Can SDV technology be utilised in a smartphone to prevent forensic analysis?

Document Type

Conference Proceeding

Faculty

Faculty of Health, Engineering and Science

School

School of Computer and Security Science

Comments

James, P. (2007). Can SDV technology be utilised in a smartphone to prevent forensic analysis? Paper presented at the Proceedings of the 5th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2007. Available here.

Abstract

Eliminating the opportunities to successfully acquire data from mobile devices is a critical security objective for certain organisations. In particular, Government agencies require assurance that classified data is secured against hostile forensic analysis. The Secure Systems Silicon Data Vault (SDV) is a hardware based data encryption and access control device that has been accredited by the Australian Government to secure classified information held on laptops and portable hard disk drives; hardware is recognised as a superior trusted platform to implement security mechanisms. The SDV’s 128bit Advanced Encryption Standard (AES) cryptography, sophisticated key management & access controls and total disk encryption makes the SDV an extremely difficult device from which to acquire data and perform forensic analysis. With the increasing functionality and storage capabilities of Smartphones strong security mechanisms are required by organisations that may hold sensitive data on these devices. Software based security applications exist for Smartphones that provide good security and severely impact the acquisition of data suitable for forensic analysis. If strong hardware based security can be integrated into a Smartphone, forensic analysis could be further constrained. This paper considers the feasibility of implementing the SDV technology into a Palm Treo. An overview of the SDV is given and six security design principles are enumerated. Implementation of the six design principles ensure the SDV provides strong security. The Treo architecture is reviewed and the concept of operation enumerated. The challenges with respect to implementing a Smartphone SDV that is conformant with the security design principles are discussed. Possible Smartphone SDV conceptual designs are presented. The concept of operation, implementation issues and conformance of each conceptual design to the SDV security design principles are discussed.

DOI

10.4225/75/57ad64ac7ff37

Access Rights

Free_to_read

Share

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57ad64ac7ff37