Information-at-rest protection is important for portable computing systems (such as smartphones) because these devices are commonly lost or stolen, and information obfuscation prevents an attacker from reading the sensitive data from the purloined system. In laptops, self-encrypting drives (SEDs) are a popular choice to implement obfuscated storage, because they provide hardware-based isolation of the information hiding subsystem (cryptographic functions provided within the drive itself) and excellent obfuscation (encryption/decryption) performance. However, smartphones and tablets commonly employ solid-state storage systems that are not amenable to the SED approach. Also, SEDs are specialized hardware, and mass-market portable devices require a solution that is hardware agnostic.
In order to provide a more easily deployable, scalable solution, there is a trend to incorporate storage encryption directly into portable device operating systems. For example, Apple OS X Lion and iOS incorporate storage encryption technology, as does Google Android. The problem with incorporating storage encryption into the portable device operating system is that these operating systems are extremely complicated and prone to vulnerabilities. Every popular portable device operating system suffers from serious vulnerabilities that enable malware and hackers to obtain “root” access which can then defeat the storage encryption layer, for example by stealing the encryption key or turning off the encryption service.
These weaknesses have also plagued SED solutions on laptops since the authentication process still executes on the platform operating system. For example, key logger malware can be inserted into the vulnerable operating system; the malware can then steal the user's passphrase, allowing an attacker to access sensitive data by impersonating as the authorized device user.
Accordingly, it is desirable to address the limitations in the art.