1. bookVolume 2022 (2022): Issue 1 (January 2022)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

SoK: Cryptographic Confidentiality of Data on Mobile Devices

Published Online: 20 Nov 2021
Page range: 586 - 607
Received: 31 May 2021
Accepted: 16 Sep 2021
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Mobile devices have become an indispensable component of modern life. Their high storage capacity gives these devices the capability to store vast amounts of sensitive personal data, which makes them a high-value target: these devices are routinely stolen by criminals for data theft, and are increasingly viewed by law enforcement agencies as a valuable source of forensic data. Over the past several years, providers have deployed a number of advanced cryptographic features intended to protect data on mobile devices, even in the strong setting where an attacker has physical access to a device. Many of these techniques draw from the research literature, but have been adapted to this entirely new problem setting.

This involves a number of novel challenges, which are incompletely addressed in the literature. In this work, we outline those challenges, and systematize the known approaches to securing user data against extraction attacks. Our work proposes a methodology that researchers can use to analyze cryptographic data confidentiality for mobile devices. We evaluate the existing literature for securing devices against data extraction adversaries with powerful capabilities including access to devices and to the cloud services they rely on. We then analyze existing mobile device confidentiality measures to identify research areas that have not received proper attention from the community and represent opportunities for future research.

Keywords

[1] S. O’Dea. Number of smartphone users worldwide from 2016 to 2021. https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/, 9 2019. Search in Google Scholar

[2] Feliks Garcia. iCloud celebrity nude leak. Independent, 2016. Search in Google Scholar

[3] Paul Ruggiero and Jon Foote. Cyber Threats to Mobile Phones. https://us-cert.cisa.gov/sites/default/files/publications/cyber_threats_to_mobile_phones.pdf, 2011. Search in Google Scholar

[4] DHS. Study on Mobile Device Security. https://www.dhs.gov/sites/default/files/publications/DHS%20Study%20on%20Mobile%20Device%20Security%20-%20April%202017-FINAL.pdf, 2017. Search in Google Scholar

[5] Vladimir Katalov. The Art of iPhone Acquisition. https://blog.elcomsoft.com/2019/07/the-art-of-iphone-acquisition/, 7 2019. Accessed 2020-08-04. Search in Google Scholar

[6] James Comey. Going Dark. https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course, 10 2014. Accessed: 2020-07-19. Search in Google Scholar

[7] Craig Timberg, Drew Harwell, and Reed Albergotti. Update your Apple devices now. New Pegasus hack prompts company to issue new software to fix iMessage vulnerability. https://www.washingtonpost.com/technology/2021/09/13/pegasus-spyware-new-exploit-apple/, 9 2021. Search in Google Scholar

[8] The Wire Staff. Spyware Like Pegasus Is ’Incompatible With Human Rights’: UN’s Michelle Bachelet. https://thewire.in/world/spyware-pegasus-incompatible-human-rights-un-michelle-bachelet, 9 2021. Search in Google Scholar

[9] Tobias Matzner. Why privacy is not enough privacy in the context of “ubiquitous computing” and “big data”. Journal of Information, Communication and Ethics in Society, 2014. Search in Google Scholar

[10] Privacy International. Cloud extraction technology. https://privacyinternational.org/long-read/3300/cloud-extraction-technology-secret-tech-lets-government-agencies-collect-masses-data, 1 2020. Search in Google Scholar

[11] Oleg Alfonin. Accessing iCloud With and Without a Password in 2019. https://blog.elcomsoft.com/2019/07/accessing-icloud-with-and-without-a-password-in-2019/, 7 2019. Accessed 2020-09-10. Search in Google Scholar

[12] Cellebrite. Unlock cloud-based evidence to solve the case sooner. https://www.cellebrite.com/en/ufed-cloud/, 9 2020. Accessed 2020-09-10. Search in Google Scholar

[13] Chad Spensky, Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K Cunningham. Sok: Privacy on mobile devices–it’s complicated. Proceedings on Privacy Enhancing Technologies, 2016(3):96–116, 2016. Search in Google Scholar

[14] Maximilian Zinkus, Tushar M. Jois, and Matthew Green. Data security on mobile devices. https://arxiv.org/abs/2105.12613, 2021. Search in Google Scholar

[15] Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, and Matthew Smith. SoK: Secure Messaging. In IEEE S&P ’15. IEEE, 2015. Search in Google Scholar

[16] Claude E Shannon. Communication theory of secrecy systems. The Bell system technical journal, 28(4):656–715, 1949. Search in Google Scholar

[17] Apple Inc. Answers to your questions about Apple and security. https://www.apple.com/customer-letter/answers/, 2016. Accessed 2020-09-22. Search in Google Scholar

[18] Apple Inc. A Message to Our Customers. https://www. apple.com/customer-letter/, 2 2016. Search in Google Scholar

[19] James Comey. FBI Director Comments on San Bernardino Matter. https://www.fbi.gov/news/pressrel/press-releases/fbi-director-comments-on-san-bernardino-matter, 2 2016. Search in Google Scholar

