| | |
Summary: Keypad: An Auditing File System for Theft-Prone Devices
Roxana Geambasu John P. John Steven D. Gribble Tadayoshi Kohno Henry M. Levy
University of Washington
roxana, jjohn, gribble, yoshi, levy@cs.washington.edu
Abstract
This paper presents Keypad, an auditing file system for theft-
prone devices, such as laptops and USB sticks. Keypad pro-
vides two important properties. First, Keypad supports fine-
grained file auditing: a user can obtain explicit evidence that
no files have been accessed after a device's loss. Second,
a user can disable future file access after a device's loss,
even in the absence of device network connectivity. Key-
pad achieves these properties by weaving together encryp-
tion and remote key storage. By encrypting files locally but
storing encryption keys remotely, Keypad requires the in-
volvement of an audit server with every protected file access.
By alerting the audit server to refuse to return a particular
file's key, the user can prevent new accesses after theft.
We describe the Keypad architecture, a prototype imple-
mentation on Linux, and our evaluation of Keypad's perfor-
|
