Adrian Perrig, Ahren Studer
Citation
Adrian Perrig, Ahren Studer. "Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password". Proceedings of ACM Conference on Wireless Network Security (WiSec), March, 2010.
Abstract
Data breaches due to stolen laptops are a major problem. Solutions
exist to secure sensitive files on laptops, but are rarely deployed
because users view them as inconvenient. This work examines how to
provide an unobtrusive system to securely encrypt files on laptops.
We observe that only a fraction of users' files contain sensitive
information. In addition, the majority of users' accesses to these
sensitive files occur while in a trusted location that malicious
parties are unable to access.
Rather than protecting all of the user's files, we secure user
designated sensitive files that are rarely accessed outside of
specified trusted locations. Our approach is to use information and
services available only in a trusted location to assist in key
derivation without user involvement and without authenticating the
laptop to any outside service. We study two settings: home use where
zero management overhead is needed (i.e., a ``plug-and-play''
solution) and a corporate setting where staff management of a
whitelist of acceptable devices allows a higher level of security. We
have implemented both systems and found automatic key derivation
introduces a five second delay during the initial access to sensitive
files.
Electronic downloads
| Citation formats |
- HTML
Adrian Perrig, Ahren Studer. <a href="http://www.truststc.org/pubs/654.html" >Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password</a>, Proceedings of ACM Conference on Wireless Network Security (WiSec), March, 2010.
- Plain text
Adrian Perrig, Ahren Studer. "Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password". Proceedings of ACM Conference on Wireless Network Security (WiSec), March, 2010.
- BibTeX
@inproceedings{PerrigStuder10_MobileUserLocationspecificEncryptionMULEUsingYour, author = {Adrian Perrig and Ahren Studer}, title = {Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password}, booktitle = {Proceedings of ACM Conference on Wireless Network Security (WiSec)}, month = {March}, year = {2010}, abstract = {Data breaches due to stolen laptops are a major problem. Solutions exist to secure sensitive files on laptops, but are rarely deployed because users view them as inconvenient. This work examines how to provide an unobtrusive system to securely encrypt files on laptops. We observe that only a fraction of users' files contain sensitive information. In addition, the majority of users' accesses to these sensitive files occur while in a trusted location that malicious parties are unable to access. Rather than protecting all of the user's files, we secure user designated sensitive files that are rarely accessed outside of specified trusted locations. Our approach is to use information and services available only in a trusted location to assist in key derivation without user involvement and without authenticating the laptop to any outside service. We study two settings: home use where zero management overhead is needed (i.e., a ``plug-and-play'' solution) and a corporate setting where staff management of a whitelist of acceptable devices allows a higher level of security. We have implemented both systems and found automatic key derivation introduces a five second delay during the initial access to sensitive files.}, URL = {http://www.truststc.org/pubs/654.html} }
Posted by Adrian Perrig on 28 Mar 2010.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.