Location-based services usually mean trying to sell something to nearby consumers, but Virginia Tech has invented location-based security for Android-based smartphones or tablets. With a capability that Apple's iOS can't match, the approach allows secure information to be viewed when in a designated vicinity but automatically zeros it out when the user leaves the premises.
Virginia Tech has modified Google's Android operating system to provide a location-based service that maintains privacy by automatically wiping sensitive information from smartphones and tablets.
The approach could be used to provide access to files when a person is in a secure location, but when the user leaves the facility that information is erased. The technique, which is not available for Apple iOS-based devices, could also be used to keep medical records and other sensitive files private, as well as to prevent teenagers from sexting.
The new security algorithm was recently demonstrated to Virginia Tech alumni in an inside-the-beltway group called VT IDEA (Virginia Tech Intelligence and Defense Executive Alumni), which is interested in research that benefits the intelligence and military communities. At VT IDEA the new technology was portrayed as the modern equivalent of the Mission Impossible franchises self-destructing tapes, which allowed spies to hear secret instructions, but then were wiped out afterwards. Likewise, with the new Virginia Tech work any data set can be tied to a physical location when viewed on the specially modified smartphones. All traces of that data is then erased all when the user leaves the secure location.
The technology is the brainchild of professor Jules White in Virginia Tech's Department of Electrical and Computer Engineering, who said that the system provides something that has never been available before: "it puts physical boundaries around information in cyberspace."
By fencing-in sensitive data, the system is designed to prevent both intentional security breaches, as well as inadvertent leaks caused by tell-tale trails left behind in the caches of browsers and other viewing apps. Android smartphones and tablets are given permission to access sensitive data while in a particular area, but when the devices leave the area, or when a supervisor finds that a device has been lost or stolen, its data can be completely wiped, a level of security that is unavailable elsewhere today, according to White.
"There are commercial products that do limited versions of these things, but nothing that allows for automating wiping and complete control of settings and apps on smartphones and tablets," said White.
Besides providing location-based viewing and wiping of sensitive data, the system also allows the different capabilities of the Android smartphone or tablet to be disabled when in certain areas. For instance, when entering a "for-your-eyes-only" room, the camera of the phone could be disabled to prevent spies from photographing sensitive information.
The same capabilities could also be used by parents to limit when and where their children can use their smartphone camera and email, to prevent distractions at school. Parents can even specify to whom teenagers can send images, to prevent sexting.
Medical records could likewise be tied to a caregiver’s examination rooms, preventing doctors or nurses from walking out with patient records on their Android device. Camera, email, Web access and other distractions could be blocked from a surgeon's smartphone or tablet while they are in the operating room, to prevent mistakes while they work (and to prevent photos of famous patients from making their way to the Internet).
The research was underwritten by the Virginia Tech Applied Research Corporation.
Further Reading