Decoupling data-at-rest encryption and smartphone locking with wearable devices

Ildar Muslukhov, San Tsai Sun, Primal Wijesekera, Yazan Boshmaf, Konstantin Beznosov

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones allow users to enable data encryption, which uses a locking password to protect the data encryption key. Unfortunately, users either do not lock their devices at all, due to usability issues, or use weak and easy to guess 4-digit PINs. This makes the current approach of protecting confidential data-at-rest ineffective against password guessing attackers. To address this problem we design, implement and evaluate the Sidekick system — a system that uses a wearable device to decouple data encryption and smartphone locking. Evaluation of the Sidekick system revealed that the proposal can run on an 8-bit System-on-Chip, uses only 4 Kb/20 Kb of RAM/ROM, allows data encryption key fetching in less than two seconds, while lasting for more than a year on a single coin-cell battery.

Original languageEnglish
Pages (from-to)26-34
Number of pages9
JournalPervasive and Mobile Computing
Volume32
DOIs
Publication statusPublished - 1 Oct 2016
Externally publishedYes

    Fingerprint

Keywords

  • Data-at-rest encryption
  • Encryption keys management
  • Smartphone locking
  • Smartphone loss and theft
  • Wearable devices

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Applied Mathematics

Cite this