Implementing and Optimizing an Encryption Filesystem on Android

The recent surge in popularity of smart handheld devices, including smart-phones and tablets, has given rise to new challenges in protection of Personal Identifiable Information (PII). Indeed, modern mobile devices store PII for applications that span from email to SMS and from social media to location-based services increasing the concerns of the end user's privacy. Therefore, there is a clear need and expectation for PII data to be protected in the case of loss, theft, or capture of the portable device. In this paper, we present a novel FUSE (File system in User space) encryption file system to protect the removable and persistent storage on heterogeneous smart gadget devices running the Android platform. The proposed file system leverages NIST certified cryptographic algorithms to encrypt the data-at-rest. We present an analysis of the security and performance trade-offs in a wide-range of usage and load scenarios. Using existing known micro benchmarks in devices using encryption without any optimization, we show that encrypted operations can incur negligible overhead for read operations and up to twenty (20) times overhead for write operations for I/O-intensive programs. In addition, we quantified the database transaction performance and we observed a 50% operation time slowdown on average when using encryption. We further explore generic and device specific optimizations and gain 10% to 60% performance for different operations reducing the initial cost of encryption. Finally, we show that our approach is easy to install and configure across all Android platforms including mobile phones, tablets, and small notebooks without any user perceivable delay for most of the regular Android applications.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Roxana Geambasu,et al.  Keypad: an auditing file system for theft-prone devices , 2011, EuroSys '11.

[3]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.

[4]  Mahadev Satyanarayanan,et al.  Improving mobile database access over wide-area networks without degrading consistency , 2007, MobiSys '07.

[5]  Joseph G. Tront,et al.  Effects of Wi-Fi and Bluetooth Battery Exhaustion Attacks on Mobile Devices , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[6]  Angelos Stavrou,et al.  Exploiting smart-phone USB connectivity for fun and profit , 2010, ACSAC '10.

[7]  Trent Jaeger,et al.  Measuring integrity on mobile phone systems , 2008, SACMAT '08.

[8]  Ashish Gehani,et al.  Performance and extension of user space file systems , 2010, SAC '10.

[9]  Sarah M. Diesburg,et al.  A survey of confidential data storage and deletion methods , 2010, CSUR.

[10]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[11]  Cristian Ungureanu,et al.  Examining storage performance on mobile devices , 2011, MobiHeld '11.

[12]  Roy H. Campbell,et al.  Cloaker: Hardware Supported Rootkit Concealment , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[13]  眞柄 賢一,et al.  Boost C++ Libraryの紹介 , 2012 .

[14]  Yookun Cho,et al.  Secure deletion for NAND flash file system , 2008, SAC '08.

[15]  Arati Baliga,et al.  Rootkits on smart phones: attacks, implications and opportunities , 2010, HotMobile '10.

[16]  Hao Chen,et al.  Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery , 2006, 2006 Securecomm and Workshops.

[17]  Niraj Tolia,et al.  Benchmarks for mobile database access , 2007, MobiEval '07.

[18]  Dan Boneh,et al.  Address space randomization for mobile devices , 2011, WiSec '11.

[19]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[20]  Michael S. Hsiao,et al.  Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.