The data on storage devices for laptops and mobile devices need protection from theft and misplacement, and require reliable security schemes. How can users securely access encrypted data on storage devices? The authors offer a tamper-proof bootstrapping security protocol for authentication before signing in with passwords.

The secure mutual authentication protocol requires a user to have a universal serial bus (USB) drive and a password to gain access to an encrypted hard disk. The security protocol uses the trusted platform module to seal and store numbers that are applied once on an external USB drive and to safely indicate the veracity state of the computer to the user. The USB drive also houses a sealed token that binds it to the decryption process for the disk. The hypervisor-based implementation of the security protocol can interrupt the rights of entry to a hard disk, and its encryption operations are transparent to the operating system. The system provides tools for recovering from exposure to dangers.

The authors skillfully evaluate the safety of the security protocol as an attacker tries to break the authentication scheme between the user, the computer, and the device. The protocol is indeed secure from an attack as long as the user can be securely authenticated to the computer without any interruption; the computer can unfailingly allow the user to enter a password, seal and unseal information, and use unpredictable nonces; and the device maintains privacy and accurately processes nonces. Although the security scheme is vulnerable to hardware attacks such as keylogging and bus sniffing, the authors present a reliable bootstrapping protocol that averts replay attacks, denies code injection on the disk, repels cold boots, and deals with plausible deniability.