Keeping data secret under full compromise using porter devices

Christina Pöpper, David Basin, Srdjan Čapkun, Cas Cremers
2010 Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10  
We address the problem of confidentiality in scenarios where the attacker is not only able to observe the communication between principals, but can also fully compromise the communicating parties (their devices, not only their long term secrets) after the confidential data has been exchanged. We formalize this problem and explore solutions that provide confidentiality after the full compromise of devices and user passwords. We propose two new solutions that use explicit key deletion and
more » ... secret protocols combined with key storage on porter devices. Our solutions provide the users with control over their privacy. We analyze the proposed solutions using an automatic verification tool. We also implement a prototype using a mobile phone as a porter device to illustrate how the solution can be realized on modern platforms.
doi:10.1145/1920261.1920297 dblp:conf/acsac/PopperBCC10 fatcat:ihjgal7u7rdqzgkohecmbbnkp4