Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Android Security Key Management Workshop

Android Security Key Management Workshop

DroidCon Italy Torino 2014

Mobile Security Lab

February 06, 2014
Tweet

More Decks by Mobile Security Lab

Other Decks in Programming

Transcript

  1. Android Security
    Key Management
    Roberto Piccirillo ([email protected])
    Roberto Gassirà ([email protected])
    Workshop
    DroidCon Italy
    Torino, 6/7 February

    View Slide

  2. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Roberto Piccirillo
    ●  Senior Security Analyst - Mobile Security Lab
    ○  Vulnerability Assessment (IT, Mobile Application)
    ○  Hijacking Mobile Data Connection
    ■  BlackHat Europe 2009
    ■  DeepSec Vienna 2009
    ■  HITB Amsterdam 2010
    ○  Android Secure Development
    @robpicone

    View Slide

  3. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Roberto Gassirà
    ●  Senior Security Analyst - Mobile Security Lab
    ○  Vulnerability Assessment (IT, Mobile Application)
    ○  Hijacking Mobile Data Connection
    ■  BlackHat Europe 2009
    ■  DeepSec Vienna 2009
    ■  HITB Amsterdam 2010
    ○  Android Secure Development
    ●  IpTrack Developer
    @robgas

    View Slide

  4. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Agenda
    ●  Cryptography in Mobile Application
    ●  CryptoSystem
    ●  Crypto in Android
    ●  Symmetric Encryption
    ●  Symmetric Key Management
    ●  Keychain e AndroidKeyStore
    ●  Tipologie di AndroidKeyStore

    View Slide

  5. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Requirements
    ●  A computer
    ●  Eclipse with ADT Plugin 22.3.0
    ●  SDK Android 4.4 ( API 19 rev 2)
    ●  Android SDK Build-tools 19

    View Slide

  6. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Cryptography in Mobile Applications
    ●  Protect data
    ○  Sensitive data
    ○  Data on /sdcard
    ○  Cryptographic material
    ●  Exchange data securely
    ○  Documents
    ○  Mail
    ○  SMS
    ○  Session Keys
    ●  Digital Signature
    ○  Documents
    ○  Mail

    View Slide

  7. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management
    "Key management is the management of
    cryptographic keys in a cryptosystem."

    View Slide

  8. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    CryptoSystem
    ●  "refers to a suite of algorithms needed to implement
    a particular form of encryption and decryption"
    ●  Two types of encryption:
    ○  Symmetric Key Algorithms
    ■  Identical encryption key for
    encryption/decryption
    ■  AES, Blowfish, DES, Triple DES
    ○  Asymmetric Key Algorithms
    ■  Different key for encryption/decryption
    ■  RSA, DSA, ECDSA

    View Slide

  9. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Ciphers
    ●  Two types of ciphers:
    ○  Block: Process entire blocks of fixed-length
    groups of bits at a time ( padding may be
    required)
    ○  Stream: Process single byte at a time ( no
    padding )
    ●  Block Cipher modes of operation
    ○  ECB: each block encrypted independently
    ○  CBC, CFB, OFB: the previous block of
    output is used to alter the input blocks
    before applying the encryption algorithm
    starting from a IV ( initialization vector )

    View Slide

  10. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Crypto in Android
    ●  Based on JCA ( Java
    Cryptographic Architecture)
    provides API for:
    ●  Encryption/Decryption
    ●  Digital signatures
    ●  Message digests (hashes)
    ●  Key management
    ●  Secure random number
    generation
    ●  “Provider” Architecture with
    CSP
    ●  Bouncy Castle is Android
    default CSP

    View Slide

  11. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Bouncy Castle Android Version
    ●  Customized:
    ○  Some services and API removed
    ●  Varies between Android versions
    ●  Fixed only in the latest versions
    ●  Solution: Spongy Castle
    ●  Repackage of Bouncy Castle
    ●  Supports more cryptographic options
    ●  Up-to-date

    View Slide

  12. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Set Spongy Castle
    ●  Include Libs:
    ●  Enable at Application Level:

