As mobile phones become capable of performing increasingly complex and sensitive tasks, the loss, theft or destruction of such devices represents one of the most significant classes of security problems. This research improves the security of data stored on and generated by these devices by breaking the mandatory binding between mobile phones and hardware. In particular, this work limits the damage associated with this class of vulnerabilities not to the value of the data they transport but to the cost of the device itself. In this system, mobile phone users can seamlessly migrate software images of their phone to any device at their disposal, while data present on previously used devices is automatically encrypted or securely deleted. Phone images themselves are efficiently pushed into and pulled from the cloud, which also supports patching and the upgrade of phone images to occur both over the air and within the cloud itself, increasing the speed with which software vulnerabilities can be mitigated. In so doing, this approach allows network providers and users to adopt highly dynamic responses to security incidents.
CAREER: Protecting User Data on Lost, Stolen and Damaged Mobile Phones