Keypad: An Auditing File System for Theft-prone Devices

Roxana Geambasu, John P. John, Steven D. Gribble, Tadayoshi Kohno, Henry M. Levy

Proceedings of the European Conference on Computer Systems ({EuroSys}), April, 2011


This paper presents Keypad, an auditing file system for theftprone devices, such as laptops and USB sticks. Keypad provides two important properties. First, Keypad supports finegrained file auditing: a user can obtain explicit evidence that no files have been accessed after a device’s loss. Second, a user can disable future file access after a device’s loss, even in the absence of device network connectivity. Keypad achieves these properties by weaving together encryption and remote key storage. By encrypting files locally but storing encryption keys remotely, Keypad requires the involvement of an audit server with every protected file access. By alerting the audit server to refuse to return a particular file’s key, the user can prevent new accesses after theft.

We describe the Keypad architecture, a prototype implementation on Linux, and our evaluation of Keypad’s performance and auditing fidelity. Our results show that Keypad overcomes the challenges posed by slow networks or disconnection, providing clients with usable forensics and control for their (increasingly) missing mobile devices.



Columbia University Department of Computer Science