battery
Usability
Industry
Evaluate
Cell
Evaluation

Keywords

  • Data-at-rest encryption
  • Encryption keys management
  • Smartphone locking
  • Smartphone loss and theft
  • Wearable devices

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Applied Mathematics

Cite this

Decoupling data-at-rest encryption and smartphone locking with wearable devices. / Muslukhov, Ildar; Sun, San Tsai; Wijesekera, Primal; Boshmaf, Yazan; Beznosov, Konstantin.

In: Pervasive and Mobile Computing, Vol. 32, 01.10.2016, p. 26-34.

Research output: Contribution to journalArticle

Muslukhov, Ildar ; Sun, San Tsai ; Wijesekera, Primal ; Boshmaf, Yazan ; Beznosov, Konstantin. / Decoupling data-at-rest encryption and smartphone locking with wearable devices. In: Pervasive and Mobile Computing. 2016 ; Vol. 32. pp. 26-34.
@article{dcf9dbfa36af40de8577a4d623a55e11,
title = "Decoupling data-at-rest encryption and smartphone locking with wearable devices",
abstract = "Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones allow users to enable data encryption, which uses a locking password to protect the data encryption key. Unfortunately, users either do not lock their devices at all, due to usability issues, or use weak and easy to guess 4-digit PINs. This makes the current approach of protecting confidential data-at-rest ineffective against password guessing attackers. To address this problem we design, implement and evaluate the Sidekick system — a system that uses a wearable device to decouple data encryption and smartphone locking. Evaluation of the Sidekick system revealed that the proposal can run on an 8-bit System-on-Chip, uses only 4 Kb/20 Kb of RAM/ROM, allows data encryption key fetching in less than two seconds, while lasting for more than a year on a single coin-cell battery.",
keywords = "Data-at-rest encryption, Encryption keys management, Smartphone locking, Smartphone loss and theft, Wearable devices",
author = "Ildar Muslukhov and Sun, {San Tsai} and Primal Wijesekera and Yazan Boshmaf and Konstantin Beznosov",
year = "2016",
month = "10",
day = "1",
doi = "10.1016/j.pmcj.2016.06.016",
language = "English",
volume = "32",
pages = "26--34",
journal = "Pervasive and Mobile Computing",
issn = "1574-1192",
publisher = "Elsevier",

}

TY - JOUR

T1 - Decoupling data-at-rest encryption and smartphone locking with wearable devices

AU - Muslukhov, Ildar

AU - Sun, San Tsai

AU - Wijesekera, Primal

AU - Boshmaf, Yazan

AU - Beznosov, Konstantin

PY - 2016/10/1

Y1 - 2016/10/1

N2 - Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones allow users to enable data encryption, which uses a locking password to protect the data encryption key. Unfortunately, users either do not lock their devices at all, due to usability issues, or use weak and easy to guess 4-digit PINs. This makes the current approach of protecting confidential data-at-rest ineffective against password guessing attackers. To address this problem we design, implement and evaluate the Sidekick system — a system that uses a wearable device to decouple data encryption and smartphone locking. Evaluation of the Sidekick system revealed that the proposal can run on an 8-bit System-on-Chip, uses only 4 Kb/20 Kb of RAM/ROM, allows data encryption key fetching in less than two seconds, while lasting for more than a year on a single coin-cell battery.

AB - Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones allow users to enable data encryption, which uses a locking password to protect the data encryption key. Unfortunately, users either do not lock their devices at all, due to usability issues, or use weak and easy to guess 4-digit PINs. This makes the current approach of protecting confidential data-at-rest ineffective against password guessing attackers. To address this problem we design, implement and evaluate the Sidekick system — a system that uses a wearable device to decouple data encryption and smartphone locking. Evaluation of the Sidekick system revealed that the proposal can run on an 8-bit System-on-Chip, uses only 4 Kb/20 Kb of RAM/ROM, allows data encryption key fetching in less than two seconds, while lasting for more than a year on a single coin-cell battery.

KW - Data-at-rest encryption

KW - Encryption keys management

KW - Smartphone locking

KW - Smartphone loss and theft

KW - Wearable devices

UR - http://www.scopus.com/inward/record.url?scp=84992724010&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84992724010&partnerID=8YFLogxK

U2 - 10.1016/j.pmcj.2016.06.016

DO - 10.1016/j.pmcj.2016.06.016

M3 - Article

AN - SCOPUS:84992724010

VL - 32

SP - 26

EP - 34

JO - Pervasive and Mobile Computing

JF - Pervasive and Mobile Computing

SN - 1574-1192

ER -