Proposal: Personal Data Encryption (maybe SoC?)
Mikko J Rauhala
mjrauhal at cc.helsinki.fi
Thu Mar 22 12:36:53 CET 2007
On to, 2007-03-22 at 11:31 +0100, Sven Neuhaus wrote:
> One remaining question is if the user manually wants to lock the phone
> during use (usually with a PIN). We can't really unmount the microSD card
> because then the phonebook is unavailable and incoming calls can't tell who
> is calling (and thus how to treat the call). So I guess it remains mounted
> all the time, which considerably lowers security of course.
Well, I wouldn't say considerably, if you lock it down so that it'll
only be able to receive calls without the PIN (and a few false PINs will
unmount the encrypted microSD, as you say; perhaps even just turn the
phone off, accomplishing the same). You still leak a bit of information
from incoming calls (caller ID, caller ringtone, etc), but I wouldn't
call that considerable.
Of course, a severe security bug in the lockdown program would in this
case compromise the whole encrypted microSD; the code where such a thing
can happen should be isolated and under extra scrutiny.
> Perhaps the phone should unmount the card after you enter the wrong PIN
> a few times, or enter a special PANIC-PIN.
Yeah, a short panic code would be good too.
Mikko J Rauhala <mjrauhal at cc.helsinki.fi>
University of Helsinki
More information about the community