This document proposes a novel scheme for encrypting and decrypting sensitive data on laptops using secret sharing techniques. The scheme involves three entities - the laptop, a USB device, and a server. It consists of four phases: registration, encryption/decryption, recovery, and reuse. In the registration phase, the user registers their laptop and USB device with the server. In the encryption/decryption phase, the user uses the registered USB device to encrypt and decrypt files on their laptop offline. The recovery phase allows encrypted files to be decrypted online if the USB is lost. The reuse phase enables rebuilding a new USB device without reregistration.

1. secret sharing
for laptop data
protection
Submitted by
Chippy Thomas
Mtech cs
Roll no 4

2. Introduction
• With the benefits of portability
and mobility, laptops have
become more and more popular.
• People usually believe that their
personal laptop is safe, and they
store sensitive data in it.
• Sensitive data includes business
documents, credit card
information, E-mail and

3. • For this reason, several security
mechanisms for protecting
sensitive data on laptops have
been designed.
• Kao et al. designed a protocol
(MELP)
• That allowed laptop users to use
their mobile phones as the
encryption key to protect their
files.
• Although the mobile-based

4. • This paper present about a novel
scheme based on secret-sharing
technique.
• Users can easily encrypt/decrypt
their laptop data offline, that is,
without access to the Internet.
• security analysis shows that
their scheme satisfies all of the
essential requirements for
security and functionality.
• performance analysis indicates

5. Existing system
• Studer and Perrig proposed a
location-based scheme [mobile
user location-specific encryption
(MULE)].
• The MULE scheme provides an
automatic mechanism for
encrypting/decrypting the
sensitive data on a laptop in a
trusted place.

6. • Then, Kao et al. designed a
protocol (MELP)
• That allows users to use their
mobile phones as the encryption
key to protect the files in their
laptops.
• In their scheme, first, the user
must register her/his laptop and
mobile phone as the legal devices
• after that sensitive data can be
encrypted.

7. Proposed system
• In this paper, we proposed a
novel scheme based on a secret-
sharing (SS) technique protecting
sensitive data on laptops.
• We realised that not all users
who wish to encrypt/decrypt the
data on their laptops have
mobile phones and Internet
access.
• Thus, our scheme enhances the

8. • There are three members in our
scheme, that is, the laptop, the
USB device and the server.
• Our scheme can be easily divided
into four phases, that is,
• (i) the registration phase
• (ii) the encryption/decryption
phase
• (iii) the recovery phase
• (iv) the reuse phase.

9. • The user to register his laptop
and universal serial bus (USB)
device only one time on the
Internet.
• After that, the user can offline
encrypt and decrypt data on
laptop with the assist of
registered USB device and
laptop.
• when the user has lost his USB
device, he can recover the

10. • In addition, when a thief steals
the laptop, our scheme can
guarantee that the thief cannot
extract and decrypt the data in
the laptop.
• Proposed scheme uses :
Secure sockets layer
SS scheme

11. • Algorithm used here is shamir
secret sharing algorithm
• In this a secret is shared among
members
• We can reconstruct secret only if
we have k number of shares
• we define a polynomial f (x) = a0 +
a1x + a2x2
+ · · · +an−1xn−1
for SS, where
n is the integer and a0 is the secret
S.
• Then, we compute n shares as D1,

12. Registration phase
• In this phase, we describe how a
user registers her/his laptop and
USB device in our scheme.
• When a user who wants to
protect his files that are stored
in a laptop, he must register the
devices (i.e. the laptop and USB
device) as legal devices.
• After that, the user can

13. • Step 1: User i connects a USB device
to her/his laptop.
• Step 2: User i uses his laptop to
choose an identity IDi, a password
Pwi and three random
numbers, that is, R1, x1 and x2. After
that, the laptop computes A = h(R1||
PWi).
• Step 3: User i sends A, x1, x2 and
IDi to the server by her/his laptop.
• Step 4: After receiving the message,
the server chooses a master key Z, and

14. • Next, the server picks a polynomial f (x) =
aix + si, which is based on Shamir’s SS
scheme.
• The server computes and sets Lt = f
(x1), Usb = f (x2) and Ser = f (x3).
• The server uses f (x3) and its master key
Z to compute E = h( f (x3)||Z) and
stores C, D and f (x3) in its database.
• Step 5: The server sends B, C, Lt, Usb
and E to the laptop.
• Step 6: First, the laptop uses A to
encrypt B, E and Usb as (B)A, (E)A

16. Encryption/decryption phase
• In this phase, when a user wants
to encrypt/decrypt the files in his
laptop, he first must use the
registered USB device connected to
his laptop.
• After that, the user can use his
identity and password to log into
the USB device to verify his
identity.
• Then, the laptop and USB device

17. • Step 1: At the beginning of this phase,
user i must connect the registered USB
device to her/his laptop.
• Step 2: The user enters IDi and PWi into
the laptop.
• Step 3: The laptop forwards IDi and
PWi to the USB device.
• Step 4: After receiving the messages
from the laptop, the USB device uses the
received IDi and PWi to compute A =′
h(R1||PWi).
• And then, the USB device uses A′ to

18. • Step 5: The USB device sends the
decryption value Usb to the laptop.
• Step 6: After receiving the decryption
value Usb, the laptop can use
Lt = f (x1) and Usb = f (x2) to
compute s and set it as the key for
encryption/decryption.