[20] Encryption Working Group. Moving the Encryption Policy Conversation Forward. Technical report, Carnegie Endowment for International Peace, 9 2019. Search in Google Scholar

[21] Logan Koepke, Emma Weil, Urmila Janardan, Tinuola Dada, and Harlan Yu. Mass Extraction. https://www.upturn.org/reports/2020/mass-extraction/, 10 2020. Accessed 2020-10-25. Search in Google Scholar

[22] Privacy International. A technical look at Phone Extraction. https://privacyinternational.org/sites/default/files/2019-10/A%20technical%20look%20at%20Phone%20Extraction%20FINAL.pdf, 10 2019. Accessed 2020-09-22. Search in Google Scholar

[23] Joseph Cox. We Built a Database of Over 500 iPhones Cops Have Tried to Unlock. https://www.vice.com/en_us/article/4ag5yj/unlock-apple-iphone-database-for-police, 3 2020. Accessed 2020-09-22. Search in Google Scholar

[24] Steven M Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Going bright: Wiretapping without weakening communications infrastructure. IEEE Security & Privacy, 11(1):62–72, 2012. Search in Google Scholar

[25] Harold Abelson, Ross Anderson, Steven M Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G Neumann, et al. Keys under doormats: mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 1(1):69–79, 2015. Search in Google Scholar

[26] Stefan Savage. Lawful device access without mass surveil-lance risk: A technical design discussion. In ACM CCS ’18, 2018. Search in Google Scholar

[27] Raymond Edward Ozzie. Providing low risk exceptional access, December 10 2019. US Patent 10,505,734. Search in Google Scholar

[28] Charles Wright. Crypto Crumple Zones: Protecting Encryption in a Time of Political Uncertainty. In Enigma ’18. USENIX, 2018. Search in Google Scholar

[29] Matthew Green. A few thoughts on Ray Ozzie’s “Clear” proposal. https://blog.cryptographyengineering.com/2018/04/26/a-few-thoughts-on-ray-ozzies-clear-proposal/, 4 2018. Accessed May 6, 2021. Search in Google Scholar

[30] Matthew Green, Gabriel Kaptchuk, and Gijs Van Laer. Abuse resistant law enforcement access systems. Cryptology ePrint Archive, Report 2021/321, 2021. https://eprint.iacr.org/2021/321. Search in Google Scholar

[31] Joseph Cox and Izzie Ramirez. iPhone Warrant Database 2019. https://docs.google.com/spreadsheets/d/1Xmh1QEXYJmVPFlqAdEIVGemvbkoZmk_WyAPGC4eY-eE/edit#gid=0, 3 2020. Search in Google Scholar

[32] Thomas Brewster. Apple Helps FBI Track Down George Floyd Protester Accused Of Firebombing Cop Cars. https://www.forbes.com/sites/thomasbrewster/2020/09/16/apple-helps-fbi-track-down-george-floyd-protester-accused-of-firebombing-cop-cars/, 9 2020. Accessed 2020-09-21. Search in Google Scholar

[33] NIST. Mobile Device Forensic Tool Specification. https://www.nist.gov/system/files/documents/2019/07/11/mobile_device_forensic_tool_test_spec_v_3.0.pdf, 5 2019. Accessed 2020-08-04. Search in Google Scholar

[34] DHS. Test Results for Mobile Device Acquisition. https://www.dhs.gov/publication/st-mobile-device-acquisition, 10 2019. Accessed 2020-08-04. Search in Google Scholar

[35] S.3398 - EARN IT Act of 2020. https://www.congress.gov/bill/116th-congress/senate-bill/3398, 3 2020. Accessed 2020-09-22. Search in Google Scholar

[36] Patrick Siewert. Apple iPhone Forensics: Significant Locations. https://www.forensicfocus.com/articles/apple-iphone-forensics-significant-locations/, 5 2018. Accessed 2020-09-22. Search in Google Scholar

[37] Apple Inc. Apple Platform Security. https://github.com/maxzinkus/PhoneEncryptionDocumentArchive, 2019–2020. Archived. Search in Google Scholar

[38] Android Open Source Project. Full-Disk Encryption. https://source.android.com/security/encryption/full-disk, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[39] Android Open Source Project. File-Based Encryption. https://source.android.com/security/encryption/file-based, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[40] Troy Kensinger. Google and Android have your back by protecting your backups. https://security.googleblog.com/2018/10/google-and-android-have-your-back-by.html, 10 2018. Accessed 2020-09-20. Search in Google Scholar

[41] Apple Inc. Transparency Report. https://www.apple.com/legal/transparency/, 9 2020. Accessed 2020-09-21. Search in Google Scholar

[42] Google LLC. Global requests for user information. https://transparencyreport.google.com/user-data/overview, 2019. Accessed 2020-09-25. Search in Google Scholar

[43] Joseph Menn. Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources. Reuters, 1 2020. Accessed 2020-09-13. Search in Google Scholar

[44] Purism. https://puri.sm/, 2021. Accessed 05-24-2021. Search in Google Scholar

