Keeping data secret under full compromise using porter devices

Christina Pöpper, David Basin, Srdjan Čapkun, Cas Cremers

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We address the problem of confidentiality in scenarios where the attacker is not only able to observe the communication between principals, but can also fully compromise the communicating parties (their devices, not only their long term secrets) after the confidential data has been exchanged. We formalize this problem and explore solutions that provide confidentiality after the full compromise of devices and user passwords. We propose two new solutions that use explicit key deletion and forward-secret protocols combined with key storage on porter devices. Our solutions provide the users with control over their privacy. We analyze the proposed solutions using an automatic verification tool. We also implement a prototype using a mobile phone as a porter device to illustrate how the solution can be realized on modern platforms.

Original languageEnglish (US)
Title of host publicationProceedings - 26th Annual Computer Security Applications Conference, ACSAC 2010
PublisherIEEE Computer Society
Pages241-250
Number of pages10
ISBN (Print)9781450301336
DOIs
StatePublished - 2010

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Keywords

  • full compromise
  • security protocol
  • system security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Keeping data secret under full compromise using porter devices'. Together they form a unique fingerprint.

Cite this