Sign here, please!

Sign here, please!

An application ID might define your app among all others, but its signature is what proves and confirms its identity and integrity. From working in distributed teams to fending off fraudulent clones of your application, you eventually come to understand the importance of signatures.

In this talk we’ll take a deep dive into the Android keystore system, certificates and signatures, and go over key points necessary for any application’s long and productive life. Also, we will cover some security tips and tricks that will help ensure your app is safe to use, even if the users are faced with its evil twin.

At the end you should walk away with a deeper insight into everyday mechanisms that are often taken for granted, and the impact that they have on your users’ security.

Bca1a9bc9613f779d47af1d2da0415da?s=128

Ana Baotić

April 24, 2018
Tweet

Transcript

  1. SIGN HERE, PLEASE! ANA BAOTIĆ @abaotic

  2. None
  3. None
  4. Present in
 54
 countries Over 22,300
 highly committed employees 6th


    largest software & services vendor in Europe 1,813
 m EUR sales revenues in 2016 176
 m EUR operating profit in 2016 1bln
 EUR market capitalization • Founded in 1991 • 6th largest software producer in Europe • Traded on the WSE, included in the WIG20 blue chip index • International presence ASSECO at a glance
  5. CERTIFICATE @abaotic

  6. CERTIFICATE Electronic document that proves ownership of a public key

    CERTIFICATE @abaotic
  7. CERTIFICATE Electronic document that proves ownership of a public key

    X.509 - structure CERTIFICATE @abaotic
  8. CERTIFICATE Electronic document that proves ownership of a public key

    X.509 - structure TLS, electronic signatures CERTIFICATE @abaotic
  9. IDENTITY CERTIFICATE @abaotic

  10. PUBLIC KEY CERTIFICATE = IDENTITY + + @abaotic

  11. KEYS ASYMMETRIC CRYPTOGRAPHY @abaotic

  12. KEYS ASYMMETRIC CRYPTOGRAPHY 13924097109571903750931790573190570913759031790579374037105973109570931750937109570… f(x) @abaotic

  13. KEYS - ASYMMETRIC CRYPTOGRAPHY ▸ Private (owner) ▸ Public (shared)

    @abaotic
  14. KEYS ▸ Private (owner) ▸ Decrypts messages ▸ Public (shared)

    ▸ Encrypts messages @abaotic
  15. KEYS ▸ Private (owner) ▸ Decrypts messages ▸ Calculates signatures

    ▸ Public (shared) ▸ Encrypts messages ▸ Confirms signatures @abaotic
  16. DIGITAL SIGNATURE ▸ authentication, non-repudiation and integrity DIGITAL SIGNATURE @abaotic

  17. DIGITAL SIGNATURE ▸ authentication, non-repudiation and integrity ▸ Calculate a

    digest/hash of the message DIGITAL SIGNATURE @abaotic
  18. DIGITAL SIGNATURE ▸ authentication, non-repudiation and integrity ▸ Calculate a

    digest/hash of the message ▸ Sender encrypts with private key DIGITAL SIGNATURE @abaotic
  19. DIGITAL SIGNATURE ▸ authentication, non-repudiation and integrity ▸ Calculate a

    digest/hash of the message ▸ Sender encrypts with private key ▸ Recipient decrypts with public key DIGITAL SIGNATURE @abaotic
  20. SIGNED BY CA CERTIFICATE = IDENTITY + PUBLIC KEY +

    + @abaotic
  21. CERTIFICATE = IDENTITY + PUBLIC KEY + SIGNED BY CA

    + + @abaotic
  22. CERTIFICATE AUTHORITY CA Trusted entity that issues digital certificates. @abaotic

  23. CA CA CERTIFICATE ▸ Self-signed certificate ▸ Browsers, Android, OSX

    ▸ Comodo, IdenTrust, Symantec, GoDaddy, Let’s Encrypt ▸ Impact of updates! @abaotic
  24. END CERTIFICATE

  25. INTERMEDIATE CERTIFICATE

  26. ROOT CERTIFICATE

  27. CERTIFICATES CERTIFICATE CHAINS @abaotic

  28. CA - DOMAIN VS EXTENDED VALIDATION @abaotic

  29. CA SUBVERSION ▸ Primary risk key theft ▸ Scheme flawed

    ▸ HSM for key storage ▸ Offline @abaotic
  30. TRUST ANDROID ▸ Unknown CA/Self-signed ▸ No intermediate cert on

    server @abaotic
  31. SIGNING ANDROID APPLICATIONS @abaotic

  32. SIGNING ANDROID APPLICATIONS ▸ Generate a key and keystore ▸

    Sign your application @abaotic
  33. SIGNING ANDROID APPLICATIONS - NEW KEY STORE @abaotic

  34. SIGNING ANDROID APPLICATIONS - SIGN THE APP @abaotic

  35. SIGNING ANDROID APPLICATIONS - SIGN THE APP ALTERNATIVE ▸ keytool

    to generate a key ▸ zipalign to align unsigned apk ▸ jarsigner to sign aligned apk @abaotic
  36. SIGN THE APK DECISIONS TO BE MADE ▸ Who will

    be responsible for the signing key? @abaotic
  37. WE THE DEVELOPERS

  38. WE THE DEVELOPERS EXPECTATIONS ▸ Application can be updated throughout

    its lifetime @abaotic
  39. WE THE DEVELOPERS PREREQUISITES ▸ Signing key must be safe

    ▸ Signing key must be accessible @abaotic
  40. WE THE DEVELOPERS REALITY ▸ People spill coffee ▸ People

    switch companies @abaotic
  41. WE THE DEVELOPERS REALITY NIGHTMARE signingConfigs { release { storeFile

    file("/not_where_you_think_it_is/ks.jks") storePassword "password" keyAlias "my-alias" keyPassword "password" } } @abaotic
  42. GOOGLE PLAY APP SIGNING https://goo.gl/3aCBeC

  43. GOOGLE PLAY APP SIGNING DECISION IS PERMANENT @abaotic

  44. GOOGLE PLAY APP SIGNING NEW APPS ▸ Create upload key

    and sign apk ▸ Google Play App Signing ->Accept ▸ Upload signed apk ▸ Register app signing key! @abaotic
  45. GOOGLE PLAY APP SIGNING EXISTING APPS ▸ Opt-in ▸ Submit

    signing key to Google and ▸ Create upload key ▸ Update keystores ▸ Continue signing with upload key @abaotic
  46. WE THE DEVELOPERS MITIGATION ▸ Upload key lost/compromised? @abaotic

  47. SIGN THE APK DECISIONS TO BE MADE ▸ Who will

    be responsible for the signing key? ▸ Applicable to all modules/applications/flavours? @abaotic
  48. SIGN THE APK PROS AND CONS ▸ Modularity ▸ Permission

    based sharing ▸ update-able ▸ Single point of failure @abaotic
  49. None
  50. ANDROID KEYSTORE SYSTEM @abaotic

  51. ANDROID KEYSTORE SYSTEM The Android Keystore system safeguards your cryptographic

    keys from extraction. ANDROID KEYSTORE SYSTEM @abaotic
  52. STORAGE SHOULD I KEEP SENSITIVE DATA IN MY APP? @abaotic

  53. ANDROID KEYSTORE SYSTEM EXTRACTION PREVENTION ▸ System process in charge

    of cryptographic operations ▸ Key material bound to TEE, SE @abaotic
  54. ANDROID KEYSTORE SYSTEM KEY USE AUTHORIZATIONS ▸ Once defined, immutable

    ▸ Cryptography ▸ Temporal validity interval ▸ User authentication @abaotic
  55. ANDROID KEYSTORE SYSTEM UTILITY METHODS ▸ KeyInfo.isInsideSecurityHardware() ▸ KeyInfo.isUserAuthenticationRequirementEnforcedBySecureHardware() @abaotic

  56. ANDROID KEYSTORE SYSTEM KEYCHAIN VS ANDROID KEYSTORE PROVIDER ▸ System-wide

    credentials ▸ System provided UI ▸ App-specific credentials ▸ No interaction ▸ AndroidKeystore API 18 @abaotic
  57. KEY PAIR ENTRY IN KEYSTORE KeyPairGenerator kpg = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_EC,

    "AndroidKeyStore"); kpg.initialize(new KeyGenParameterSpec.Builder( alias, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512) .build()); KeyPair kp = kpg.generateKeyPair(); GENERATE KEYPAIR @abaotic
  58. KEY PAIR ENTRY IN KEYSTORE KeyPairGenerator kpg = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_EC,

    "AndroidKeyStore"); kpg.initialize(new KeyGenParameterSpec.Builder( alias, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512) .build()); KeyPair kp = kpg.generateKeyPair(); GENERATE KEYPAIR @abaotic
  59. KEY PAIR ENTRY IN KEYSTORE KeyPairGenerator kpg = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_EC,

    "AndroidKeystore"); kpg.initialize(new KeyGenParameterSpec.Builder( alias, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512) .build()); KeyPair kp = kpg.generateKeyPair(); GENERATE KEYPAIR @abaotic
  60. LISTING ENTRIES KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); Enumeration<String> aliases =

    ks.aliases(); LIST ENTRIES @abaotic
  61. LISTING ENTRIES KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); Enumeration<String> aliases =

    ks.aliases(); LIST ENTRIES @abaotic
  62. SIGNING DATA Signature s = Signature.getInstance("SHA256withECDSA"); s.initSign(((PrivateKeyEntry) entry).getPrivateKey()); s.update(data); byte[]

    signature = s.sign(); SIGN DATA @abaotic
  63. SIGNING DATA Signature s = Signature.getInstance("SHA256withECDSA"); s.initSign(((PrivateKeyEntry) entry).getPrivateKey()); s.update(data); byte[]

    signature = s.sign(); SIGN DATA @abaotic
  64. VERIFYING SIGNATURES Signature s = Signature.getInstance("SHA256withECDSA"); s.initVerify(((PrivateKeyEntry) entry).getCertificate()); s.update(data); boolean

    valid = s.verify(signature); VERIFY SIGNATURES @abaotic
  65. VERIFYING SIGNATURES Signature s = Signature.getInstance("SHA256withECDSA"); s.initVerify(((PrivateKeyEntry) entry).getCertificate()); s.update(data); boolean

    valid = s.verify(signature); VERIFY SIGNATURES @abaotic
  66. KEY ATTESTATION KEY ATTESTATION ▸ Is a key stored in

    hardware-backed keystore ▸ Small number of devices API 24+ @abaotic
  67. TEXT

  68. FRAGMENTATION ANDROID P(ANCAKE?) ▸ Key rotation ▸ StrongBox Keymaster (HSM)

    ▸ … @abaotic
  69. GOOGLE TRANSPARENCY REPORT https://transparencyreport.google.com/ @abaotic

  70. QUALIS CHECK YOUR DOMAIN (NOW!) https://www.ssllabs.com/ssltest @abaotic

  71. None
  72. THANK YOU! Q&A @abaotic