[45] Oded Goldreich. Foundations of cryptography: volume 2, basic applications. Cambridge university press, 2009. Search in Google Scholar

[46] Apple Inc. Legal Process Guidelines. https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf, 12 2018. Accessed 2020-09-21. Search in Google Scholar

[47] Yonatan Aumann and Yehuda Lindell. Security against covert adversaries: Efficient protocols for realistic adversaries. In TCC ’07, pages 137–156. Springer, 2007. Search in Google Scholar

[48] Apple Inc. iCloud Security Overview. https://support.apple.com/en-us/HT202303, 7 2020. Accessed 2020-07-28. Search in Google Scholar

[49] Xiaowen Xin. Titan M makes Pixel 3 our most secure phone yet. https://www.blog.google/products/pixel/titan-m-makes-pixel-3-our-most-secure-phone-yet/, 10 2018. Accessed 2020-09-09. Search in Google Scholar

[50] Joshua Lund. Technology Preview for secure value recovery. https://signal.org/blog/secure-value-recovery/, 12 2019. Search in Google Scholar

[51] Awanthika R Senarath and Nalin Asanka Gamagedara Arachchilage. Understanding user privacy expectations: A software developer’s perspective. Telematics and Informatics, 35(7):1845–1862, 2018. Search in Google Scholar

[52] Majid Hatamian, Jetzabel Serna, and Kai Rannenberg. Revealing the unrevealed: Mining smartphone users privacy perception on app markets. Computers & Security, 83: 332–353, 2019. Search in Google Scholar

[53] Paul Van Schaik, Jurjen Jansen, Joseph Onibokun, Jean Camp, and Petko Kusev. Security and privacy in online social networking: Risk perceptions and precautionary behaviour. Computers in Human Behavior, 78:283–297, 2018. Search in Google Scholar

[54] Josephine Lau, Benjamin Zimmerman, and Florian Schaub. Alexa, are you listening? privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. Proceedings of the ACM on Human-Computer Interaction, 2(CSCW): 1–31, 2018. Search in Google Scholar

[55] Dirk Van Bruggen. Studying the impact of security awareness efforts on user behavior. PhD thesis, University of Notre Dame, 2014. Search in Google Scholar

[56] Elissa M Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L Mazurek. A comprehensive quality evaluation of security and privacy advice on the web. In USENIX Security ’20, pages 89–108, 2020. Search in Google Scholar

[57] Mary Ellen Zurko and Richard T Simon. User-centered security. In Proceedings of the 1996 workshop on New security paradigms, pages 27–33, 1996. Search in Google Scholar

[58] Anne Adams and Martina Angela Sasse. Users are not the enemy. Communications of the ACM, 42(12):40–46, 1999. Search in Google Scholar

[59] Alma Whitten and J Doug Tygar. Why johnny can’t encrypt: A usability evaluation of pgp 5.0. In USENIX Security ’99, 1999. Search in Google Scholar

[60] A. Gibson et al. NSA targets the privacy-conscious. https://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html, 3 2014. Search in Google Scholar

[61] Aya Fukami, Saugata Ghose, Yixin Luo, Yu Cai, and Onur Mutlu. Improving the reliability of chip-off forensic analysis of nand flash memory devices. Digital Investigation, 20: S1–S11, 2017. Search in Google Scholar

[62] Apple Inc. Touch ID, Face ID, passcodes, and passwords. https://support.apple.com/guide/security/touch-id-face-id-passcodes-and-passwords-sec9479035f1/web, 2020. Accessed 2020-11-22. Search in Google Scholar

[63] Lorenzo Franceschi-Bicchierai and Joseph Cox. Here Are Detailed Photos of iPhone Unlocking Tech GrayKey. https://www.vice.com/en_us/article/v7gkpx/graykey-grayshift-photos-iphone-unlocking-tech, 9 2020. Accessed 2020-09-20. Search in Google Scholar

[64] Thomas Reed. GrayKey iPhone unlocker poses serious security concerns. MalwareBytes SecurityWorld, 3 2018. Accessed 2020-09-19. Search in Google Scholar

[65] Robert Palazzo. FCC ID 2AV7EGK01. https://fccid.io/2AV7EGK01, 7 2020. Published by the FCC, accessed via unofficial viewer. Images archived. Search in Google Scholar

[66] Shuzhe Yang and Gökhan Bal. Balancing security and usability of local security mechanisms for mobile devices. In Dimitris Gritzalis, Steven Furnell, and Marianthi Theoharidou, editors, Information Security and Privacy Research, pages 327–338, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg. ISBN 978-3-642-30436-1. Search in Google Scholar

[67] Matthew Green and Matthew Smith. Developers are not the enemy!: The need for usable security apis. IEEE Security & Privacy, 14(5):40–46, 2016. Search in Google Scholar

[68] Apple Inc. Apple Security Updates. https://support.apple.com/en-us/HT201222, 2003–2020. Accessed 2020-06 through 2020-07. Search in Google Scholar

