Data security in mobile devices by geo locking

The small size, relatively low cost and constant mobility of mobile phones make them invaluable for advocacy work but also make them more likely to be stolen, temporarily misplaced, lost or confiscated. Mobile phones carry a vast amount of data, which vary from contacts to logs of calls made and received and even SMS messages sent and received [8]. Security threats existing in mobile phone network could range from passively eavesdropping to actively stealing data from others. By virtue of carrying a list of all contacts mobile phone shows exactly with whom the user is working with. For users working on sensitive area this information may make both the user and everyone else in the network vulnerable. Today, mobiles are replacing personal computers for most of the executives because mobiles are handy and the data is easily accessible without much of time for waiting to retrieve the data [8]. Accessing the information present on a device, especially from one that is in network is very easy. Hence, mobile phones are the next target for data criminals and as they possess the most sensitive information they are more vulnerable for attacks [9]. Encrypting the information in any form is still a viable for attackers. The mobile device is expected to have a special region where the under defined file storage structure is implemented. [3] In the current proposal information is encrypted and stored in different places with data at each record ending with a reference pointer to the record containing the continuation of the message. The rest of the paper is organised as follows. Section 3 includes a short description and limitations of existing authentication models. Section 4 includes details about related work being carried out on securing data in mobile devices. Section 5 includes description on the records structure (proposed) for implementing the current model. Section 6 gives a bird's eye view of the proposed security model. Section 7 and Section 8 of the paper describe the encryption and decryption procedures respectively. Section 9 describes the password scheme to be implemented for imposing a higher degree of security over the content present in the device. Section 10 presents a short list of advantages of the current system in implementation. Section 11 concludes the paper with a brief description on the future work. Many authentication schemes are available today, for validating a user to gain access to the concealed information. They can be broadly classified into Password Based Authentication Models and Bio Metric Authentication Models. Both these models have their own draw backs in terms of vulnerability and cost factors respectively. Password based authentication models lack in making user comfortable with the system. As usually, lengthier the password -more secured the system is. These textual passwords with more number of special characters, numbers and alphabets in varying cases are difficult to remember and are more prone to attacks, if stored in insecure places [4]. Moreover accessing passwords at public places bear the risk of being stolen by any attacker observing the key strokes or shoulder surfing [4]. Biometric models are preferred to conventional password schemes as they overcome the above mentioned limitations of conventional password schemes. In spite, of their advantages over traditional schemes, bio metric models require relatively higher requirements in terms of resources, time and computation abilities [3]. Changing passwords when felt compromised is easier unlike in case of biometrics where in any one can copy user voice or digital biometric files/ databases and thus losing the accessible information forever [5]. These systems only provide security in terms of authentication i.e., direct access to the device only; but cannot protect the information when the device is hacked or stolen. The current model which stores the data all the time in encrypted format only; provides a better alternative to the above models. In the literature many models for securing data on mobile devices and PDA s are present. In [3], the security model involves both textual and bio metric authentication techniques for securing data in mobile devices. This model uses both local and remote verification modules for both textual and biometric systems. This model best fits for people using the devices in building/city but cannot cater to the needs of mobile users in global arena. In [2], the data is hidden in binary text documents by embedding data in 8-connected boundary of a character. Conversions in these methods not only yield irregularities that are visually noticeable but also consume a lot of resources. As mobile devices work with limited resources this method of data hiding is infeasible. In [6], a new approach to protect user's important data of mobile device from malicious activity is proposed which at the same time prevents the leakage of important by continuously running a monitoring service. This reduces power consumption by not inspecting all the outgoing/ outbound traffic. This method if implemented releases the balloon of confidential contacts information, memos and calendar. Moreover, the user is forced to classify the information during storing, which is quite a cumbersome process. The current model overcomes the few limitations that the ongoing works carry. The section describes the overview of the proposed system. The following diagrams represent the view of messages that is shown to a user without proper privileges. All the texts including the details to be displayed are made to some junk and are presented. The following sections describe the nature of storage and storage structures proposed for this type of security. The data to be stored, considering a text message or a memo or a reminder is assumed to be in record form -as like as a key, value pair, where the location is the key and the values in that location are the information stored in it. Every key value pair is stored as in fig 2 . The content to be stored is usually split into many pieces depending on the size. A typical text to be stored as a value can be of length 150 characters. Any text exceeding the size is broken into parts of length 150 chars, encrypted using transposition ciphering technique and stored. The key description is included in the section 3.1. The encrypted value of the text contains a delimiter, indicating the next memory location or the end of the message. Any value at the end with a number other than '0' indicates the address of the continued location. The number 0 indicates the end of the message. The data that is being stored in the mobile can be scrambled and stored in two various records. The scrambled text can be stored after encrypting it. The explanation is by taking only the contact information into consideration. This technique can be extended to all types of information that are being stored in the mobile phone. The following block diagram illustrates the encryption procedure that can be followed for encrypting and storing. The encryption of the data that has to be stored is done in various steps starting from data scrambling and ending with saving into the records (section 2). The following discussion uses a text memo that has a name of a person (Contact Name) and the contact number pertaining to the person (Contact Info. say a 9 digit number). Step 1 -Combining: In this step the whole of the data (text) that is received is made a single line of text. Here the contact name i.e., PQRST and the corresponding contact information i.e., 976543767 are both padded with each other and the memo is made PQRST 976543767, separated by a delimiter here a blank space. Innumerable patterns can be generated from the set of points. Greater the size of the matrix, lesser is the probability of password being cracked. The user has to type the password in the preselected pattern only. The password changes once the user crosses his predefined boundary, hence reducing the chances of data being stolen in case of mobile confiscation or loosing. New passwords are generated on the lines of GPS location only. The user screen for password prompting changes every time the new password is generated. The new password can be activated only with the help of existing password and user can even skip this step when prompted for. International Journal of Network Security & Its Applications (IJNSA), Vol.1, No.3, October 2009 The message store/ memo/ calendar can be even accessed without passing the above step, but the intruder can see only the decrypted text of Record1 (figure3) only. Even after entering into the phone book, the intended user cannot see all the contacts at the same time.Only the desired set of information can be seen. This protects all the information from being exposed at the same time.