Gohcci: Protecting Sensitive Data on Stolen or Misplaced Mobile Devices

Mobile devices containing sensitive data are often misplaced or stolen. Often, the data on the device is misused for financial gains or is purposefully published to discredit a company or disgrace an individual. We present a system for reducing the risk of exposure of sensitive data on Microsoft Windows based mobile devices. The system introduces a continuous authentication scheme, where the device must be in contact with an external entity. Should this contact be broken, an automated shutdown or sanitization of sensitive data on the device can be initiated. The system also performs continuous and transparent sanitization of disk blocks to reduce sanitization time.In particular, the system monitors use of files containing sensitive data and prevents data leakage through application-specific renaming, deletion, and copying of files. The system is able to prevent leakage from all applications in the Microsoft Office suite and Open Office. We quantify the extent of data leakage from Word, Excel, and Writer, showing that application data leakage is substantial, and hence a security risk that must be addressed.