OK, but what if in this "Evil Maid" attack, a particular encrypted directly is replaced with an empty, unencrypted directory (by messing with the file system metadata), and it's a directory where data ends up getting stored after its downloaded from the air --- your e-mail, for example, or maybe the directory where your pictures from the cell phone camera is stored. Now a few days later, when you leave your cell phone unattended in your hotel room in Shanghai, another "Evil Maid" might take your phone, and harvest the data from the unencrypted directory --- and since the directory is unencrypted, the newly created files would also be encrypted. Win! The "Evil Maids" can now determine if you're from that horrible terrorist group, the Falun Gong. Or maybe the "Evil Maids" are working for your competitor, and they're just after your company's business secrets. :-) The defense against this is that if a directory is encrypted, the files and sub-directory must also be encrypted, and by the same key. This is enforced at lookup and open time. And the hash of the key of the top-level directories for each user are stored in a small amount of "secure storage" available on the phone, and this is verified when the system is booted.
Right. How does file-name encryption comes as a defense for the above Evil maid attack ? Sorry looks like I am missing something to be convinced. Thanks, Anand