[69] Hui Lu, Xiaohan Helu, Chengjie Jin, Yanbin Sun, Man Zhang, and Zhihong Tian. Salaxy: Enabling usb debugging mode automatically to control android devices. IEEE Access, 7:178321–178330, 2019. Search in Google Scholar

[70] Tielei Wang, Hao Xu, and Xiaobo Chen. Pangu 9 Internals. https://papers.put.as/papers/ios/2016/us-16-Pangu9-Internals.pdf, 8 2016. Accessed 2020-08-11. Search in Google Scholar

[71] a1exdandy. Technical analysis of the checkm8 exploit. https://habr.com/en/company/dsec/blog/472762/, 10 2019. Search in Google Scholar

[72] Roee Hay and Noam Hadad. Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals. https://alephsecurity.com/2018/01/22/qualcomm-edl-1/, 1 2018. Accessed 2020-09-25. Search in Google Scholar

[73] Nitay Artenstein. Broadpwn. Black Hat USA, 2017. Search in Google Scholar

[74] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. Badbluetooth: Breaking android security mechanisms via malicious bluetooth peripherals. In NDSS ’19, 2019. Search in Google Scholar

[75] Timothy Vidas, Daniel Votipka, and Nicolas Christin. All your droid are belong to us: A survey of current android attacks. In Woot, pages 81–90, 2011. Search in Google Scholar

[76] Danny Dolev and Andrew Yao. On the security of public key protocols. IEEE Transactions on information theory, 29 (2):198–208, 1983. Search in Google Scholar

[77] Mihir Bellare and Phillip Rogaway. Entity authentication and key distribution. In Annual international cryptology conference, pages 232–249. Springer, 1993. Search in Google Scholar

[78] Cellebrite. What Happens When You Press that Button? https://smarterforensics.com/wp-content/uploads/2014/06/Explaining-Cellebrite-UFED-Data-Extraction-Processes-final.pdf, 6 2014. Accessed 2020-09-26. Search in Google Scholar

[79] Philipp Markert, Daniel V Bailey, Maximilian Golla, Markus Dürmuth, and Adam J Aviv. This pin can be easily guessed. arXiv preprint arXiv:2003.04868, 2020. Search in Google Scholar

[80] Sergei Skorobogatov. The bumpy road towards iphone 5c nand mirroring. arXiv preprint arXiv:1609.04327, 2016. Search in Google Scholar

[81] Sarah Scheffler and Mayank Varia. Protecting cryptography against compelled self-incrimination. Usenix Security 2021, 2021. Search in Google Scholar

[82] Apple Inc. What does iCloud back up? https://support.apple.com/en-us/HT207428, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[83] Google LLC. Google Mobile Services. https://www.android.com/gms/, 2020. Search in Google Scholar

[84] Alex Hernandez. Man steals over 600K iCloud photos searching for nudes. https://techaeris.com/2021/09/11/man-steals-over-600k-icloud-photos-searching-for-nudes/, 9 2021. Search in Google Scholar

[85] Russell Brandom. Police are filing warrants for Android’s vast store of location data. https://www.theverge.com/2016/6/1/11824118/google-android-location-data-police-warrants, 6 2016. Accessed 2020-09-25. Search in Google Scholar

[86] Apple Inc. Learn more about iCloud in China mainland. https://support.apple.com/en-us/HT208351, 5 2020. Accessed 2020-12-03. Search in Google Scholar

[87] Apple Inc. Privacy. https://www.apple.com/privacy/, 9 2020. Accessed 2020-09-25. Search in Google Scholar

[88] Lewis Leong. Chinese developers release untethered iOS 7.1.X jailbreak to much controversy. https://en.softonic.com/articles/pangu-ios-7-1-x-jailbreak, 6 2014. Accessed 2020-07-29. Search in Google Scholar

[89] unc0ver jailbreak. https://unc0ver.dev/, 2 2021. Accessed 2021-02-27. Search in Google Scholar

[90] Milan Broz. DMCrypt. https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt, 9 2020. Accessed 2020-12-02. dm-crypt documentation. Search in Google Scholar

[91] Android Open Source Project. Rollback Resistance. https://source.android.com/security/keystore/implementer-ref# rollback_resistance, 9 2020. Accessed 2021-02-28. Search in Google Scholar

[92] Li Yang, Teng Wei, Fengwei Zhang, and Jianfeng Ma. Sadus: Secure data deletion in user space for mobile devices. Computers & Security, 77:612 – 626, 2018. ISSN 0167-4048. https://doi.org/10.1016/j.cose.2018.05.013. Search in Google Scholar

[93] Nirvan Tyagi, Muhammad Haris Mughees, Thomas Risten-part, and Ian Miers. Burnbox: Self-revocable encryption in a world of compelled access. In USENIX Security ’18, pages 445–461, 2018. Search in Google Scholar

[94] Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. Deftl: Implementing plausibly deniable encryption in flash translation layer. In ACM CCS ’17, pages 2217–2229, 2017. Search in Google Scholar

[95] Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen-Tao Zhu, Yingjiu Li, and Zhan Wang. User-friendly deniable storage for mobile devices. computers & security, 72: 163–174, 2018. Search in Google Scholar