20. Recovery phase
• When a user loses his USB device
in our proposed scheme he can
still recover his encrypted file by
executing the recovery phase that
we designed.
• In this phase, the user must
connect his laptop to the Internet
and use online decryption to
decrypt the file.

21. • Step 1: The user enters his identity IDi
and password PWi into his laptop.
• The laptop computes A = h(R1||PWi)′
to decrypt (B)A and generates
• F = B IDi.⊕
• After that, the laptop uses the value A′ to
decrypt (E)A, and it uses E to encrypt Lt,
IDi, B, A′, Ti and F as G = (Lt, IDi, B, A′, Ti,
F)E, where Ti is a timestamp.
• Step 2: The laptop sends F, Ti and G to
the server.
• Step 3: The server immediately checks

22. • If the timestamp is not valid, the server
terminates the procedure; otherwise, it
computes D = F Z′ ⊕ = R2⊕IDi by the
received F and its master key Z.
• After that, the server uses D′ to determine
the corresponding C and f(x3) in its
database.
• At the same time, server uses Z and f (x3)
to compute E′=h( f(x3)||Z), uses E′ to
decrypt G and then checks the timestamp
Ti in the message G.
• After that, the server computes C″ = h(B||

23. • Step 4: The server sends H to the laptop.
• Step 5: The laptop uses E to decrypt H.
Then, the laptop can use Lt = f (x1) and f
(x3) to compute 3i=1, i=2 f (xi)3r=1, r=2
and i (x − xr)/(xi− xr).
• Then, the laptop can retrieve the value s
and set it as the key for the decryption of
the files.

25. Reuse phase
• In our proposed scheme, we
provide the recovery phase fo
reconstructing the encrypted file
when the user loses his USB
device.
• Also, we provide the reuse phase
for rebuilding a new USB device to
use in the future without double
registering.

26. • Step 1: After decrypting the file, the laptop
generates a timestamp Ti2 and chooses
two random numbers, x4 and x5. And, the
laptop uses E to encrypt two values as I =
(Ti2, x4,x5)E.
• Step 2: The laptop sends Ti2 and I to the
server.
• Step 3: After receiving the message, the
server first checks the timestamps Ti2.
Then, the server picks a polynomial f (x) =
ai ′x + si′ that is based on Shamir’s SS
scheme.

27. • Finally, the server updates the original f
(x3) to f (x6) in its database.
• Step 4: The server sends J to the laptop.
• Step 5: After receiving J from the server,
the laptop uses E to decrypt J = (Lt′, Usb′,
E′′)E′ . And then, the laptop uses A to
encrypt Usb′ and E″ as (Usb′)A and (E″)A.
After that, the laptop updates Lt and (E)A
to Lt′ and (E″)A.
• Step 6: The user connects a new USB
device.
• Step 7: The laptop sends R1, (B)A, C and

29. Security analysis
• we assume that an attacker tries
to access the data in the laptop
by common attacks, that is,
• the replay attack and the
impersonation attack.
• our proposed scheme can
withstand these attacks.

30. Withstanding the replay attack
• The replay attack is when an
attacker intercepts one log-in
message from a legal user
• And then the attacker may try to
resend the log-in message to the
server and pretend to be the
original user.
• Attacker may replay messages
using recovery phase and reuse

31. Replaying messages in recovery
phase
• Attacker may intercepts the
messages F, G and Ti in Step 2
of ‘the recovery phase’.
• She may try to resend them to
impersonate the original user.
• Fortunately, Eve will not be
successful because the server can
easily detect that these messages
are not fresh.

32. Replaying messages in reuse phase
• If we assume that Eve intercepts the
messages Ti2 and I in Step 2 of ‘the
reuse phase’ and resends the
messages to the server
• she still can do nothing. Our proposed
scheme uses a timestamp that
ensures the freshness of the received
message.
• So server checks the timestamp Ti2,
the server can determine that these

33. Withstanding the impersonation attack
• 2 cases
• (i) impersonating the user
• (ii)impersonating the server
• Impersonating the user:
• Attacker tries to impersonate a legal
user in our proposed scheme.

