AppShell: Making data protection practical for lost or stolen Android devices | IEEE Conference Publication | IEEE Xplore

AppShell: Making data protection practical for lost or stolen Android devices


Abstract:

Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone the...Show More

Abstract:

Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone thefts is increasing at a rapid speed. As a result, there is an imperative need to protect sensitive data on lost or stolen mobile devices. In this work, we develop a practical solution to protect sensitive data on mobile devices. Our solution enables adaptive protection by pro-actively stepping up or stepping down data security based on perceived contextual risk of the device. We realize our solution for the Android platform in the form of a system called AppShell. AppShell does not require root privilege, nor need any modification to the underlying framework, and hence is a ready-to-deploy solution. It supports both in-memory and on-disk data protection by transparently encrypting the data, and discarding the encryption key, when required, for enhanced protection. We implement a working prototype of AppShell and evaluate it against several popular Android apps. Our results show that AppShell can successfully protect sensitive data in the lost devices with a reasonable performance overhead.
Date of Conference: 25-29 April 2016
Date Added to IEEE Xplore: 04 July 2016
Electronic ISBN:978-1-5090-0223-8
Electronic ISSN: 2374-9709
Conference Location: Istanbul, Turkey

References

References is not available for this document.