http://iet.metastore.ingenta.com
1887

Mobile encryption for laptop data protection (MELP)

Mobile encryption for laptop data protection (MELP)

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Based on the advances in laptop technologies and the mobility characteristics, laptops have become a vital device used at various places. Usually, numerous sensitive files such as credit card numbers and Web cookies are stored on laptops for convenient usage. However, if a laptop is stolen, the data stored on it is easily leaked; which may cause serious consequences. Encrypting files by encryption keys is a general solution; however, if the decryption keys are also stored on laptops, the files can also be decrypted by adversaries easily. To solve this problem, this paper proposes the Mobile Encryption for Laptop data Protection (MELP) system. MELP includes the design of an online server and mobile phone, and encrypts each sensitive file by a file system encryption key, which is further sequentially encrypted twice by the phone's and server's encryption keys. The reason of adopting a mobile phone is that at least one simple confirmation of execution must be performed by a user, and the reason of adopting an online server is that if both user's laptop and mobile phone are stolen, users can still disable the online decryption process on the server.

References

    1. 1)
      • A.L. Foster . Increase in stolen laptops endangers data security. Chronicle High. Educ. , 43
    2. 2)
    3. 3)
      • D.C. Wyld . Preventing the “worst case scenario”: combating the lost laptop epidemic with rfid technology.
    4. 4)
      • Studer, A., Perrig, A.: `Mobile user location-specific encryption (MULE): using your office as your password', Proc. ACM Conf. Wireless Network Security (WiSec), March 2010, p. 151–162.
    5. 5)
      • Geambasu, R., John, J.P., Gribble, S.D., Kohno, T., Levy, H.M.: `Keypad: an auditing file system for theft-prone devices', Proc. European Conf. Computer Systems (EuroSys), 2011, p. 1–16.
    6. 6)
    7. 7)
    8. 8)
    9. 9)
    10. 10)
      • X. Lai , J.L. Massey . (2006) A proposal for a new block encryption standard.
    11. 11)
      • M. Tatebayashi , N. Matsuzaki , D.B. Newman . (1990) Key distribution protocol for digital mobile communication systems.
    12. 12)
      • Corner, M.D., Noble, B.D.: `Zero-interaction authentication', Proc. Eighth Annual Int. Conf. Mobile Computing and Networking (MobiCom '02), 2002, p. 1–11.
    13. 13)
      • K. Finkenzeller . (2010) RFID handbook: fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication.
    14. 14)
      • Haselsteiner, E., Breitfuss, K.: `Security in near field communication (NFC) strengths and weaknesses', Workshop on RFID Security, 2006, p. 1–11.
    15. 15)
    16. 16)
      • Ottaviani, E., Pava, A., Bottazi, M., Brunclli, E., Casclli, F., Guerreo, M.: `A common image processing framework for 2D barcode reading', Seventh Int. Conf. Image Processing and its Applications, 1999, p. 652–655.
    17. 17)
      • Gao, J.Z., Prakash, L., Jagatesan, R.: `Understanding 2D-BarCode technology and applications in M-commerce – design and implementation of a 2D barcode processing solution', Proc. 31st Int. Conf. Annual Int. Computer Software and Applications, 2007, p. 49–56.
    18. 18)
      • Kato, H., Tan, K.T.: `2D barcodes for mobile phones', Proc. Second Int. Conf. Mobile Technology, Applications and Systems, 2005, p. 8.
    19. 19)
      • Seino, K., Kuwabara, S., Mikami, S.: `Development of the traceability system which secures the safety of fishery products using the QR code and a digital signature', Proc. MTS/IEEE TECHNO-OCEAN, 2004, Kobe, 1, p. 476–481.
    20. 20)
      • Ohbuchi, E., Hanaizumi, H., Hock, L.A.: `Barcode readers using the camera device in mobile phones', IEEE Int. Conf. Cyberworlds (CW04), 2004, p. 260–265.
    21. 21)
      • Chaisatien, P., Akahori, K.: `Introducing QR code in classroom management and communication via mobile phone application system', Proc. World Conf. Educational Multimedia, Hypermedia and Telecommunications, 2006, p. 2181–2187.
    22. 22)
      • S. Bajikar . (2002) Trusted platform module (TPM) based security on notebook PCs-white paper.
    23. 23)
      • M. Strasser , H. Stamer . (2008) A software-based trusted platform module emulator.
    24. 24)
      • Aaraj, N., Raghunathan, A., Ravi, S., Jha, N.K.: `Energy and execution time analysis of a software-based trusted platform module', Proc. of 2007 Design, Automation & Test in Europe Conference & Exhibition (DATE '07), 2007, p. 1128–1133.
    25. 25)
      • McCune, J.M., Li, Y.: `TrustVisor: efficient TCB reduction and attestation', Proc. IEEE Symp. Security and Privacy (Oakland 2010), 2010, p. 143–158.
    26. 26)
      • Bressoud, T.C., Schneider, F.B.: `Hypervisor-based fault-tolerance', Proc. Symp. on Operating Systems Principles, 1995, p. 1–11.
    27. 27)
      • Sailer, R., Jaeger, T., Valdez, E.: `Building a MAC-based security architecture for the xen open-source hypervisor', Proc. 2005 Annual Computer Security Applications Conf., 2005, p. 276–285.
    28. 28)
      • Seshadri, A., Luk, M., Qu, N., Perrig, A.: `SecVisor: a tiny hypervisor to provide lifetime Kernel code integrity for commodity OSes', ACM Symp. Operating Systems Principles (SOSP), 2007, p. 335–350.
    29. 29)
      • Arnes, A., Knapskog, S.J.: `Selecting revocation solutions for PKI', Proc. NORDSEC 2000, Fifth Nordic Workshop on Secure IT Systems, 2000, p. 1–16.
    30. 30)
      • Khurana, H., Gligor, V.D.: `Review and revocation of access privileges distributed with PKI certificates', Proc. Security Protocols Workshop, 2002, p. 100–112.
    31. 31)
      • Critchlow, D., Zhang, N.: `Revocation invocation for accountable anonymous PKI certificate trees', The nineth IEEE Symp. on Computers and Communications (ISCC'2004), 2004, p. 386–392.
    32. 32)
      • Gough, V.: The EncFS, available at http://www.arg0.net/encfs, 2011.
    33. 33)
      • Xing, Z.: available at http:// www.code.google.com/p/zxing/, 2011.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2011.0347
Loading

Related content

content/journals/10.1049/iet-ifs.2011.0347
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address