consulthink @ gdg meets u - l'aquila2014 - codelab: android security -il key management
DESCRIPTION
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il Key ManagementTRANSCRIPT
![Page 1: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/1.jpg)
Android Security Key Management
Roberto Piccirillo ([email protected]) Roberto Gassirà ([email protected])
![Page 2: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/2.jpg)
Android Security Key Management
Roberto Piccirillo
● Senior Security Analyst - Mobile Security Lab ○ Vulnerability Assessment (IT, Mobile Application) ○ Hijacking Mobile Data Connection
■ BlackHat Europe 2009 ■ DeepSec Vienna 2009 ■ HITB Amsterdam 2010
○ Android Secure Development
@robpicone
![Page 3: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/3.jpg)
Android Security Key Management
Roberto Gassirà
● Senior Security Analyst - Mobile Security Lab ○ Vulnerability Assessment (IT, Mobile Application) ○ Hijacking Mobile Data Connection
■ BlackHat Europe 2009 ■ DeepSec Vienna 2009 ■ HITB Amsterdam 2010
○ Android Secure Development
● IpTrack Developer
@robgas
![Page 4: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/4.jpg)
Android Security Key Management
Agenda
● Cryptography in Mobile Application
● CryptoSystem
● Crypto in Android
● Symmetric Encryption
● Symmetric Key Management
● Keychain e AndroidKeyStore
● Tipologie di AndroidKeyStore
![Page 5: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/5.jpg)
Android Security Key Management
Requirements
● A computer
● Eclipse with ADT Plugin 22.3.0
● SDK Android 4.4 ( API 19 rev 2)
● Android SDK Build-tools 19
![Page 6: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/6.jpg)
Android Security Key Management
Cryptography in Mobile Applications
● Protect data ○ Sensitive data ○ Data on /sdcard ○ Cryptographic material
● Exchange data securely ○ Documents ○ Mail ○ SMS ○ Session Keys
● Digital Signature ○ Documents ○ Mail
![Page 7: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/7.jpg)
Android Security Key Management
Key Management
"Key management is the management of cryptographic keys in a cryptosystem."
![Page 8: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/8.jpg)
Android Security Key Management
CryptoSystem
"refers to a suite of algorithms needed to implement a particular form of encryption and decryption"
● ● Two types of encryption:
○ Symmetric Key Algorithms ■ Identical encryption key for
encryption/decryption ■ AES, Blowfish, DES, Triple DES
○ Asymmetric Key Algorithms
■ Different key for encryption/decryption
■ RSA, DSA, ECDSA
![Page 9: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/9.jpg)
Android Security Key Management
Ciphers
● Two types of ciphers: ○ Block: Process entire blocks of fixed-length
groups of bits at a time ( padding may be required)
○ Stream: Process single byte at a time ( no padding )
● Block Cipher modes of operation ○ ECB: each block encrypted independently ○ CBC, CFB, OFB: the previous block of
output is used to alter the input blocks before applying the encryption algorithm starting from a IV ( initialization vector )
![Page 10: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/10.jpg)
Android Security Key Management
Crypto in Android
● Based on JCA ( Java Cryptographic Architecture) provides API for: ● Encryption/Decryption ● Digital signatures ● Message digests (hashes) ● Key management ● Secure random number
generation
● “Provider” Architecture with CSP
● Bouncy Castle is Android default CSP
![Page 11: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/11.jpg)
Android Security Key Management
Bouncy Castle Android Version
● Customized: ○ Some services and API removed
● Varies between Android versions ● Fixed only in the latest versions
● Solution: Spongy Castle
● Repackage of Bouncy Castle ● Supports more cryptographic options ● Up-to-date ● Not vulnerable to the Heartbleed Bug
(CVE-2014-0160)
![Page 12: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/12.jpg)
Android Security Key Management
Set Spongy Castle
● Include Libs:
● Enable at Application Level:
![Page 13: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/13.jpg)
Android Security Key Management
GC overhead limit exceeded
● Solution: modify eclipse.ini with: -Xms256m
-Xmx1024m -XX:MaxPermSize=1024m
![Page 14: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/14.jpg)
Android Security Key Management
Step 1 Enabling SpongyCastle
https://github.com/mseclab/gdgmeetsu2014-symmetric-demo-step1.git
![Page 15: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/15.jpg)
Android Security Key Management
Import Project from https://github.com/mseclab
1 2 3
4
![Page 16: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/16.jpg)
Android Security Key Management
Import Project from https://github.com/mseclab
5 6
7
![Page 17: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/17.jpg)
Android Security Key Management
Import Project from https://github.com/mseclab
8 9
10
https://github.com/mseclab/droidconit2014-symmetric-demo-step3.git
![Page 18: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/18.jpg)
Android Security Key Management
The project cannot be built...