[96] Chen Chen, Anrin Chakraborti, and Radu Sion. Infuse: Invisible plausibly-deniable file system for nand flash. Proceedings on Privacy Enhancing Technologies, 2020(4): 239–254, 2020. Search in Google Scholar

[97] Android Open Source Project. Fingerprint HIDL. https://source.android.com/security/authentication/fingerprint-hal, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[98] Apple Inc. FaceID Security. https://github.com/maxzinkus/PhoneEncryptionDocumentArchive, 11 2017. Archived. Search in Google Scholar

[99] Android Open Source Project. Face Authentication HIDL. https://source.android.com/security/biometric/face-authentication, 9 2020. Search in Google Scholar

[100] Android Open Source Project. Authentication. https://source.android.com/security/authentication, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[101] Android Open Source Project. Gatekeeper. https://source.android.com/security/authentication/gatekeeper, 9 2020. Search in Google Scholar

[102] ARM Holdings. Arm TrustZone Technology. https://developer.arm.com/ip-products/security-ip/trustzone, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[103] Android Open Source Project. Trusty TEE. https://source.android.com/security/trusty, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[104] Liang Kai. Guard your data with the Qualcomm Snapdragon Mobile Platform. https://github.com/maxzinkus/PhoneEncryptionDocumentArchive, 4 2019. Accessed 2020-09-09. Archived. Search in Google Scholar

[105] Google LLC. Android keystore system. https://developer.android.com/training/articles/keystore, 10 2020. Accessed 2021-02-28. Search in Google Scholar

[106] Google LLC. Behavior changes: all apps. https://developer.android.com/about/versions/pie/android-9.0-changes-all, 12 2019. Documentation for Android 9, accessed 2020-09-09. Search in Google Scholar

[107] Tarjei Mandt, Mathew Solnik, and David Wang. Demystifying the secure enclave processor. Black Hat Las Vegas, 2016. Search in Google Scholar

[108] Elcomsoft. iOS Forensic Toolkit 6.50: jailbreak-free extraction without an Apple Developer Account. https://www.elcomsoft.com/news/762.html, 9 2020. Accessed 2020-09-22. Search in Google Scholar

[109] Cellebrite. Cellebrite Advanced Services. https://cf-media.cellebrite.com/wp-content/uploads/2020/09/SolutionOverview_CAS_2020.pdf, 9 2020. Search in Google Scholar

[110] Clemens Fruhwirth. New methods in hard disk encryption. na, 2005. Search in Google Scholar

[111] CPSC. IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. IEEE Std. 1619-2018, 1 2019. Search in Google Scholar

[112] Moses Liskov, Ronald L Rivest, and David Wagner. Tweakable block ciphers. In Annual International Cryptology Conference, pages 31–46. Springer, 2002. Search in Google Scholar

[113] Luther Martin. Xts: A mode of aes for encrypting hard disks. IEEE Security & Privacy, 8(3):68–69, 2010. Search in Google Scholar

[114] Carlo Meijer and Bernard Van Gastel. Self-encrypting deception: weaknesses in the encryption of solid state drives. In IEEE S&P ’19. IEEE, 2019. Search in Google Scholar

[115] Eoghan Casey and Gerasimos J Stellatos. The impact of full disk encryption on digital forensics. ACM SIGOPS Operating Systems Review, 42(3):93–98, 2008. Search in Google Scholar

[116] Oleg Afonin. This $39 Device Can Defeat iOS USB Restricted Mode. https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/, 7 2018. Accessed 2020-09-23. Search in Google Scholar

[117] Vladimir Katalov. Working Around the iPhone USB Restricted Mode. https://blog.elcomsoft.com/2020/05/iphone-usb-restricted-mode-workaround/, 5 2020. Accessed 2020-11-07. Search in Google Scholar

[118] Kanad Basu, Deepraj Soni, Mohammed Nabeel, and Ramesh Karri. Nist post-quantum cryptography-a hardware evaluation study. IACR Cryptol. ePrint Arch., 2019: 47, 2019. Search in Google Scholar

[119] Paul Crowley and Eric Biggers. Adiantum: length-preserving encryption for entry-level processors. IACR Transactions on Symmetric Cryptology, pages 39–61, 2018. Search in Google Scholar

[120] Levent Demir, Mathieu Thiery, Vincent Roca, Jean-Michel Tenkes, and Jean-Louis Roch. Optimizing dm-crypt for xtsaes: Getting the best of atmel cryptographic co-processors (long version). In SECRYPT ’20, 2020. Search in Google Scholar

[121] Oleg Afonin. Smartphone Encryption: Why Only 10 Per Cent of Android Smartphones Are Encrypted. https://blog.elcomsoft.com/2016/03/smartphone-encryption-why-only-10-per-cent-of-android-smartphones-are-encrypted/, 3 2016. Search in Google Scholar

[122] Matt Blaze. A cryptographic file system for unix. In ACM CCS ’93, 1993. Search in Google Scholar

