Deadbolt: locking down android disk encryption

Abstract

Android devices use volume encryption to protect private data storage. While this paradigm has been widely adopted for safeguarding PC storage, the always-on mobile usage model makes volume encryption a weaker proposition for data confidentiality on mobile devices. PCs are routinely shut down which effectively secures private data and encryption keys. Mobile devices, on the other hand, typically remain powered-on for long periods and rely on a lock-screen for protection. This leaves lock-screen protection, something routinely bypassed, as the only barrier securing private data and encryption keys. Users are unlikely to embrace a practice of shutting down their mobile phones, as it impairs their communication and computing abilities. We propose Deadbolt: a method for maintaining most mobile computing functionality, while offering the security benefits of a powered off device with respect to storage encryption. Deadbolt prevents access to internal storage even if the adversary can exploit a lock screen bypass vulnerability or perform a cold boot attack. Users can gracefully switch between the Deadbolt and unlocked modes in less time than a system reboot. Deadbolt offers the additional benefit of an incognito environment in which logs and actions will not be recorded.