1
2
3
![Page 19: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/19.jpg)
Android Security Key Management
Cipher Object
Secret Key Specification
Cipher getInstance
Cipher Init
Cipher Final
![Page 20: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/20.jpg)
Android Security Key Management
SecretKey Specification
javax.crypto.spec.SecretKeySpec
● SecretKeySpec specifies a key for a specific algorithm
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Topic of this workshop
Cryptographic Algorithm
![Page 21: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/21.jpg)
Android Security Key Management
Cipher GetInstance
javax.crypto.Cipher
● Provides access to implementations of cryptographic ciphers
for encryption and decryption
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding”,“SC”);
Trasformation (describes set of operation to perform): • algorithm/mode/padding • algorithm
Provider ( SpongyCastle )
![Page 22: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/22.jpg)
Android Security Key Management
Cipher Init
javax.crypto.Cipher
● Initializes the cipher instance with the specified operational
mode, key and algorithm parameters.
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv));
Operational Mode: • ENCRYPT_MODE • DECRYPT_MODE • WRAP_MODE • UNWRAP_MODE
SecretKeySpec Specify Cipher Algorithm parameters
( IV for CBC )
![Page 23: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/23.jpg)
Android Security Key Management
Cipher Final
javax.crypto.Cipher
● Finishes a multi-part transformation (encryption or decryption)
byte[] encryptedText = cipher.doFinal(clearText.getBytes());
Encrypted Text in byte
ClearText in bytes
![Page 24: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/24.jpg)
Android Security Key Management
Step 2 Encryption Example
https://github.com/mseclab/gdgmeetsu2014-symmetric-demo-step2.git
![Page 25: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/25.jpg)
Android Security Key Management
SecureRandom
java.security.SecureRandom
● Cryptographically secure pseudo-random number generator
SecureRandom secureRandom = new SecureRandom();
Default constructor uses the most cryptographically
strong provider available
● Seeding SecureRandom is dangerous: ○ Not Secure ○ Output may change
![Page 26: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/26.jpg)
Android Security Key Management
Some SecureRandom Thoughts...
● Android security team discovered a JCA improper PRNG initialization in August 2013
● Applications invoking system-provided OpenSSL PRNG without explicit initialization are also affected
● Key Generation, Signing or Random Number Generation not receiving cryptographically strong values
● Developer must explicitly initialize the PRNG
PRNGFixes.apply()
![Page 27: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/27.jpg)
Android Security Key Management
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES”,“SC”); keyGenerator.init(outputKeyLength, secureRandom); SecretKey key = keyGenerator.generateKey();
Generate Secret Key
javax.crypto.KeyGenerator
● Symmetric cryptographic keys generator API
Specify Key Size
Algorithm and Provider
Key to use in Cipher.init()
![Page 28: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/28.jpg)
Android Security Key Management
Key Management: Store on device
● Protected by Android Filesystem Isolation ● Plain File ● SharedPreferences ● Keystore File (BKS, JKS)
● More secure with Phone Encryption
● Store safely ○ MODE_PRIVATE flag ○ Use only internal storage
/data/data/app_package
![Page 29: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/29.jpg)
Android Security Key Management
Key Management: Store on device
● Device Rooted?
![Page 30: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/30.jpg)
Android Security Key Management
Step 3 Rooted device demo
https://github.com/mseclab/gdgmeetsu2014-symmetric-demo-step3.git
![Page 31: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/31.jpg)
Android Security Key Management
Key Management: Store in App
● Uses static keys or device specific information at run-time (IMEI, mac address, ANDROID_ID)
● Android app can be easily reversed ( live demo )
● Hide with Code obfuscation
● Security by Obscurity is never a good idea...
![Page 32: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/32.jpg)
Android Security Key Management
Key Management: Store in App
● unzip: APK -> DEX
● dex2jar: DEX -> JAR
● JD-GUI: JAR -> Source
![Page 33: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/33.jpg)
Android Security Key Management
Reversing Demo
![Page 34: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/34.jpg)
Android Security Key Management
Key Management: PBKDF2
● Password Based Key Derivation Function (PKCS#5) ● Variable length password in input ● Fixed length key in output
● User interaction required
● Params:
○ Password ○ Pseudorandom Function ○ Salt ○ Number of iteration ○ Key Size
![Page 35: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/35.jpg)
Android Security Key Management
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, NUM_OF_ITERATIONS, KEY_SIZE); SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(PBE_ALGORITHM); encKey = secretKeyFactory.generateSecret(keySpec);
Key Management: PBKDF2
javax.crypto.spec.PBEKeySpec
● PBE Key specification and generation
A good PBE algorithm is PBKDF2WithHmacSHA1
User Password
N. >= 1000
![Page 36: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/36.jpg)
Android Security Key Management
SecretKeyFactory factory; if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) // Use compatibility key factory -- only uses lower 8-bits of passphrase chars factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit"); else if (Build.VERSION.SDK_INT >= 10) // Traditional key factory. Will use lower 8-bits of passphrase chars on // older Android versions (API level 18 and lower) and all available bits // on KitKat and newer (API level 19 and higher) factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); else // FIX for Android 8,9 factory = SecretKeyFactory.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
SecretKeyFactory API in Android 4.4
![Page 37: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/37.jpg)
Android Security Key Management
Step 4 PBE Example
https://github.com/mseclab/gdgmeetsu2014-symmetric-demo-step4.git
![Page 38: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/38.jpg)
Android Security Key Management
Key Management: Other solutions
● Store on server side ● Internet connection required ● Use trusted and protected connections (HTTPS, Certificate
Pinning)
● Store on external device
○ NFC Java Card (NXP J3A081) ○ Smartcard ○ USB PenDrive ○ MicroSD with secure storage
● AndroidKeyStore???
![Page 39: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/39.jpg)
Android Security Key Management
Asymmetric Algorithms
● Public/Private Key ○ Public Key -> encrypt/verify signature ○ Private Key -> decrypt/sign
● Advantages: ○ Public Key distribution is not dangerous
● Disadvantages: ○ Computationally expensive
● Usually used with PKI (Public Key Infrastructure for digital
certificates)
![Page 40: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/40.jpg)
Android Security Key Management
Public-key Applications
● Can classify uses into 3 categories: ○ Encryption/Decryption (provides confidentiality)
○ Digital Signatures (provides authentication and Integrity)
○ Key Exchange (of session keys)
● Some algorithms are suitable for all uses (RSA), others are specific to one
![Page 41: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/41.jpg)
Android Security Key Management
PKCS for Asymmetric Algorithms
● PKCS is a group of public-key cryptography standards published by RSA Security Inc
● PKCS#1 (v.2.1) ○ RSA Cryptography Standard
● PKCS#3 (v.1.4) ○ Diffie-Hellman Key Agreement Standard
● PKCS#8 (v.1.2) ○ Private-Key Information Syntax Standard
● PKCS#10 (v.1.7) ○ Certification Request Standard
● PKCS#12 (v.1.0) ○ Personal Information Exchange Syntax Standard
![Page 42: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/42.jpg)
Android Security Key Management
Android: RSA
KeyPairGenerator kpg = KeyPairGenerator.getIstance(”RSA");
Java.security.KeyPairGenerator
● KeyPairGenerator is an engine capable of generating public/private keys with specified algorithms
Cryptographic Algorithm
![Page 43: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/43.jpg)
Android Security Key Management
Available Providers for RSA Algorithm
KeyPairGenerator.getInstance(”RSA”,”SEC_PROVIDERS”);
Java.security.KeyPairGenerator
● Different security providers could be used (could
change for different OS versions)
“AndroidOpenSSL” “BC” “AndroidKeyStrore”
Version 1.0 Version 1.49 Version 1.0
![Page 44: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/44.jpg)
Android Security Key Management
● KeySize – 1024,2048,4096 bits
KeyPairGenerator: Initialization and Randomness
KeyPairGenerator kpg = KeyPairGenerator.initialize(2048);
Java.security.KeyPairGenerator
● KeyPairGenerator initialization with the key size
Key Size
![Page 45: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/45.jpg)
Android Security Key Management
KeyPairGenerator: Initialization and Randomness
KeyPairGenerator kpg = KeyPairGenerator.initialize(2048,sr);
Java.security.KeyPairGenerator, Java.security.SecureRandom
● KeyPairGenerator initialization with a
SecureRandom
SecureRandom sr = new SecureRandom();
![Page 46: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/46.jpg)
Android Security Key Management
Generating RSA Key
Java.security.KeyPair
● KeyPair is a container for a public/private key
generated by the KeyPairGenerator
KeyPair keypair = kpg.genKeyPair()
● We can retrieve public/private keys from KeyPair
Key public_key = kaypair.getPublic();
Key private_key = kaypair.getPrivate();
![Page 47: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/47.jpg)
Android Security Key Management
Using RSA Keys: cipher example
Javax.crypto.Cipher
● Cipher provides access to implementation of
cryptography ciphers for encryption and decryption
Cipher cipher = Cipher.getInstance(“RSA”,”SEC_PROVIDER);
Transformation “AndroidOpenSSL” “BC” “AndroidKeyStrore”
![Page 48: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/48.jpg)
Android Security Key Management
Using RSA Key: cipher example
Javax.crypto.Cipher
● Encryption
cipher.init(Cipher.ENCRYPT_MODE,public_key);
● Decryption
byte[] encrypted_data= cipher.doFinal(“GDG-Meets-U2014”.getBytes());
cipher.init(Cipher.DECRYPT_MODE,private_key); byte[] decrypted_data= cipher.doFinal(cipherd_data);
![Page 49: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/49.jpg)
Android Security Key Management
Parameters of RSA Keys
java.security.KeyFactory, java.security.spec,
● Retrieve RSA Key parameters using KeyFactory
RSAPublicKeySpec rsa_public = keyfactory.getKeySpec(keypair.getPublic(), RSAPublicKeySpec.class);
RSAPrivateKeySpec rsa_private = keyfactory.getKeySpec(keypair.getPrivate(), RSAPrivateKeySpec.class);
![Page 50: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/50.jpg)
Android Security Key Management
Extract Parameters of RSA Keys
Java.security.spec.RSAPublicKeySpec, java.security.spec.RSAPrivateKeySpec
● Retrieved parameters can be stored
BigInteger m = rsa_public.getModulus(); BigInteger e = rsa_public.getPublicExponent(); BigInteger d = rsa_private.getPrivateExponent();
Is Private
![Page 51: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/51.jpg)
Android Security Key Management
Step 1 RSA Keys Generaration
https://github.com/mseclab/gdgmeetsu2014_asymmetric_demo.git
![Page 52: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/52.jpg)
Android Security Key Management
AndroidKeyStore
● Custom Java Security Provider available from Android 4.3
version and beyond
● An App can generate and save private keys
● Keys are private for each App
● 2048-bit key size (4.3), 1024-2048-4096-bit key size (4.4) can be stored
● ECDSA support added from Android 4.4
![Page 53: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/53.jpg)
Android Security Key Management
Key Management Evolution
API LEVEL 14 API LEVEL 18
Global Level: KeyChain ( Public API ) App Level: KeyStore ( Closed API )
Global Level Only: Default TrustStore cacerts.bks (ROOTED device)
Global Level: KeyChain ( Public API ) App Level and per User Level: AndroidKeyStore ( Public API )
![Page 54: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/54.jpg)
Android Security Key Management
AndroidKeyStore Storage
● Two kinds of storage
○ Hardware-backed (Nexus 7, Nexus 4, Nexus 5 :-) with OS >= 4.3) ○ Secure Element ○ TPM ○ TrustZone
○ Software only (Other devices with
OS >= 4.3)
![Page 55: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/55.jpg)
Android Security Key Management
Type of Storage
import android.security.KeyChain;
if (KeyChain.isBoundKeyAlgorithm("RSA")) // Hardware-Backed else // Software Only
![Page 56: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/56.jpg)
Android Security Key Management
Certificate parameters Context cx = getActivity(); String pkg = cx.getPackageName(); Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(1, Calendar.YEAR);
import android.security.KeyPairGeneratorSpec.Builder; Builder builder = new KeyPairGeneratorSpec.Builder(cx); builder.setAlias(“DEVKEY1”); String infocert = String.format("CN=%s, OU=%s", “DEVKEY1”, pkg); builder.setSubject(new X500Principal(infocert)); builder.setSerialNumber(BigInteger.ONE); builder.setStartDate(notBefore.getTime()); builder.setEndDate(notAfter.getTime());
KeyPairGeneratorSpec spec = builder.build();
Times parameters
Self-Signed X.509 ● Common Name (CN) ● Subject (OU) ● Serial Number
Generate certificate
ALIAS to index the certificate
![Page 57: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/57.jpg)
Android Security Key Management
Generating Public/Private keys
KeyPairGenerator kpGenerator;
kpGenerator = KeyPairGenerator .getInstance("RSA", "AndroidKeyStore");
kpGenerator.initialize(spec);
KeyPair kp; kp = kpGenerator.generateKeyPair();
Engine to generate Public/Private key
Init Engine with: ● RSA Algorithm ● Provider: AndroidKeyStore
Init Engine with certificate parameters
After generation, the keys will be stored into AndroidKeyStore and will be accessible by ALIAS
● Generating Private/Public key
![Page 58: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/58.jpg)
Android Security Key Management
AndroidKeyStore Initialization
keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
Now we have the KeyStore reference that will be used to access to the Private/Public key by the ALIAS
Should be used if there is an InputStream to load (for example the name of imported KeyStore). If not
used the App will crash
Get a reference to the AndroidKeyStore
![Page 59: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/59.jpg)
Android Security Key Management
Step 2 AndroidKeyStore Gen Keys
https://github.com/mseclab/gdgmeetsu2014_asymmetric_demo.git
![Page 60: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/60.jpg)
Android Security Key Management
RSA Digital Signature
● Digital Signature ○ Authentication, Non-Repudiation and Integrity ○ RSA Private key to Sign ○ RSA Public Key to Verify
KeyStore.Entry entry = ks.getEntry(“DEVKEY1”, null); byte[] data = “GDG-Meets-U 2014!”.getBytes(); Signature s = Signature.getInstance(“SHA256withRSA”); s.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey()); s.update(data); byte[] signature = s.sign(); String result = null; result = Base64.encodeToString(signature, Base64.DEFAULT);
Access to Private/Public key identified by ALIAS
Algorithm choice
Private key to sign
Signature and Base64 encoding
![Page 61: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/61.jpg)
Android Security Key Management
Verify RSA Digital Signature
byte[] data = input.getBytes(); byte[] signature; signature = Base64.decode(signatureStr, Base64.DEFAULT);
KeyStore.Entry entry = ks.getEntry(“DEVKEY1”, null);
Signature s = Signature.getInstance("SHA256withRSA");
s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate()); s.update(data); boolean valid = s.verify(signature);
Base64 decoding
Access to the Private/Public key identified by ALIAS==DEVKEY1
Algorithm choice
Public Key in certificate to verify signature
TRUE == Verified FALSE== Not Verified
![Page 62: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/62.jpg)
Android Security Key Management
Step 3 AndroidKeyStore Sign/Verify
https://github.com/mseclab/gdgmeetsu2014_asymmetric_demo.git
![Page 63: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/63.jpg)
Android Security Key Management
RSA Encryption ● Encryption
○ Confidentiality ○ RSA Public key to Encrypt ○ RSA Private key to Decrypt
PublicKey publicKeyEnc = ((KeyStore.PrivateKeyEntry) entry) .getCertificate().getPublicKey(); String textToEncrypt = new String(”GDG-Meet-U-2014"); byte[] textToEncryptToByte = textToEncrypt.getBytes(); Cipher encCipher = null; byte[] encryptedText = null;
encCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); encCipher.init(Cipher.ENCRYPT_MODE, publicKeyEnc);
encryptedText = encCipher.doFinal(textToEncryptToByte);
Access to Public key to encrypt
● Algorithm ● Encryption with Public
key
Ciphered
![Page 64: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/64.jpg)
Android Security Key Management
RSA Decryption
Cipher decCipher = null; byte[] plainTextByte = null;
decCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
decCipher.init(Cipher.DECRYPT_MODE, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
plainTextByte = decCipher.doFinal(ecryptedText);
String plainText = new String(plainTextByte);
Algorithm
Decryption with Private key
Plaintext
![Page 65: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/65.jpg)
Android Security Key Management
Step 4 AndroidKeyStore Enc/Dec
https://github.com/mseclab/gdgmeetsu2014_asymmetric_demo.git
![Page 66: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/66.jpg)
Android Security Key Management
It is observed that...