    View Slide

  13. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    GC overhead limit exceeded
    ●  Solution: modify eclipse.ini with:
    -­‐Xms256m    
    -­‐Xmx1024m  
    -­‐XX:MaxPermSize=1024m  

    View Slide

  14. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 1
    Enabling SpongyCastle
    https://github.com/mseclab/droidconit2014-symmetric-demo-step1

    View Slide

  15. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Import Project from https://github.com/mseclab
    1 2 3
    4

    View Slide

  16. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Import Project from https://github.com/mseclab
    5
    6
    7

    View Slide

  17. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Import Project from https://github.com/mseclab
    8 9
    10
    https://github.com/mseclab/droidconit2014-symmetric-demo-step3.git

    View Slide

  18. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    The project cannot be built...
    1
    2
    3

    View Slide

  19. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Cipher Object
    Secret Key Specification
    Cipher getInstance
    Cipher Init
    Cipher Final

    View Slide

  20. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    SecretKey Specification
    javax.crypto.spec.SecretKeySpec
    ●  SecretKeySpec specifies a key for a specific
    algorithm
    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Topic of this workshop
    Cryptographic Algorithm

    View Slide

  21. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Cipher GetInstance
    javax.crypto.Cipher
    ●  Provides access to implementations of
    cryptographic ciphers for encryption and decryption
    Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding”,“SC”);
    Trasformation
    (describes set of operation to
    perform):
    •  algorithm/mode/padding
    •  algorithm
    Provider
    ( SpongyCastle )

    View Slide

  22. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Cipher Init
    javax.crypto.Cipher
    ●  Initializes the cipher instance with the specified
    operational mode, key and algorithm parameters.
    cipher.init(Cipher.DECRYPT_MODE, keySpec,
    new IvParameterSpec(iv));
    Operational Mode:
    •  ENCRYPT_MODE
    •  DECRYPT_MODE
    •  WRAP_MODE
    •  UNWRAP_MODE
    SecretKeySpec Specify Cipher
    Algorithm parameters
    ( IV for CBC )

    View Slide

  23. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Cipher Final
    javax.crypto.Cipher
    ●  Finishes a multi-part transformation (encryption or
    decryption)
    byte[] encryptedText = cipher.doFinal(clearText.getBytes());
    Encrypted
    Text in byte
    ClearText in
    bytes

    View Slide

  24. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 2
    Encryption Example
    https://github.com/mseclab/droidconit2014-symmetric-demo-step2

    View Slide

  25. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    SecureRandom
    java.security.SecureRandom
    ●  Cryptographically secure pseudo-random number
    generator
    SecureRandom secureRandom = new SecureRandom();
    Default constructor uses the
    most cryptographically
    strong provider available
    ●  Seeding
    SecureRandom is
    dangerous:
    ○  Not Secure
    ○  Output may change

    View Slide

  26. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Some SecureRandom Thoughts...
    ●  Android security team discovered a JCA improper
    PRNG initialization in August 2013
    ●  Applications invoking system-provided OpenSSL
    PRNG without explicit initialization are also affected
    ●  Key Generation, Signing or Random Number
    Generation not receiving cryptographically strong
    values
    ●  Developer must explicitly initialize the PRNG
    PRNGFixes.apply()

    View Slide

  27. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES”,“SC”);
    keyGenerator.init(outputKeyLength, secureRandom);
    SecretKey key = keyGenerator.generateKey();
    Generate Secret Key
    javax.crypto.KeyGenerator
    ●  Symmetric cryptographic keys generator API
    Specify Key Size
    Algorithm
    and Provider
    Key to use in Cipher.init()

    View Slide

  28. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management: Store on device
    ●  Protected by Android Filesystem
    Isolation
    ●  Plain File
    ●  SharedPreferences
    ●  Keystore File (BKS, JKS)
    ●  More secure with Phone Encryption
    ●  Store safely
    ○  MODE_PRIVATE flag
    ○  Use only internal storage
    /data/data/app_package

    View Slide

  29. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management: Store on device
    ●  Device Rooted?