[123] Michael Austin Halcrow. ecryptfs: An enterprise-class encrypted filesystem for linux. In Proceedings of the 2005 Linux Symposium, volume 1, pages 201–218, 2005. Search in Google Scholar

[124] Timothy M Peters, Mark A Gondree, and Zachary NJ Peterson. Defy: A deniable, encrypted file system for log-structured storage. In NDSS ’15, 2 2015. Search in Google Scholar

[125] Aviad Zuck, Yue Li, Jehoshua Bruck, Donald E. Porter, and Dan Tsafrir. Stash in a flash. In FAST ’18. USENIX, 2018. Search in Google Scholar

[126] Joel Reardon, David Basin, and Srdjan Capkun. Sok: Secure data deletion. In IEEE S&P ’13. IEEE, 2013. Search in Google Scholar

[127] Ross Anderson, Roger Needham, and Adi Shamir. The steganographic file system. In International Workshop on Information Hiding, pages 73–82. Springer, 1998. Search in Google Scholar

[128] Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. Cache attacks on intel sgx. In Proceedings of the 10th European Workshop on Systems Security, pages 1–6, 2017. Search in Google Scholar

[129] Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In USENIX Security ’18, pages 991–1008, 2018. Search in Google Scholar

[130] J Taylor. Security for the next generation of safe real-time systems. In Proceedings of Embedded World Conference, 2016. Search in Google Scholar

[131] Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, et al. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, pages 207–220, 2009. Search in Google Scholar

[132] Apple Inc. Apple Pay security and privacy overview. https://support.apple.com/en-us/HT203027, 7 2020. Accessed 2020-07-30. Search in Google Scholar

[133] Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanović, and Dawn Song. Keystone: An open framework for architecting trusted execution environments. In EuroSys ’20. ACM, 2020. Search in Google Scholar

[134] Krste Asanović and David A Patterson. Instruction sets should be free: The case for risc-v. EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2014-146, 2014. Search in Google Scholar

[135] Michael Henson and Stephen Taylor. Beyond full disk encryption: protection on security-enhanced commodity processors. In International Conference on Applied Cryptography and Network Security, pages 307–321. Springer, 2013. Search in Google Scholar

[136] P. A. H. Peterson. Cryptkeeper: Improving security with encrypted ram. In IEEE HST ’10, 2010. Search in Google Scholar

[137] Alexander Würstlein, Michael Gernoth, Johannes Götzfried, and Tilo Müller. Exzess: Hardware-based ram encryption against physical memory disclosure. In International Conference on Architecture of Computing Systems, pages 60–71. Springer, 2016. Search in Google Scholar

[138] Android Open Source Project. Verified Boot. https://source.android.com/security/verifiedboot, 9 2020. Accessed 2020-09-09. Search in Google Scholar

[139] Debnath Bhattacharyya, Rahul Ranjan, Farkhod Alisherov, Minkyu Choi, et al. Biometric authentication: A review. International Journal of u-and e-Service, Science and Technology, 2(3):13–28, 2009. Search in Google Scholar

[140] Ivan Cherapau, Ildar Muslukhov, Nalin Asanka, and Konstantin Beznosov. On the Impact of TouchID on iPhone Passcodes. In SOUPS ’15), 2015. Search in Google Scholar

[141] Silvio Barra, Maria De Marsico, Michele Nappi, Fabio Narducci, and Daniel Riccio. A hand-based biometric system in visible light for mobile environments. Information Sciences, 479:472–485, 2019. Search in Google Scholar

[142] Adrian-Stefan Ungureanu, Shejin Thavalengal, Timothée E Cognard, Claudia Costache, and Peter Corcoran. Unconstrained palmprint as a smartphone biometric. IEEE Transactions on Consumer Electronics, 63(3):334–342, 2017. Search in Google Scholar

[143] Ajita Rattani and Reza Derakhshani. Online co-training in mobile ocular biometric recognition. In IEEE HST ’17). IEEE, 2017. Search in Google Scholar

[144] Chiara Galdi and Jean-Luc Dugelay. Fire: fast iris recognition on mobile phones by combining colour and texture features. Pattern Recognition Letters, 91:44–51, 2017. Search in Google Scholar

[145] Andrea F Abate, Silvio Barra, Luigi Gallo, and Fabio Narducci. Kurtosis and skewness at pixel level as input for som networks to iris recognition on mobile devices. Pattern Recognition Letters, 91:37–43, 2017. Search in Google Scholar

[146] Karan Ahuja, Rahul Islam, Ferdous A Barbhuiya, and Kuntal Dey. Convolutional neural networks for ocular smartphone-based biometrics. Pattern Recognition Letters, 91:17–26, 2017. Search in Google Scholar

[147] Fernando Alonso-Fernandez, Kiran B Raja, Christoph Busch, and Josef Bigun. Log-likelihood score level fusion for improved cross-sensor smartphone periocular recognition. In EUSIPCO ’17. IEEE, 2017. Search in Google Scholar