34. • She may intercept and modify the
messages F, Ti and G in Step 2 of the
‘recovery phase’, where F = B⊕IDi
and G =(Lt, IDi, B, A′, Ti, F)E.
• without knowing parameter B and key
E, Eve cannot arbitrarily modify F and
G.
• If Eve uses the fake timestamp Teve to
cheat the server, she also cannot
pass the verification when the server
decrypts the message G and uses the

35. • If we assume that Eve intercepts the
messages Ti2 and I in Step 2 of the
‘reuse phase’, where I = (Ti2, x4,
x5)E.
• She may try to modify the intercepted
message so that she can pretend to
be the original user.
• She cannot accomplish this because,
without knowing key E, Eve cannot
modify the message I.
• To protect the transmitted messages

36. Impersonating the server:
• Eve impersonates the server in order
to obtain useful information from
users.
• Case 1 :When she receives the
messages F, Ti and G from the user
in Step 2 of the ‘recovery phase’,
• she cannot obtain useful information
without knowing parameter B and key
E.

37. • Without the correct value f (x3) and
correct master key Z, Eve cannot
generate the encryption key E′.
• This encryption key E′ is equal to the
user’s decryption key E.
• Hence, when the user cannot use his
key E to decrypt the fake message H′′
= (f (xeve))Eeve .
• he will immediately know that
message H″ is incorrect and
terminate the procedure.

38. • Case 2 : When Eve receives the
message I and Ti2 in Step 2 of the
‘reuse phase’ , she also tries to :
• (i) obtain useful information from these
messages
• (ii) generate the valid message J.
• To prevent Eve from obtaining useful
information from the received
message, we use symmetrical key E
to protect the transmitted message.
• In addition, Eve cannot generate the

39. Case of withstanding the loss of the
device
• To prevent an attacker from
extracting sensitive information from
the devices, we have to ensure that
the laptop and the USB device are
secure.
• our proposed scheme can withstand
the case in which either or both of the
devices are lost or stolen.
• 1)Loss of the laptop :

40. • She may extract the parameters Lt, a
random number R1, (B)A and (E)A
from this laptop, where Lt = f (x1), B =
Z⊕R2, E = h( f (x3)||Z) and A = h(R1||
PWi) are symmetrical
encryption/decryption keys.
• Obviously, without the symmetrical
encryption/decryption key A, Eve
cannot decrypt and extract any useful
information from parameters (B)A and
(E)A.

41. • Next, we assume that Eve attempts to
recover the encrypted messages that
were stored in the stolen laptop by
using the recovery phase.
• Fortunately, she cannot ask for one
recovery share from the server
because she does not have the
correct identity and password.
• our proposed scheme still ensured
that the sensitive data in the laptop
will not be available to the attacker.

42. • She may obtain the random number
R1, parameters (Usb)A, (B)A and C
from the USB device, where C = h(B||
A||IDi).
• Eve may omit the random number R1
and the hash value C, because these
two parameters are useless information
for her.
• In addition, she cannot extract any
message in (B)A and (Usb′)A because
those parameters are protected by

43. 3)Loss of both the laptop and the
USB device:
• In this third scenario, we give the
attacker more power.
• Assuming that Eve steals both the
laptop and the corresponding USB
device,
• she may try to connect the stolen laptop
with the stolen USB device and execute
the encryption/decryption phase.
• Fortunately, without the user’s identity

44. • In addition, even if Eve extracts the
parameters Lt, a random number R1,
(B)A and (E)A from this laptop
• and the random number R1, parameters
(Usb)A, (B)A and C from the USB
device, she still can do nothing
• because all of the important parameters
are protected by the encryption key A,
that is, (B)A, (Usb)A and (E)A.
• In our proposed scheme, an attacker
will be unable to retrieve any useful

45. Advantage
• User-friendliness
• In our proposed scheme, we designed
the ‘recovery phase’ and the ‘reuse
phase’ to ensure that the scheme was
user-friendly.
• Withstand attacks
• Our security analysis showed that our
scheme can withstand various well-
known attacks .
• Replay attack and impersonation attack

46. • It also can withstand three other
serious threats, that is,
• (i) the loss of the laptop
• (ii) the loss of the USB device and
• (iii) the loss of both the laptop and the
USB device.
• Uses symmetric key encryption for
transmitted messages
• So attacker cant modify the transmitted
messages
• Users can easily encrypt/decrypt

47. Conclusion
• In this paper, we proposed a novel,
secure and practical Scheme based on
SS for protecting sensitive data on
laptops.
• Our proposed scheme provides a
simple way that the user can easily
register the service
• And the user can execute the
encryption/decryption phase offline to
access her or his data easily.

48. • And generating a new registered USB
device for encryption/decryption without
having to register twice.
• our proposed scheme can still withstand
several well-known attacks and provide
better performance.
• The security and performance analyses
showed that our proposed scheme is
secure and more suitable for protecting
sensitive data on laptops.