Abstract
Users often store sensitive information on their laptops, but it can be easily exposed to others if a laptop is lost or stolen. File encryption is a common solution to prevent the leakage of data from lost or stolen devices. For the management of strategies like this, key management is very important to protect the decryption key from attacks. Huang et al. proposed a portable key management scheme, whereby a laptop shares secret values with a mobile phone. Their scheme is convenient as well as practical because it is not reliant on a special device or password input. However, we found that it is still vulnerable to an attack if a laptop is stolen. In this paper, we analyse the security of Huang et al.’s scheme and propose a solution to the outstanding vulnerability. Our proposed scheme exploits two types of keys including a one-time symmetric key to protect the file decryption key. Additionally, the security improvement does not compromise the convenience of the portable key management scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Corner, M.D., Noble, B.D.: Zero-interaction authentication. In: Proceedings of the 8th Annual International Conference on Mobile Computing and Networking, pp. 1–11. ACM (2002)
Studer, A., Perrig, A.: Mobile user location-specific encryption (mule): using your office as your password. In: Proceedings of the Third ACM Conference on Wireless Network Security, pp. 151–162. ACM (2010)
Foster, A.L.: Increase in stolen laptops endangers data security. The Chronicle of Higher Education (2008)
Wyld, D.C.: Help! someone stole my laptop!: how rfid technology can be used to counter the growing threat of lost laptops. Journal of Applied Security Research 4(3), 363–373 (2009)
Wyld, D.C.: Preventing the worst scenario: combating the lost laptop epidemic with rfid technology. In: Novel Algorithms and Techniques in Telecommunications and Networking, pp. 29–33. Springer (2010)
MacKenzie, P., Reiter, M.K.: Networked cryptographic devices resilient to capture. International Journal of Information Security 2(1), 1–20 (2003)
Huang, J., Miao, F., Lv, J., Xiong, Y.: Mobile phone based portable key management. Chinese Journal of Electronics 22(1) (2013)
Choi, D.-H., Choi, S., Won, D.: Improvement of probabilistic public key cryptosystems using discrete logarithm. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 72–80. Springer, Heidelberg (2002)
Nam, J., Choo, K.K.R., Park, M., Paik, J., Won, D.: On the security of a simple three-party key exchange protocol without servers public keys. The Scientific World Journal 2014 (2014)
Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)
Chang, C.C., Chou, Y.C., Sun, C.Y.: Novel and practical scheme based on secret sharing for laptop data protection. IET Information Security (2014)
Lee, J.S., Su, Y.W., Shen, C.C.: A comparative study of wireless protocols: bluetooth, uwb, zigbee, and wi-fi. In: 33rd Annual Conference of the IEEE Industrial Electronics Society, IECON 2007, pp. 46–51. IEEE (2007)
Park, S., Park, S., Kim, K., Won, D.: Two efficient rsa multisignature schemes. Information and Communications Security, 217–222 (1997)
Lee, Y., Ahn, J., Kim, S., Won, D.: A PKI system for detecting the exposure of a user’s secret key. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 248–250. Springer, Heidelberg (2006)
Kwon, T., Song, J.: Security and efficiency in authentication protocols resistant to password guessing attacks. In: Proceedings of the 22nd Annual Conference on Local Computer Networks, pp. 245–252. IEEE (1997)
Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 161–170. ACM (2002)
Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364–372. ACM (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kim, J., Lee, D., Choi, Y., Lee, Y., Won, D. (2015). Security Improvement of Portable Key Management Using a Mobile Phone. In: Gervasi, O., et al. Computational Science and Its Applications -- ICCSA 2015. ICCSA 2015. Lecture Notes in Computer Science(), vol 9158. Springer, Cham. https://doi.org/10.1007/978-3-319-21410-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-21410-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-21409-2
Online ISBN: 978-3-319-21410-8
eBook Packages: Computer ScienceComputer Science (R0)