    View Slide

  30. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 3
    Rooted device demo
    https://github.com/mseclab/droidconit2014-symmetric-demo-step3

    View Slide

  31. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management: Store in App
    ●  Uses static keys or device specific information at run-time
    (IMEI, mac address, ANDROID_ID)
    ●  Android app can be easily reversed ( live demo )
    ●  Hide with Code obfuscation
    ●  Security by Obscurity is never a good idea...

    View Slide

  32. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management: Store in App
    ●  unzip: APK -> DEX
    ●  dex2jar: DEX -> JAR
    ●  JD-GUI: JAR -> Source

    View Slide

  33. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Reversing Demo

    View Slide

  34. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management: PBKDF2
    ●  Password Based Key Derivation Function (PKCS#5)
    ●  Variable length password in input
    ●  Fixed length key in output
    ●  User interaction required
    ●  Params:
    ○  Password
    ○  Pseudorandom Function
    ○  Salt
    ○  Number of iteration
    ○  Key Size

    View Slide

  35. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt,
    NUM_OF_ITERATIONS, KEY_SIZE);
    SecretKeyFactory secretKeyFactory =
    SecretKeyFactory.getInstance(PBE_ALGORITHM);
    encKey = secretKeyFactory.generateSecret(keySpec);
    Key Management: PBKDF2
    javax.crypto.spec.PBEKeySpec
    ●  PBE Key specification and generation
    A good PBE algorithm is
    PBKDF2WithHmacSHA1
    User
    Password
    N. >= 1000

    View Slide

  36. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    SecretKeyFactory factory;
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
    // Use compatibility key factory -- only uses lower 8-bits of passphrase chars
    factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
    } else {
    // Traditional key factory. Will use lower 8-bits of passphrase chars on
    // older Android versions (API level 18 and lower) and all available bits
    // on KitKat and newer (API level 19 and higher).
    factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    }
    SecretKeyFactory API in Android 4.4

    View Slide

  37. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 4
    PBE Example
    https://github.com/mseclab/droidconit2014-symmetric-demo-step4

    View Slide

  38. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management: Other solutions
    ●  Store on server side
    ●  Internet connection required
    ●  Use trusted and protected connections (HTTPS, Certificate
    Pinning)
    ●  Store on external device
    ○  NFC Java Card (NXP J3A081)
    ○  Smartcard
    ○  USB PenDrive
    ○  MicroSD with secure storage
    ●  AndroidKeyStore???

    View Slide

  39. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Asymmetric Algorithms
    ●  Public/Private Key
    ○  Public Key -> encrypt/verify signature
    ○  Private Key -> decrypt/sign
    ●  Advantages:
    ○  Public Key distribution is not dangerous
    ●  Disadvantages:
    ○  Computationally expensive
    ●  Usually used with PKI (Public Key Infrastructure for
    digital certificates)

    View Slide

  40. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Public-key Applications
    ●  Can classify uses into 3 categories:
    ○  Encryption/Decryption (provides confidentiality)
    ○  Digital Signatures (provides authentication and Integrity)
    ○  Key Exchange (of session keys)
    ●  Some algorithms are suitable for all uses (RSA),
    others are specific to one

    View Slide

  41. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    PKCS for Asymmetric Algorithms
    ●  PKCS is a group of public-key cryptography
    standards published by RSA Security Inc
    ●  PKCS#1 (v.2.1)
    ○  RSA Cryptography Standard
    ●  PKCS#3 (v.1.4)
    ○  Diffie-Hellman Key Agreement Standard
    ●  PKCS#8 (v.1.2)
    ○  Private-Key Information Syntax Standard
    ●  PKCS#10 (v.1.7)
    ○  Certification Request Standard
    ●  PKCS#12 (v.1.0)
    ○  Personal Information Exchange Syntax Standard

    View Slide

  42. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Android: RSA
    KeyPairGenerator kpg =
    KeyPairGenerator.getIstance(”RSA");
    Java.security.KeyPairGenerator
    ●  KeyPairGenerator is an engine capable of
    generating public/private keys with specified
    algorithms
    Cryptographic Algorithm

