Mobile encryption for laptop data protection (MELP)

Based on the advances in laptop technologies and the mobility characteristics, laptops have become a vital device used at various places. Usually, numerous sensitive files such as credit card numbers and Web cookies are stored on laptops for convenient usage. However, if a laptop is stolen, the data stored on it is easily leaked; which may cause serious consequences. Encrypting files by encryption keys is a general solution; however, if the decryption keys are also stored on laptops, the files can also be decrypted by adversaries easily. To solve this problem, this paper proposes the Mobile Encryption for Laptop data Protection (MELP) system. MELP includes the design of an online server and mobile phone, and encrypts each sensitive file by a file system encryption key, which is further sequentially encrypted twice by the phone's and server's encryption keys. The reason of adopting a mobile phone is that at least one simple confirmation of execution must be performed by a user, and the reason of adopting an online server is that if both user's laptop and mobile phone are stolen, users can still disable the online decryption process on the server.

[1]  Donn Seeley,et al.  Password cracking: a game of wits , 1989, Communications of the ACM.

[2]  Adrian Perrig,et al.  Mobile user location-specific encryption (MULE): using your office as your password , 2010, WiSec '10.

[3]  Srivaths Ravi,et al.  Energy and execution time analysis of a software-based trusted platform module , 2007 .

[4]  Klaus Finkenzeller,et al.  Rfid Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification , 2003 .

[5]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[6]  Pavan,et al.  A common image processing framework for 2D barcode reading , 1999 .

[7]  Roxana Geambasu,et al.  Keypad: an auditing file system for theft-prone devices , 2011, EuroSys '11.

[8]  Heiko Stamer,et al.  A Software-Based Trusted Platform Module Emulator , 2008, TRUST.

[9]  Kanji Akahori,et al.  Introducing QR code in Classroom Management and Communication via Mobile Phone Application System , 2006 .

[10]  Jason Gait,et al.  Easy entry: the password encryption problem , 1978, OPSR.

[11]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[12]  John R. Williams,et al.  Pervasive RFID and Near Field Communication Technology , 2007, IEEE Pervasive Computing.

[13]  Hiroshi Hanaizumi,et al.  Barcode readers using the camera device in mobile phones , 2004, 2004 International Conference on Cyberworlds.

[14]  H. Kato,et al.  2D barcodes for mobile phones , 2005 .

[15]  Himanshu Khurana,et al.  Review and Revocation of Access Privileges Distributed with PKI Certificates , 2000, Security Protocols Workshop.

[16]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[17]  Brian D. Noble,et al.  Zero-interaction authentication , 2002, MobiCom '02.

[18]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[19]  David C. Wyld Preventing the "Worst Case Scenario: " Combating the Lost Laptop Epidemic with RFID Technology , 2008, TeNe.

[20]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[21]  Andrea L. Foster Increase in Stolen Laptops Endangers Data Security. , 2008 .

[22]  Ernst Haselsteiner Security in Near Field Communication ( NFC ) Strengths and Weaknesses , 2006 .

[23]  Ning Zhang,et al.  Revocation invocation for accountable anonymous PKI certificate trees , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[24]  Jerry Zeyu Gao,et al.  Understanding 2D-BarCode Technology and Applications in M-Commerce - Design and Implementation of A 2D Barcode Processing Solution , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[25]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[26]  Elias Levy,et al.  Worst-Case Scenario , 2006, IEEE Security & Privacy.

[27]  Y. Takahashi,et al.  Development of the traceability system which secures the safety of fishery products using the QR code and a digital signature , 2004, Oceans '04 MTS/IEEE Techno-Ocean '04 (IEEE Cat. No.04CH37600).

[28]  David C. Wyld Help! Someone Stole My Laptop!: How RFID Technology Can Be Used to Counter the Growing Threat of Lost Laptops , 2009 .

[29]  Fred B. Schneider,et al.  Hypervisor-based fault tolerance , 1996, TOCS.

[30]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.