Issue No.11 - November (2006 vol.5)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TMC.2006.169
Mobile devices are vulnerable to theft and loss due to their small size and the characteristics of their common usage environment. Since they allow users to work while away from their desk, they are most useful in public locations and while traveling. Unfortunately, this is also where they are most at risk. Existing schemes for securing data either do not protect the device after it is stolen or require bothersome reauthentication. Transient Authentication lifts the burden of authentication from the user by use of a wearable token that constantly attests to the user's presence. When the user departs, the token and device lose contact and the device secures itself. We show how to leverage this authentication framework to secure all the memory and storage locations on a device into which secrets may creep. Our evaluation shows this is done without inconveniencing the user, while imposing a minimal performance overhead.
Transient authentication, human factors, cryptographic controls, security, mobile computing, privacy.
Anthony J. Nicholson, Mark D. Corner, Brian D. Noble, "Mobile Device Security Using Transient Authentication", IEEE Transactions on Mobile Computing, vol.5, no. 11, pp. 1489-1502, November 2006, doi:10.1109/TMC.2006.169