    View Slide

  43. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Available Providers for RSA Algorithm
    KeyPairGenerator.getInstance(”RSA”,”SEC_PROVIDERS”);
    Java.security.KeyPairGenerator
    ●  Different security providers could be used (could
    change for different OS versions)
    “AndroidOpenSSL”
    “BC”
    “AndroidKeyStrore”
    Version 1.0
    Version 1.49
    Version 1.0

    View Slide

  44. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    ●  KeySize – 1024,2048,4096 bits
    KeyPairGenerator: Initialization and Randomness
    KeyPairGenerator kpg =
    KeyPairGenerator.initialize(2048);
    Java.security.KeyPairGenerator
    ●  KeyPairGenerator initialization with the key size
    Key Size

    View Slide

  45. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    KeyPairGenerator: Initialization and Randomness
    KeyPairGenerator kpg =
    KeyPairGenerator.initialize(2048,sr);
    Java.security.KeyPairGenerator, Java.security.SecureRandom
    ●  KeyPairGenerator initialization with a
    SecureRandom
    SecureRandom sr = new SecureRandom();

    View Slide

  46. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Generating RSA Key
    Java.security.KeyPair
    ●  KeyPair is a container for a public/private key
    generated by the KeyPairGenerator
    KeyPair keypair = kpg.genKeyPair()
    ●  We can retrieve public/private keys from KeyPair
    Key public_key = kaypair.getPublic();
    Key private_key = kaypair.getPrivate();

    View Slide

  47. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Using RSA Keys: cipher example
    Javax.crypto.Cipher
    ●  Cipher provides access to implementation of
    cryptography ciphers for encryption and decryption
    Cipher cipher = Cipher.getInstance(“RSA”,”SEC_PROVIDER);
    Transformation
    “AndroidOpenSSL”
    “BC”
    “AndroidKeyStrore”

    View Slide

  48. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Using RSA Key: cipher example
    Javax.crypto.Cipher
    ●  Encryption
    cipher.init(Cipher.ENCRYPT_MODE,public_key);
    ●  Decryption
    byte[] encrypted_data=
    cipher.doFinal(“Droidcon2014”.getBytes());
    cipher.init(Cipher.DECRYPT_MODE,private_key);
    byte[] decrypted_data=
    cipher.doFinal(cipherd_data);

    View Slide

  49. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Parameters of RSA Keys
    java.security.KeyFactory, java.security.spec,
    ●  Retrieve RSA Key parameters using KeyFactory
    RSAPublicKeySpec rsa_public =
    keyfactory.getKeySpec(keypair.getPublic(),
    RSAPublicKeySpec.class);
    RSAPrivateKeySpec rsa_private =
    keyfactory.getKeySpec(keypair.getPrivate(),
    RSAPrivateKeySpec.class);

    View Slide

  50. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Extract Parameters of RSA Keys
    Java.security.spec.RSAPublicKeySpec, java.security.spec.RSAPrivateKeySpec
    ●  Retrieved parameters can be stored
    BigInteger m = rsa_public.getModulus();
    BigInteger e = rsa_public.getPublicExponent();
    BigInteger d = rsa_private.getPrivateExponent();
    Is Private

    View Slide

  51. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 1
    RSA Keys generaration
    https://github.com/mseclab/droidconit2014-asymmetric-demo.git

    View Slide

  52. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    AndroidKeyStore
    ●  Custom Java Security Provider available from
    Android 4.3 version and beyond
    ●  An App can generate and save private keys
    ●  Keys are private for each App
    ●  2048-bit key size (4.3), 1024-2048-4096-bit key
    size (4.4) can be stored
    ●  ECDSA support added from Android 4.4

    View Slide

  53. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Key Management Evolution
    API LEVEL 14 API LEVEL 18
    Global Level:
    KeyChain
    ( Public API )
    App Level:
    KeyStore
    ( Closed API )
    Global Level Only:
    Default TrustStore
    cacerts.bks
    (ROOTED device)
    Global Level:
    KeyChain
    ( Public API )
    App Level and
    per User Level:
    AndroidKeyStore
    ( Public API )