[148] Robin Tan and Marek Perkowski. Toward improving electrocardiogram (ecg) biometric verification using mobile sensors: A two-stage classifier approach. Sensors, 17(2): 410, 2017. Search in Google Scholar

[149] Andrew Crocker. Victory: Pennsylvania Supreme Court Rules Police Can’t Force You to Tell Them Your Password. https://www.eff.org/deeplinks/2019/11/victory-pennsylvania-supreme-court-rules-police-cant-force-you-tell-them-your, 11 2019. Accessed 2020-12-03. Search in Google Scholar

[150] Apple Inc. iOS Security. https://github.com/maxzinkus/PhoneEncryptionDocumentArchive,2012–2019. iOS Security Guides. Archived. Search in Google Scholar

[151] Adam J Aviv, Devon Budzitowski, and Ravi Kuber. Is bigger better? comparing user-generated passwords on 3x3 vs. 4x4 grid sizes for android’s pattern unlock. In Proceedings of the 31st Annual Computer Security Applications Conference, pages 301–310, 2015. Search in Google Scholar

[152] Russell Brandom. A new hack could let thieves bypass the iPhone’s lockscreen. https://www.theverge.com/2015/3/30/8311835/iphone-lockscreen-hack-theft-find-my-iphone, 3 2015. Accessed 2020-09-09. Search in Google Scholar

[153] Adam J Aviv, Katherine L Gibson, Evan Mossop, Matt Blaze, and Jonathan M Smith. Smudge attacks on smart-phone touch screens. Woot, 10:1–7, 2010. Search in Google Scholar

[154] Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofeng Chen. Patternlistener: Cracking android pattern lock using acoustic signals. In ACM CCS ’18, pages 1775–1787, 2018. Search in Google Scholar

[155] Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. Quantifying the security of graphical passwords: the case of android unlock patterns. In ACM CCS ’13, pages 161–172, 2013. Search in Google Scholar

[156] Burt Kaliski. Pkcs# 5: Password-based cryptography spec-ification version 2.0. Technical report, RFC 2898, september, 2000. Search in Google Scholar

[157] Oleg Afonin. Protecting Your Data and Apple Account If They Know Your iPhone Passcode. https://blog.elcomsoft.com/2018/06/protecting-your-data-and-apple-account-if-they-know-your-iphone-passcode/, 6 2018. Accessed 2020-09-22. Search in Google Scholar

[158] Adi Shamir. How to share a secret. Commun. ACM, 22 (11), November 1979. Search in Google Scholar

[159] Stéphanie Delaune, Steve Kremer, and Graham Steel. Formal analysis of pkcs# 11. In 2008 21st IEEE Computer Security Foundations Symposium, pages 331–344. IEEE, 2008. Search in Google Scholar

[160] Yubico. YubiKey 5 NFC. https://www.yubico.com/se/product/yubikey-5-nfc/, 9 2021. Search in Google Scholar

[161] Kasper Green Larsen and Jesper Buus Nielsen. Yes, there is an oblivious ram lower bound! In Hovav Shacham and Alexandra Boldyreva, editors, CRYPTO ’18, 2018. Search in Google Scholar

[162] Google LLC. Security. https://support.google.com/android/answer/9075927, 2020. Accessed 2020-09-18. Search in Google Scholar

[163] Ahmed Mahfouz, Tarek M. Mahmoud, and Ahmed Sharaf Eldin. A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications, 37, 2017. Search in Google Scholar

[164] Sanjam Garg, Craig Gentry, Amit Sahai, and Brent Waters. Witness encryption and its applications. In STOC ’13, 2013. Search in Google Scholar

[165] Apple Inc. Use Handoff to continue tasks on your other devices. https://support.apple.com/en-us/HT209455, 2021. Accessed 2021-05-31. Search in Google Scholar

[166] Uday Savagaonkar, Nelly Porter, Nadim Taha, Benjamin Serebrin, and Neal Mueller. Titan in depth: Security in plaintext. https://cloud.google.com/blog/products/gcp/titan-in-depth-security-in-plaintext, 8 2017. Accessed 2020-09-25. Search in Google Scholar

[167] Stanislaw Jarecki, Hugo Krawczyk, and Jiayu Xu. Opaque: an asymmetric pake protocol secure against precomputation attacks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 456–486. Springer, 2018. Search in Google Scholar

[168] Thomas D et al Wu. The secure remote password protocol. In NDSS, volume 98, pages 97–111. Citeseer, 1998. Search in Google Scholar

[169] David M’Raihi, Salah Machani, Mingliang Pei, and Johan Rydell. Totp: Time-based one-time password algorithm. Internet Request for Comments, 2011. Search in Google Scholar

[170] David M’Raihi, Mihir Bellare, Frank Hoornaert, David Nac-cache, and Ohad Ranen. Hotp: An hmac-based one-time password algorithm. The Internet Society, Network Working Group. RFC4226, 2005. Search in Google Scholar

[171] Apple Inc. Two-factor authentication for Apple ID. https://support.apple.com/en-us/HT204915, 7 2020. Accessed 2020-07-28. Search in Google Scholar

