secure file system - final meeting
DESCRIPTION
04.02.13. Secure File System - Final Meeting. Industrial Project (234313). Prof. Michael Elad Students N oam Hershtig Yuri Bronshtein. Supervisors Boris Dolgunov Constantine Elster. Agenda. Goals Problem Description High Level solution Demo Methodology Technical Team Work - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/1.jpg)
Secure File System -Final Meeting
Industrial Project (234313)
Prof. Michael Elad
StudentsNoam HershtigYuri Bronshtein
04.02.13
SupervisorsBoris Dolgunov
Constantine Elster
![Page 2: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/2.jpg)
Agenda
Goals Problem Description High Level solution
Demo Methodology
Technical Team Work Protocol
Conclusions
![Page 3: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/3.jpg)
Motivation
![Page 4: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/4.jpg)
Motivation (cont.)
Defcon 20 (July 2012): “Into The Droid” by Thomas Cannon Shows how easy is to crack the Android Encryption
“Into The Droid” DEFCON20 Slides from:https://viaforensics.com/mobile-security/droid-gaining-access-android-user-data.html
![Page 5: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/5.jpg)
Goal: Prevent Brute Forcing Encryption Key Solution: 2 Stage Authentication Store Key in TrustZone™ (KeyDB) KeyDB Throttles key retrieval attempts Key management is transparent to user & applications.
![Page 6: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/6.jpg)
Solution ComponentsOS kernel TrustZone
dm-crypt-skm
KeyDBKey
Manager
SFS Kernel Modules
(skm, skm-udp)
User mode
Screen lock application
SFS configuratio
n application
dm-crypt Unmodified
Optional Changes
Original
![Page 7: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/7.jpg)
Demo
![Page 8: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/8.jpg)
Our Process Study Android & Linux Encryption mechanisms:
Device-mapper, dm-crypt LUKS (key management alternative)
Create “proof of concept” encryption key manager Create modular design Define protocol Implement Separate components:
Divide labor by platform: Android Apps / Linux Kernel Use TDD principles:
Unit Tests before code (where applicable) Use “simulation” (python test scripts) to test interfaces in early stages.
Integration Verify separate modules work as expected together
![Page 9: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/9.jpg)
Key Management
Runs in TrustZone
Login Attempt Throttling: Different Locking Schemes available
Long Term Locking “Burst Mode”
User Management: Multiple PIN/Key pairs
Useful for Tablets Administrative Rights Recovery Options
![Page 10: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/10.jpg)
Kernel Modules
Implemented as part of the device-mapper framework <kernel>/drivers/md
dm-crypt-skm: device-mapper target. Wraps dm-crypt, the original crypto device service.
skm (secure key management) Implements the protocol generically. Uses “pluggable” modules for communication with KeyDB in TrustZone. Managed from usermode via ioctls. Creates “/dev/skm” device.
skm-udp Uses netpoll API to communicate with KeyDB via UDP packets.
TrustZone (KeyDB)skm-udp
skm/dev/skm
User: Settings
dm-crypt
dm-crypt-skm
dm (dmsetup)
User: Lock Screen
![Page 11: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/11.jpg)
Development Platform and Languages Android TrustZone Simulator
Java + Android SDK (Eclipse) Testing: jUnit for Android, python for network simulation
Linux kernel modules (dm-crypt-skm, skm, skm-udp) ANSI C
Run on GNU/Debian as vmware guest Tested on 2.6.32 kernel, compatible with 3.3 kernel API.
Testing: python for network simulation Configuration Application
ANSI C Lock Screen Demo
Python and wxPython Source Control
git (assembla private repository)
![Page 12: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/12.jpg)
Kernel TrustZone Protocol
Key Retrieval getKey getStatus
loadKey unloadKey
Misc. getVersion (For backward
compatibility)
User Management addID removeID changePIN setParams getParams unlockID
HW Support
![Page 13: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/13.jpg)
Challenges
Minimal Architectural Changes An early goal was to minimize changes to Android OS & Apps. After studying the linux crypto services,
dm-crypt was chosen as the best subsystem to modify
Kernel Usermode Communications Unorthodox model (simulate ‘CPU mode’ as usermode process) Usually communication is initiated from usermode Options which were considered:
polling (easy to implement, breaks design for actual ARM chips) sysfs/proc (not secure enough) sockets (incompatible with dm) netpoll (modern API in kernel, used primarily for low level debugging)
![Page 14: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/14.jpg)
Conclusions
Design Good design simplifies code stage Allows modularization
Modularization Very important for team based coding Allows easy testing & relatively smooth
integration Helps minimizing changes in porting to
another platform
Minimizing Kernel Code Debugging kernel code is non-trivial and
time consuming Linux APIs are changing all the time:
No current documentation available Version dependent code
Automatic testing is nearly impossible
Early Testing (Test Driven Development) Quick development Easy regression testing
![Page 15: Secure File System - Final Meeting](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5681637d550346895dd45c74/html5/thumbnails/15.jpg)
Thank You!