    View Slide

  54. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    AndroidKeyStore Storage
    ●  Two kinds of storage
    ○  Hardware-backed (Nexus 7, Nexus
    4, Nexus 5 :-) with OS >= 4.3)
    ○  Secure Element
    ○  TPM
    ○  TrustZone
    ○  Software only (Other devices with
    OS >= 4.3)

    View Slide

  55. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Type of Storage
    import android.security.KeyChain;
    if (KeyChain.isBoundKeyAlgorithm("RSA"))
    // Hardware-Backed
    else
    // Software Only

    View Slide

  56. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Certificate parameters
    Context cx = getActivity();
    String pkg = cx.getPackageName();
    Calendar notBefore = Calendar.getInstance();
    Calendar notAfter = Calendar.getInstance();
    notAfter.add(1, Calendar.YEAR);
    import android.security.KeyPairGeneratorSpec.Builder;
    Builder builder = new KeyPairGeneratorSpec.Builder(cx);
    builder.setAlias(“DEVKEY1”);
    String infocert = String.format("CN=%s, OU=%s", “DEVKEY1”, pkg);
    builder.setSubject(new X500Principal(infocert));
    builder.setSerialNumber(BigInteger.ONE);
    builder.setStartDate(notBefore.getTime());
    builder.setEndDate(notAfter.getTime());
    KeyPairGeneratorSpec spec = builder.build();
    Times parameters
    Self-Signed X.509
    ●  Common Name (CN)
    ●  Subject (OU)
    ●  Serial Number
    Generate certificate
    ALIAS to index the
    certificate

    View Slide

  57. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Generating Public/Private keys
    KeyPairGenerator kpGenerator;
    kpGenerator = KeyPairGenerator
    .getInstance("RSA", "AndroidKeyStore");
    kpGenerator.initialize(spec);
    KeyPair kp;
    kp = kpGenerator.generateKeyPair();
    Engine to generate Public/
    Private key
    Init Engine with:
    ●  RSA Algorithm
    ●  Provider: AndroidKeyStore
    Init Engine with certificate parameters
    After generation, the keys will be stored into AndroidKeyStore and will be
    accessible by ALIAS
    ●  Generating Private/Public key

    View Slide

  58. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    keyStore = KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);
    Now we have the KeyStore reference that will be used to
    access to the Private/Public key by the ALIAS
    Should be used if there is an InputStream to load
    (for example the name of imported KeyStore). If not
    used the App will crash
    AndroidKeyStore Initialization
    Get a reference to the AndroidKeyStore

    View Slide

  59. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 2
    AndroidKeyStore Gen Keys
    https://github.com/mseclab/droidconit2014-asymmetric-demo.git

    View Slide

  60. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    RSA Digital Signature
    ●  Digital Signature
    ○  Authentication, Non-Repudiation and Integrity
    ○  RSA Private key to Sign
    ○  RSA Public Key to Verify
    KeyStore.Entry entry = ks.getEntry(“DEVKEY1”, null);
    byte[] data = “Droidcon Torino 2014!”.getBytes();
    Signature s = Signature.getInstance(“SHA256withRSA”);
    s.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
    s.update(data);
    byte[] signature = s.sign();
    String result = null;
    result = Base64.encodeToString(signature, Base64.DEFAULT);
    Access to Private/Public key identified
    by ALIAS
    Algorithm choice
    Private key to sign
    Signature and Base64
    encoding

    View Slide

  61. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Verify RSA Digital Signature
    byte[] data = input.getBytes();
    byte[] signature;
    signature = Base64.decode(signatureStr, Base64.DEFAULT);
    KeyStore.Entry entry = ks.getEntry(“DEVKEY1”, null);
    Signature s = Signature.getInstance("SHA256withRSA");
    s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
    s.update(data);
    boolean valid = s.verify(signature);
    Base64 decoding
    Access to the Private/Public key
    identified by ALIAS==DEVKEY1
    Algorithm choice
    Public Key in certificate to
    verify signature
    TRUE == Verified
    FALSE== Not Verified