[172] Juan Benet and Nicola Greco. Filecoin: A decentralized storage network. Protoc. Labs, pages 1–36, 2018. Search in Google Scholar

[173] Juan Benet. IPFS: Content addressed, versioned, P2P file system. arXiv preprint arXiv:1407.3561, 2014. Search in Google Scholar

[174] Adam Eijdenberg, Ben Laurie, and Al Cutter. Verifiable Data Structures. https://continusec.com/static/VerifiableDataStructures.pdf, 11 2015. Search in Google Scholar

[175] Joan Daemen and Vincent Rijmen. The block cipher rijndael. In International Conference on Smart Card Research and Advanced Applications, pages 277–284. Springer, 1998. Search in Google Scholar

[176] Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC ’09, 2009. Search in Google Scholar

[177] Sean W Smith and Vernon Austel. Trusting trusted hardware: Towards a formal model for programmable secure coprocessors. In USENIX Workshop on Electronic Commerce, 1998. Search in Google Scholar

[178] Cynthia E Irvine and Karl Levitt. Trusted hardware: Can it be trustworthy? In 2007 44th ACM/IEEE Design Automation Conference, pages 1–4. IEEE, 2007. Search in Google Scholar

[179] Ivan Krstic. Behind the Scenes with iOS Security. https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf, 8 2016. Accessed 2020-09-07. Search in Google Scholar

[180] Udi Manber. A simple scheme to make passwords based on one-way functions much harder to crack. Computers & Security, 15(2):171–176, 1996. Search in Google Scholar

[181] Martın Abadi, T Mark A Lomas, and Roger Needham. Strengthening passwords. Technical report, Citeseer, 1997. Search in Google Scholar

[182] John Kelsey, Bruce Schneier, Chris Hall, and David Wagner. Secure applications of low-entropy keys. In International Workshop on Information Security, pages 121–134. Springer, 1997. Search in Google Scholar

[183] J Alex Halderman, Brent Waters, and Edward W Felten. A convenient method for securely managing passwords. In WWW ’05, pages 471–479, 2005. Search in Google Scholar

[184] Ian McQuoid, Mike Rosulek, and Lawrence Roy. Minimal symmetric pake and 1-out-of-n ot from programmable-once public functions. In ACM CCS ’20, pages 425–442, 2020. Search in Google Scholar

[185] Jolyon Clulow. On the security of pkcs# 11. In CHES ’03. Springer, 2003. Search in Google Scholar

[186] Matteo Bortolozzo, Matteo Centenaro, Riccardo Focardi, and Graham Steel. Attacking and fixing pkcs# 11 security tokens. In ACM CCS ’10, 2010. Search in Google Scholar

[187] Google LLC. Stronger security for your Google Account. https://www.google.com/landing/2step/, 2021. Accessed 2021-02-28. Search in Google Scholar

[188] Leslie Lamport, Robert Shostak, and Marshall Pease. The byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3):382–401, 1982. Search in Google Scholar

[189] Diego Ongaro and John Ousterhout. In search of an understandable consensus algorithm. In USENIX ATC ’14, 2014. Search in Google Scholar

[190] Gabriel Kaptchuk. New Applications of Public Ledgers. PhD thesis, The Johns Hopkins University, 2020. Search in Google Scholar

[191] Ben Laurie. Certificate transparency. Commun. ACM, 57(10):40–46, September 2014. ISSN 0001-0782. URL https://doi.org/10.1145/2659897. Search in Google Scholar

[192] Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. CONIKS: Bringing key transparency to end users. In USENIX Security ’15. USENIX, 2015. Search in Google Scholar

[193] Google. Key Transparency. https://github.com/google/keytransparency/, 11 2020. Search in Google Scholar

[194] Russ Cox and Filippo Valsorda. Proposal: Secure the Public Go Module Ecosystem. https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md, 4 2019. Search in Google Scholar

[195] Andy Greenberg. The Clever Cryptography Behind Apple’s ’Find My’ Feature. https://www.wired.com/story/apple-find-my-cryptography-bluetooth/, 6 2019. Accessed 2020-07-19. Search in Google Scholar

[196] Alexander Heinrich, Milan Stute, Tim Kornhuber, and Matthias Hollick. Who can find my devices? security and privacy of apple’s crowd-sourced bluetooth location tracking system. arXiv preprint arXiv:2103.02282, 2021. Search in Google Scholar

[197] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Technical report, Manubot, 2019. Search in Google Scholar

[198] Tom Ritter. Private by Design: How we built Firefox Sync. https://hacks.mozilla.org/2018/11/firefox-sync-privacy/, 11 2018. Accessed 2021-05-30. Search in Google Scholar

[199] Google LLC. Back up user data with Auto Backup. https://developer.android.com/guide/topics/data/autobackup, 1 2020. Accessed 2020-09-25. Search in Google Scholar

[200] Dan Boneh, Amit Sahai, and Brent Waters. Functional encryption: Definitions and challenges. In TCC ’11, pages 253–273. Springer, 2011. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo