sacon - mobile app security (srinath venkataramani)
TRANSCRIPT
SACON
SACONInternational2017
SpeakerNameCompany
DesignationTwitterHandle
India|Bangalore|November10– 11|HotelLalit Ashok
MobileAppProtectionDos&Don’ts
SrinathVenkataramaniSymantecCorpDirector,Development
Your Slide Title
SACON 2017
•MobileAppDevelopment- TheattackSurface• Data,AuthenticationandAppprotectionchallenges• iOS&AndroidProtectionmeasures• Takeaways
Agenda
Your Slide Title
SACON 2017
TypicalMobileTAM
UserAuthenticationServer
AuthenticationAppProtectionDataIntegrity
DataProtectionDataProtectionAppProtection
App&UserAuthentication
Your Slide Title
SACON 2017
• Fordataatrest(indevice),howtoencryptthedata?Howtoprotecttheencryptionkey?• Fordataovernetwork,howtoensuretheserveristrusted?• Fordatainmotionwithotherappsinthedevice,howtotrusttheotherapp?Hownottoleakdataduringcommunication?
DataProtectionChallenges!
Your Slide Title
SACON 2017
• Howtoauthenticateagivendeviceandapptoawebservice?• Howtoauthenticateauserlocally?Andfurthertoestablishasessionwitharemoteservice?• HowtoperformaSingleSignOn?
AuthenticationChallenges!
Your Slide Title
SACON 2017
• Howtoprotectmyappagainsttampering?• Howtoprotectthecodefromreverseengineering?• Howtodynamicallydetecttheenvironmentsuchadebuggers,rooting,emulators,etc ?
AppProtectionChallenges!
Your Slide Title
SACON 2017
• Platformprotection,cryptoAPIsupport&Appprotection• ProtectingKeysandsensitivematerialinyourapp• AssessingDataIntegrity• ValidatingServerauthentication• Deviceidentifierconsiderations• UserAuthenticationmechanisms• Protectingtheappitself
SecureDevelopmentAspects
Your Slide Title
SACON 2017
• AndroidKeyStore System(APILevel18)– Applevelandperuserlevel• ECDSAsupportfromAndroid4.4• KeyChain API(beforeAPILevel18)is‘System-widecredential’whileKeyStore APIis‘appisolatedcredential’.• 2storagekinds– Hardware/Software(KeyInfo.isInsideSecurityHardware())• Keyusagetiedtobio-metricuserauthentication(sayFingerPrintManager)
AndroidPlatformSecurity
Your Slide Title
SACON 2017
• KeyChain ServicesAPI–• Securesdatabyencryptingbeforestoringintofilesystem• OnlyauthorizedappgetsaccesstospecificelementinaKeychain.
• KeyChain Controlclasses– Always,afterfirstunlock,whenunlocked,whenpasscodeisset.• ApplicationcontroloveritemsusingkSecAttrAccessible Attributes
iOS PlatformSecurity
Your Slide Title
SACON 2017
StrongCiphersinApp
• UseDifferentkeysfordifferentpurposes– Auth,Encryption,Signing,etc.• ChoiceofSymmetricvs Asymmetric• AsymmetricRSA>2048bits/ECC>224bits• SymmetricAES>128• CryptoHashSHA1/SHA2
Your Slide Title
SACON 2017
BriefonPBKDF
• Alwaysencryptwithuserprovidedkeys(KeyDerivationFunction)anddonotstoreinthedevice.
Your Slide Title
SACON 2017
• Package– javax.crypto.spec.PBEKeySpec• /*Samplesnippet– Focusshouldbeon‘whatuserknows’–pin/passphrase,salt,iterationsandKeylength*/• …SecretKeyFactory secretKeyFactory =SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");KeySpec keySpec =newPBEKeySpec(passphraseOrPin,salt,iterations,outputKeyLength);SecretKey secretKey =secretKeyFactory.generateSecret(keySpec);…
PBKFD2- Android
Your Slide Title
SACON 2017
• CommonCryptolibrary– CommonKeyDerivation.h• kCCPBKDF2constants• CCCalibratePBKDF (Numberofiterations)• CCKeyDerivationPBKDF (withsalt,iterations,keyandlength)
PBKFD2- iOS
Your Slide Title
SACON 2017
• DataIntegrityandAuthenticationofamessage.• KeyedHash– SecretKeytoencryptforauthenticationandCryptographicHashfunctionformessageintegrity• HMAC-SHA~H(Key|H(Key|Message))
DataIntegrityChecks
Your Slide Title
SACON 2017
• Package– javax.crypto.Mac.spec.secretKeySpec//HMAC-SHA256spectoinitMachmacSha256=Mac.getInstance("HmacSHA256");SecretKeySpec sKey =newSecretKeySpec(secret.getBytes(),"HmacSHA256");hmacSha256.init(sKey);Stringhash=Base64.getEncoder().encodeToString(hmacSha256.doFinal(message.getBytes()));
AndroidHMAC-SHA256
Your Slide Title
SACON 2017
• Android– UUID&IOS– UDID• BewareMACaddressinbothplatformsmaychangeandarenothardwarebound!• RecommendtoCreateApp-uniquedevicefactor.• ConsiderthescopeofID– Session,Install,factoryresetorsurvivefactoryresets.• UseinstanceIDinAndroidorappspecificGUIDfrominstalltime• UseIDFViniOS,otherwiseuseNSUUID&CFUUID
DeviceIdentification
Your Slide Title
SACON 2017
• HTTPSisamust!• CertificatePinningguardagainstMITM• Pinthe‘SubjectPublicKeyInfo’• Avoidacceptingself-signedcertificates(testinghackgetsintoproduction:-/)• Avoidsettingpermissivehostnameverifier
Data‘inmotion’Protection
Your Slide Title
SACON 2017
• //TrustedCAcertfromassetsInputStream caInput =newBufferedInputStream(MainActivity.context.getAssets().open(“<YourCA.crt>”));
//CreateKeystore containingthetrustedCaskeyStore.setCertificateEntry(“<YourCAAlias>”,ca);//CreateaTrustManager thattruststheCas inyourKeyStoreStringtmfAlgo =TrustManagerFactory.getDefaultAlgorithm();TrustManagerFactory tmf =TrustManagerFactory.getInstance(tmfAlgo);tmf.init(keyStore);
CertPinning- Android
Your Slide Title
SACON 2017
• //CreateanSSLContext thatusesyourTrustManagerSSLContext context=SSLContext.getInstance("TLS");context.init(null,tmf.getTrustManagers(),null);• //TellURLConnection tousesocketfromthissslContextURLurl =newURL(“<YourURL>”);HttpsURLConnection urlConnection= (HttpsURLConnection)url.openConnection();urlConnection.setSSLSocketFactory(context.getSocketFactory());InputStream in=urlConnection.getInputStream();copyInputStreamToOutputStream(in,System.out);
CertPinning- Android
Your Slide Title
SACON 2017
• NSURLSession/AFNetworking classes//UsetheURLSessionDelegate Implementationsession=URLSession(configuration:URLSessionConfiguration.ephemeral,delegate:URLSessionPinningDelegate(),delegateQueue:nil)//DothePublicKeyHashpinningletserverPublicKey =SecCertificateCopyPublicKey(serverCertificate)letserverPublicKeyData:NSData =SecKeyCopyExternalRepresentation(serverPublicKey!,nil)letkeyHash =sha256(data:serverPublicKeyData asData)//CheckthehardcodedpinnedhashwiththereceivedkeyHashif(keyHash ==pinnedPublicKeyHash){…
CertPinning- iOS
Your Slide Title
SACON 2017
• PRNG– implicationsofDeterministic/NonDeterministic,Range,Period,andDistribution• CrucialaspectistopreferNonDeterministicstrongentropyforpseudorandomnumbergeneration– similartodev ordev urand inUnix.• Android- Use– SecureRandom (Withoutseedingit,letisautomaticallyseedfromsystementropy)
PRNGfunctions
Your Slide Title
SACON 2017
/*Init SecureRandomCodesnippetaspartofNonDeterministicsaltgeneration*/…SecureRandom random=newSecureRandom();byte[]salt=newbyte[saltLength];random.nextBytes(salt);…
PRNGAndroid
Your Slide Title
SACON 2017
//Rangeis 2^32-1based onint32&without modulobias…UInt32randomResult =0;int result =SecRandomCopyBytes(kSecRandomDefault,sizeof(int),(uint8_t*)&randomResult);if(result !=0)randomResult =arc4random_uniform(<upper-bound>);returnrandomResult;…
PRNGiOS
Your Slide Title
SACON 2017
• DeviceAuth vs Appspecificauthentication• PreferSSOoverindependentappspecificuserauthenticationtowebservices.• Betransparentonprivacypolicy.• Useofplatformbrowsersessionswithyourapp– minimizesusabilityconcerns.
UserAuthentication
Your Slide Title
SACON 2017
• ChromecustomTab- Abstractsmanagingrequests,cookiestoresandpermissions.• Callbackbasednavigationawareness• SecurityconstructofGoogle’sSafeBrowsingisalreadybuiltin• PerformanceOptimizations
• iOS SafariViewController• Usertonativebrowservs browsertoappchannelseparation.• Considerplainviewofwebcontent– SFSafariViewController vs customizedinteractionsviaWKWebView• SharedcookieandwebsitedatawithSafari
SSOinMobilePlatforms
Your Slide Title
SACON 2017
• Tamperdetection– PackageManager (Android)toretrieveappsignaturetocomparetamper.• Codeobfuscation• Obfuscationtools• DexGuard/ProGuard/Dasho/etc (Android)• Rename/ObjC-Obfuscator(iOS)
• Runtimeprotection• Android- android:debuggable=“false”• iOS PT_DENY_ATTACH
• SensitivecodesegmentinAndroidcanbeinNDKandfurtherobfuscated
AppProtectionMeasures
Your Slide Title
SACON 2017
• Displaymasked/partialaspectsofsensitivedata.• AlwaysValidateinputdata.• Bewareofdefaultapp/userdatabackup• allowBackup falseinAndroidManifest• ProtectionclassesforiOS toavoidorencryptbackup
• Protectagainstdataleakoncrash(ForinstanceNSAssert iniOSshouldbedisabled).• RemoveDebuglogsfromreleasebuilds.• Disableauto-correctfeatureforallsensitivefields.
MoreAppProtectionMeasures
Your Slide Title
SACON 2017
• ConsidercustomkeyBoard (foruserPINorpasscode)todisablecache.• Disablecopy/pasteforareashandlingsensitivedata.Alwaysclearclipboardafterconsuming.• Android:Bewareofpublicexportedcomponentsandtheiraccessviaintents!(anrdoid:exported =false)• Android:Donotpasssensitivedatabetweenappsusingbroadcastintents.• Android:Delaythegrantofpermissionsuntilneeded(UseAndroid6.0runtimepermissionswherepossible)• Android:SignyourAndroidAPKwithpubliccodesigningCAcert.
MoreAppProtectionMeasures
Your Slide Title
SACON 2017
• Securityconsiderationsandthreatanalysisatthebeginningofmobileappdevelopment.• Rightconstructsforuser,device,andappbasedondocumentedrisks&tradeoffs.• FocusandrigorousreviewsincodesegmentsthatstrongPRNG,employingencryptionroutines,understandingcertpinning,enablingmobileSSO &apptamperprotection.
Summary
Your Slide Title
SACON 2017
• OWASPTop10MobileThreats:https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Top_10_Mobile_Risks• AndroidSecurity:https://source.android.com/security/• iOS Security:https://www.apple.com/business/docs/iOS_Security_Guide.pdf• IOSKeyChain:https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-TP9
References