EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Context Authentication Using Constrained Channels
WMCSA '02 Proceedings of the Fourth IEEE Workshop on Mobile Computing Systems and Applications
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Cryptographic Key Generation from Voice
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
TCG inside?: a note on TPM specification compliance
Proceedings of the first ACM workshop on Scalable trusted computing
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
ID-based secure distance bounding and localization
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
AVBPA'05 Proceedings of the 5th international conference on Audio- and Video-Based Biometric Person Authentication
Keypad: an auditing file system for theft-prone devices
Proceedings of the sixth conference on Computer systems
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Towards application-centric implicit authentication on smartphones
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
| Hi-index | 0.00 |
Data breaches due to stolen laptops are a major problem. Solutions exist to secure sensitive files on laptops, but are rarely deployed because users view them as inconvenient. This work examines how to provide an unobtrusive system to securely encrypt files on laptops. We observe that only a fraction of users' files contain sensitive information. In addition, the majority of users' accesses to these sensitive files occur while in a trusted location that malicious parties are unable to access. Rather than protecting all of the user's files, we secure user designated sensitive files that are rarely accessed outside of specified trusted locations. Our approach is to use information and services available only in a trusted location to assist in key derivation without user involvement and without authenticating the laptop to any outside service. We study two settings: home use where zero management overhead is needed (i.e., a "plug-and-play" solution) and a corporate setting where staff management of a whitelist of acceptable devices allows a higher level of security. We have implemented both systems and found automatic key derivation introduces a five second delay during the initial access to sensitive files.