● Different screen lock
● The choice of screen lock impactsthe keys
● If you change the screen lock the
keys are deleted
![Page 67: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/67.jpg)
Android Security Key Management
Expected behavior?
● The official documentation shows:
● The keys should ramain intact when the type of screen lock is changed by the user
![Page 68: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/68.jpg)
Android Security Key Management
Issue 61989 ...
![Page 69: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/69.jpg)
Android Security Key Management
Cryptographic material on devices
● Device with Storage “Hardware-backed”
● Device with Storage “Software-only”
![Page 70: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/70.jpg)
Android Security Key Management
KeyChain
● KeyChain ○ Accessible by any Application
● Typically used for corporate certificates
![Page 71: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/71.jpg)
Android Security Key Management
Example: Import Certificates
● Import .p12 certificates
Intent intent = KeyChain.createInstallIntent();
byte[] p12 = readFile(“CERTIFICATE_NAME.p12”); Intent.putExtra(KeyChain.EXTRA_PKCS12,p12);
Specify PKCS#12 Key to install
startActivity(intent);
The user will be prompted for the password
![Page 72: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/72.jpg)
Android Security Key Management
KeyChain.choosePrivateKeyAlias( Activity activity, KeyChainAliasCallBack response, String[] keyTypes, Principal[] issuers, String host, Int port, String Alias);
Example: Retrieve the key
● The KeyChainAliasCallback invoked when a user chooses a certificate/private key
![Page 73: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/73.jpg)
Android Security Key Management
@Override public void alias(String alias){ . . PrivateKey private_key = KeyChain. getPrivateKey(this,alias); . . X509Certificate[] chain = KeyChain. getCertificateChain(this,”Droidcon”); . PublicKey public_key = chain[0].getPublicKey(); }
Example: Retrieve and use the keys
● KeyChainAliasCallbak must implement the abstract method alias:
Private Key
Public Key
![Page 74: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/74.jpg)
Android Security Key Management
Step 5 KeyChain
https://github.com/mseclab/gdgmeetsu2014_asymmetric_demo.git
![Page 75: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/75.jpg)
Android Security Key Management
References
● http://developer.android.com/about/versions/android-4.3.html#Security ● http://developer.android.com/reference/java/security/KeyStore.html ● http://en.wikipedia.org/wiki/Encryption ● http://en.wikipedia.org/wiki/Digital_signature ● http://nelenkov.blogspot.it/2013/08/credential-storage-enhancements-android-43.html ● http://nelenkov.blogspot.it/2012/05/storing-application-secrets-in-androids.html ● http://nelenkov.blogspot.it/2012/04/using-password-based-encryption-on.html ● http://nelenkov.blogspot.it/2011/11/ics-credential-storage-implementation.html ● http://developer.android.com/reference/android/security/KeyPairGeneratorSpec.html ● http://android-developers.blogspot.it/2013/02/using-cryptography-to-store-
credentials.html ● http://www.bouncycastle.org/ ● http://android-developers.blogspot.it/2013/08/some-securerandom-thoughts.html ● http://nelenkov.blogspot.it/2013/10/signing-email-with-nfc-smart-card.html ● http://en.wikipedia.org/wiki/PKCS ● http://developer.android.com/reference/android/security/KeyChain.html ● http://android-developers.blogspot.it/2013/12/changes-to-secretkeyfactory-api-in.html
![Page 76: Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il key management](https://reader033.vdocuments.mx/reader033/viewer/2022060107/554a35edb4c90582328b468f/html5/thumbnails/76.jpg)
Android Security Key Management
Thank you Q&A www.mseclab.com www.consulthink.it
goo.gl/TA8EA1