Exploiting weak connectivity for mobile file access
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Petal: distributed virtual disks
Proceedings of the seventh international conference on Architectural support for programming languages and operating systems
Flexible update propagation for weakly consistent replication
Proceedings of the sixteenth ACM symposium on Operating systems principles
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Delegation of cryptographic servers for capture-resilient devices
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A low-bandwidth network file system
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Fast and secure distributed read-only file system
ACM Transactions on Computer Systems (TOCS)
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
File System Design with Assured Delete
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
SS'08 Proceedings of the 17th conference on Security symposium
Mobile user location-specific encryption (MULE): using your office as your password
Proceedings of the third ACM conference on Wireless network security
Vanish: increasing data privacy with self-destructing data
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Examining storage performance on mobile devices
MobiHeld '11 Proceedings of the 3rd ACM SOSP Workshop on Networking, Systems, and Applications on Mobile Handhelds
Enhancing accountability of electronic health record usage via patient-centric monitoring
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Protecting health information on mobile devices
Proceedings of the second ACM conference on Data and Application Security and Privacy
Revisiting storage for smartphones
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
Revisiting storage for smartphones
ACM Transactions on Storage (TOS)
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Iris: a scalable cloud file system with efficient integrity checks
Proceedings of the 28th Annual Computer Security Applications Conference
CloudSweeper: enabling data-centric document management for secure cloud archives
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
On the energy overhead of mobile storage systems
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
Lockbox: mobility, privacy and values in cloud storage
Ethics and Information Technology
| Hi-index | 0.00 |
This paper presents Keypad, an auditing file system for theft-prone devices, such as laptops and USB sticks. Keypad provides two important properties. First, Keypad supports fine-grained file auditing: a user can obtain explicit evidence that no files have been accessed after a device's loss. Second, a user can disable future file access after a device's loss, even in the absence of device network connectivity. Keypad achieves these properties by weaving together encryption and remote key storage. By encrypting files locally but storing encryption keys remotely, Keypad requires the involvement of an audit server with every protected file access. By alerting the audit server to refuse to return a particular file's key, the user can prevent new accesses after theft. We describe the Keypad architecture, a prototype implementation on Linux, and our evaluation of Keypad's performance and auditing fidelity. Our results show that Keypad overcomes the challenges posed by slow networks or disconnection, providing clients with usable forensics and control for their (increasingly) missing mobile devices.