Private data protection.

Ilja O. vrghost at gmail.com
Tue May 27 18:16:23 CEST 2008


Hello.

Recent Lifehacher article [1] rose a privacy-related question in my
head -- how to protect user personal data if phone is stolen?

First of all - I assume that phone was stolen for it's physical
contents (and not to steal your data), so attacker will likely just to
turn it on, and won't attempt any more sophisticated type of attack.

What could be done to prevent such attacker from obtaining of e.g. my
saved browser sessions?

Personally I can see three easy ways of protection (aka without entry
of additional passwords and physically connection of key-congaing
storage devices).

Both include have having some kind of encrypted file system image
stored in phone file system. Of course it should use key-based
encryption, so the main challenge is to provide easy way to enter key
(without need to remember any new meaningless number-digit mumbo-jumbo
"password").

1) Auth using PIN number (this requires encrypted image presence in
phone file system by it's boot time end -- not reallyl convenient if
SD card is used).
2) Auth using key file accessible on network (when phone is connected
to your computer or local network). This means that auth can be
performed only in your place (home, work...).
3) Auth using presence of another bluetooth or WiFi device (the MAC
address of this device is used as key). This means that phone fully
unlocks when your bluetooth mouse or router are around. ;)

AFAIK the best way to use such encrypted data in device like mobile
phone (taking in account that any kind of encryption requires
processor and processor requires electricity), it would be nice to
create temporary file system in phones' RAM, copy encrypted data to it
(during the copy also unencrypting it) and make applications to use
data from RAM while operating the phone. But how to sync data from RAM
back to encrypted file system?

By the way, I'm writing this mail just to ask - does anyone has any
other ideas or proposals?
Or, maybe, it is already implemented, tested and I'm inventing bicice?

[1] http://lifehacker.com/393336/protect-your-stolen-mobile-phone




More information about the community mailing list