Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Sign here, please!

Sign here, please!

An application ID might define your app among all others, but its signature is what proves and confirms its identity and integrity. From working in distributed teams to fending off fraudulent clones of your application, you eventually come to understand the importance of signatures.

In this talk we’ll take a deep dive into the Android keystore system, certificates and signatures, and go over key points necessary for any application’s long and productive life. Also, we will cover some security tips and tricks that will help ensure your app is safe to use, even if the users are faced with its evil twin.

At the end you should walk away with a deeper insight into everyday mechanisms that are often taken for granted, and the impact that they have on your users’ security.

Ana Baotić

April 24, 2018
Tweet

More Decks by Ana Baotić

Other Decks in Technology

Transcript

  1. SIGN HERE, PLEASE!
    ANA BAOTIĆ @abaotic

    View Slide

  2. View Slide

  3. View Slide

  4. Present in

    54

    countries
    Over
    22,300

    highly committed
    employees
    6th

    largest software
    & services
    vendor in Europe
    1,813

    m EUR
    sales revenues in
    2016
    176

    m EUR
    operating profit
    in 2016
    1bln

    EUR
    market
    capitalization
    • Founded in 1991
    • 6th largest software producer in Europe
    • Traded on the WSE, included in the WIG20 blue chip
    index
    • International presence
    ASSECO at a glance

    View Slide

  5. CERTIFICATE @abaotic

    View Slide

  6. CERTIFICATE
    Electronic document that
    proves ownership of a public key
    CERTIFICATE @abaotic

    View Slide

  7. CERTIFICATE
    Electronic document that
    proves ownership of a public key
    X.509 - structure
    CERTIFICATE @abaotic

    View Slide

  8. CERTIFICATE
    Electronic document that
    proves ownership of a public key
    X.509 - structure
    TLS, electronic signatures
    CERTIFICATE @abaotic

    View Slide

  9. IDENTITY
    CERTIFICATE @abaotic

    View Slide

  10. PUBLIC KEY
    CERTIFICATE = IDENTITY +
    +
    @abaotic

    View Slide

  11. KEYS
    ASYMMETRIC CRYPTOGRAPHY
    @abaotic

    View Slide

  12. KEYS
    ASYMMETRIC CRYPTOGRAPHY
    13924097109571903750931790573190570913759031790579374037105973109570931750937109570…
    f(x)
    @abaotic

    View Slide

  13. KEYS - ASYMMETRIC CRYPTOGRAPHY
    ▸ Private (owner) ▸ Public (shared)
    @abaotic

    View Slide

  14. KEYS
    ▸ Private (owner)
    ▸ Decrypts messages
    ▸ Public (shared)
    ▸ Encrypts messages
    @abaotic

    View Slide

  15. KEYS
    ▸ Private (owner)
    ▸ Decrypts messages
    ▸ Calculates signatures
    ▸ Public (shared)
    ▸ Encrypts messages
    ▸ Confirms signatures
    @abaotic

    View Slide

  16. DIGITAL SIGNATURE
    ▸ authentication, non-repudiation and integrity
    DIGITAL SIGNATURE
    @abaotic

    View Slide

  17. DIGITAL SIGNATURE
    ▸ authentication, non-repudiation and integrity
    ▸ Calculate a digest/hash of the message
    DIGITAL SIGNATURE
    @abaotic

    View Slide

  18. DIGITAL SIGNATURE
    ▸ authentication, non-repudiation and integrity
    ▸ Calculate a digest/hash of the message
    ▸ Sender encrypts with private key
    DIGITAL SIGNATURE
    @abaotic

    View Slide

  19. DIGITAL SIGNATURE
    ▸ authentication, non-repudiation and integrity
    ▸ Calculate a digest/hash of the message
    ▸ Sender encrypts with private key
    ▸ Recipient decrypts with public key
    DIGITAL SIGNATURE
    @abaotic

    View Slide

  20. SIGNED BY CA
    CERTIFICATE = IDENTITY + PUBLIC KEY
    +
    +
    @abaotic

    View Slide

  21. CERTIFICATE = IDENTITY + PUBLIC KEY + SIGNED BY CA
    +
    +
    @abaotic

    View Slide

  22. CERTIFICATE AUTHORITY
    CA
    Trusted entity that issues digital certificates.
    @abaotic

    View Slide

  23. CA
    CA CERTIFICATE
    ▸ Self-signed certificate
    ▸ Browsers, Android, OSX
    ▸ Comodo, IdenTrust, Symantec, GoDaddy, Let’s Encrypt
    ▸ Impact of updates!
    @abaotic

    View Slide

  24. END CERTIFICATE

    View Slide

  25. INTERMEDIATE CERTIFICATE

    View Slide

  26. ROOT CERTIFICATE

    View Slide

  27. CERTIFICATES
    CERTIFICATE CHAINS
    @abaotic

    View Slide

  28. CA - DOMAIN VS EXTENDED VALIDATION @abaotic

    View Slide

  29. CA
    SUBVERSION
    ▸ Primary risk key theft
    ▸ Scheme flawed
    ▸ HSM for key storage
    ▸ Offline
    @abaotic

    View Slide

  30. TRUST
    ANDROID
    ▸ Unknown CA/Self-signed
    ▸ No intermediate cert on server
    @abaotic

    View Slide

  31. SIGNING ANDROID APPLICATIONS @abaotic

    View Slide

  32. SIGNING ANDROID APPLICATIONS
    ▸ Generate a key and keystore
    ▸ Sign your application
    @abaotic

    View Slide

  33. SIGNING ANDROID APPLICATIONS - NEW KEY STORE @abaotic

    View Slide

  34. SIGNING ANDROID APPLICATIONS - SIGN THE APP @abaotic

    View Slide

  35. SIGNING ANDROID APPLICATIONS - SIGN THE APP
    ALTERNATIVE
    ▸ keytool to generate a key
    ▸ zipalign to align unsigned apk
    ▸ jarsigner to sign aligned apk
    @abaotic

    View Slide

  36. SIGN THE APK
    DECISIONS TO BE MADE
    ▸ Who will be responsible for the signing key?
    @abaotic

    View Slide

  37. WE THE DEVELOPERS

    View Slide

  38. WE THE DEVELOPERS
    EXPECTATIONS
    ▸ Application can be updated throughout its lifetime
    @abaotic

    View Slide

  39. WE THE DEVELOPERS
    PREREQUISITES
    ▸ Signing key must be safe
    ▸ Signing key must be accessible
    @abaotic

    View Slide

  40. WE THE DEVELOPERS
    REALITY
    ▸ People spill coffee
    ▸ People switch companies
    @abaotic

    View Slide

  41. WE THE DEVELOPERS
    REALITY NIGHTMARE
    signingConfigs {
    release {
    storeFile file("/not_where_you_think_it_is/ks.jks")
    storePassword "password"
    keyAlias "my-alias"
    keyPassword "password"
    }
    }
    @abaotic

    View Slide

  42. GOOGLE PLAY APP SIGNING
    https://goo.gl/3aCBeC

    View Slide

  43. GOOGLE PLAY APP SIGNING
    DECISION IS PERMANENT
    @abaotic

    View Slide

  44. GOOGLE PLAY APP SIGNING
    NEW APPS
    ▸ Create upload key and sign apk
    ▸ Google Play App Signing ->Accept
    ▸ Upload signed apk
    ▸ Register app signing key!
    @abaotic

    View Slide

  45. GOOGLE PLAY APP SIGNING
    EXISTING APPS
    ▸ Opt-in
    ▸ Submit signing key to Google and
    ▸ Create upload key
    ▸ Update keystores
    ▸ Continue signing with upload key
    @abaotic

    View Slide

  46. WE THE DEVELOPERS
    MITIGATION
    ▸ Upload key lost/compromised?
    @abaotic

    View Slide

  47. SIGN THE APK
    DECISIONS TO BE MADE
    ▸ Who will be responsible for the signing key?
    ▸ Applicable to all modules/applications/flavours?
    @abaotic

    View Slide

  48. SIGN THE APK
    PROS AND CONS
    ▸ Modularity
    ▸ Permission based
    sharing
    ▸ update-able
    ▸ Single point of failure
    @abaotic

    View Slide

  49. View Slide

  50. ANDROID KEYSTORE SYSTEM @abaotic

    View Slide

  51. ANDROID KEYSTORE SYSTEM
    The Android Keystore system safeguards your
    cryptographic keys from extraction.
    ANDROID KEYSTORE SYSTEM
    @abaotic

    View Slide

  52. STORAGE
    SHOULD I KEEP SENSITIVE DATA IN MY APP?
    @abaotic

    View Slide

  53. ANDROID KEYSTORE SYSTEM
    EXTRACTION PREVENTION
    ▸ System process in charge of cryptographic operations
    ▸ Key material bound to TEE, SE
    @abaotic

    View Slide

  54. ANDROID KEYSTORE SYSTEM
    KEY USE AUTHORIZATIONS
    ▸ Once defined, immutable
    ▸ Cryptography
    ▸ Temporal validity interval
    ▸ User authentication
    @abaotic

    View Slide

  55. ANDROID KEYSTORE SYSTEM
    UTILITY METHODS
    ▸ KeyInfo.isInsideSecurityHardware()
    ▸ KeyInfo.isUserAuthenticationRequirementEnforcedBySecureHardware()
    @abaotic

    View Slide

  56. ANDROID KEYSTORE SYSTEM
    KEYCHAIN VS ANDROID KEYSTORE PROVIDER
    ▸ System-wide credentials
    ▸ System provided UI
    ▸ App-specific credentials
    ▸ No interaction
    ▸ AndroidKeystore API 18
    @abaotic

    View Slide

  57. KEY PAIR ENTRY IN KEYSTORE
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(
    KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
    kpg.initialize(new KeyGenParameterSpec.Builder(
    alias,
    KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
    .setDigests(KeyProperties.DIGEST_SHA256,
    KeyProperties.DIGEST_SHA512)
    .build());
    KeyPair kp = kpg.generateKeyPair();
    GENERATE KEYPAIR
    @abaotic

    View Slide

  58. KEY PAIR ENTRY IN KEYSTORE
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(
    KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
    kpg.initialize(new KeyGenParameterSpec.Builder(
    alias,
    KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
    .setDigests(KeyProperties.DIGEST_SHA256,
    KeyProperties.DIGEST_SHA512)
    .build());
    KeyPair kp = kpg.generateKeyPair();
    GENERATE KEYPAIR
    @abaotic

    View Slide

  59. KEY PAIR ENTRY IN KEYSTORE
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(
    KeyProperties.KEY_ALGORITHM_EC, "AndroidKeystore");
    kpg.initialize(new KeyGenParameterSpec.Builder(
    alias,
    KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
    .setDigests(KeyProperties.DIGEST_SHA256,
    KeyProperties.DIGEST_SHA512)
    .build());
    KeyPair kp = kpg.generateKeyPair();
    GENERATE KEYPAIR
    @abaotic

    View Slide

  60. LISTING ENTRIES
    KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
    ks.load(null);
    Enumeration aliases = ks.aliases();
    LIST ENTRIES
    @abaotic

    View Slide

  61. LISTING ENTRIES
    KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
    ks.load(null);
    Enumeration aliases = ks.aliases();
    LIST ENTRIES
    @abaotic

    View Slide

  62. SIGNING DATA
    Signature s = Signature.getInstance("SHA256withECDSA");
    s.initSign(((PrivateKeyEntry) entry).getPrivateKey());
    s.update(data);
    byte[] signature = s.sign();
    SIGN DATA
    @abaotic

    View Slide

  63. SIGNING DATA
    Signature s = Signature.getInstance("SHA256withECDSA");
    s.initSign(((PrivateKeyEntry) entry).getPrivateKey());
    s.update(data);
    byte[] signature = s.sign();
    SIGN DATA
    @abaotic

    View Slide

  64. VERIFYING SIGNATURES
    Signature s = Signature.getInstance("SHA256withECDSA");
    s.initVerify(((PrivateKeyEntry) entry).getCertificate());
    s.update(data);
    boolean valid = s.verify(signature);
    VERIFY SIGNATURES
    @abaotic

    View Slide

  65. VERIFYING SIGNATURES
    Signature s = Signature.getInstance("SHA256withECDSA");
    s.initVerify(((PrivateKeyEntry) entry).getCertificate());
    s.update(data);
    boolean valid = s.verify(signature);
    VERIFY SIGNATURES
    @abaotic

    View Slide

  66. KEY ATTESTATION
    KEY ATTESTATION
    ▸ Is a key stored in hardware-backed keystore
    ▸ Small number of devices API 24+
    @abaotic

    View Slide

  67. TEXT

    View Slide

  68. FRAGMENTATION
    ANDROID P(ANCAKE?)
    ▸ Key rotation
    ▸ StrongBox Keymaster (HSM)
    ▸ …
    @abaotic

    View Slide

  69. GOOGLE TRANSPARENCY REPORT
    https://transparencyreport.google.com/
    @abaotic

    View Slide

  70. QUALIS
    CHECK YOUR DOMAIN (NOW!)
    https://www.ssllabs.com/ssltest
    @abaotic

    View Slide

  71. View Slide

  72. THANK YOU!
    Q&A
    @abaotic

    View Slide