Proposal: Personal Data Encryption (maybe SoC?)

Tobias Gruetzmacher nospam at
Sun Mar 18 22:41:42 CET 2007


Am Sun, 18 Mar 2007 18:24:31 +0100 schrieb Henryk Plötz:
>> What I'm proposing is a user-friendly encryption scheme of the data the
>> user stores in his phone, so any illegitimate user will not be able to
>> get personal data about the owner of the phone.
> I was thinking about something similar but with a different direction.
> One problem I see is that a thief could just connect a debug board and
> dump the complete memory. Therefore any secret positively must not be
> stored in the phone but instead in a smartcard for example.

That is certainly a problem. It would be nice if the phone needed a power-
cycle before connecting the debug interface to counter such attacks.

> If so we could use this function to key the encryption without actually
> extracting the secret from the SIM (I vaguely remember reading something
> about "remotely keyed encryption" which could be used here). An attacker
> dumping the memory would gain only those decrypted blocks that were
> currently in use and nothing more.

That, of course, would be really cool. Does somebody have more info about 
the SIM access of the GSM module? Would this approach be usable and fast 

> The alternative approach of storing and retrieving the secret (e.g. as
> an address book entry) has the significant drawback that the secret must
> always be present in the phone's memory and can potentially be read from
> there.

Yes, I'm aware of that. It would be really useful if we could protect 
against reading of memory (at least the phone does not have FireWire ;))

Greetings, Tobi

GPG-Key 0xE2BEA341 - signed/encrypted mail preferred
My, oh so small, homepage: - ISDN- & DSL-Router on one disk!
Registered FLI4L-User #00000003

More information about the community mailing list