    View Slide

  62. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 3
    AndroidKeyStore Sign/Verify
    https://github.com/mseclab/droidconit2014-asymmetric-demo.git

    View Slide

  63. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    RSA Encryption
    ●  Encryption
    ○  Confidentiality
    ○  RSA Public key to Encrypt
    ○  RSA Private key to Decrypt
    PublicKey publicKeyEnc = ((KeyStore.PrivateKeyEntry) entry)
    .getCertificate().getPublicKey();
    String textToEncrypt = new String(”Droidcon Torino 2014");
    byte[] textToEncryptToByte = textToEncrypt.getBytes();
    Cipher encCipher = null;
    byte[] encryptedText = null;
    encCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    encCipher.init(Cipher.ENCRYPT_MODE, publicKeyEnc);
    encryptedText = encCipher.doFinal(textToEncryptToByte);
    Access to Public key
    to encrypt
    ●  Algorithm
    ●  Encryption with Public
    key
    Ciphered

    View Slide

  64. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    RSA Decryption
    Cipher decCipher = null;
    byte[] plainTextByte = null;
    decCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    decCipher.init(Cipher.DECRYPT_MODE,
    ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
    plainTextByte = decCipher.doFinal(ecryptedText);
    String plainText = new String(plainTextByte);
    Algorithm
    Decryption with
    Private key
    Plaintext

    View Slide

  65. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 4
    AndroidKeyStore Enc/Dec
    https://github.com/mseclab/droidconit2014-asymmetric-demo.git

    View Slide

  66. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    It is observed that...
    ●  Different screen lock
    ●  The choice of screen lock
    impactsthe keys
    ●  If you change the screen
    lock the keys are deleted

    View Slide

  67. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Expected behavior?
    ●  The official documentation shows:
    ●  The keys should ramain intact when the type of screen
    lock is changed by the user

    View Slide

  68. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Cryptographic material on devices
    ●  Device with Storage “Hardware-backed”
    ●  Device with Storage “Software-only”

    View Slide

  69. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    KeyChain
    ●  KeyChain
    ○  Accessible by any Application
    ●  Typically used for corporate certificates

    View Slide

  70. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Example: Import Certificates
    ●  Import .p12 certificates
    Intent intent = KeyChain.createInstallIntent();
    byte[] p12 = readFile(“CERTIFICATE_NAME.p12”);
    Intent.putExtra(KeyChain.EXTRA_PKCS12,p12);
    Specify PKCS#12 Key to install
    startActivity(intent);
    The user will be prompted
    for the password

    View Slide

  71. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    KeyChain.choosePrivateKeyAlias(
    Activity activity,
    KeyChainAliasCallBack response,
    String[] keyTypes,
    Principal[] issuers,
    String host,
    Int port,
    String Alias);
    Example: Retrieve the key
    ●  The KeyChainAliasCallback invoked when a user
    chooses a certificate/private key

    View Slide

  72. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    @Override
    public void alias(String alias){
    .
    .
    PrivateKey private_key = KeyChain.
    getPrivateKey(this,alias);
    .
    .
    X509Certificate[] chain = KeyChain.
    getCertificateChain(this,”Droidcon”);
    .
    PublicKey public_key = chain[0].getPublicKey();
    }
    Example: Retrieve and use the keys
    ●  KeyChainAliasCallbak must implement the abstract
    method alias:
    Private Key
    Public Key

    View Slide

  73. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Step 5
    KeyChain
    https://github.com/mseclab/droidconit2014-asymmetric-demo.git

    View Slide

  74. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    References
    ●  http://developer.android.com/about/versions/android-4.3.html#Security
    ●  http://developer.android.com/reference/java/security/KeyStore.html
    ●  http://en.wikipedia.org/wiki/Encryption
    ●  http://en.wikipedia.org/wiki/Digital_signature
    ●  http://nelenkov.blogspot.it/2013/08/credential-storage-enhancements-android-43.html
    ●  http://nelenkov.blogspot.it/2012/05/storing-application-secrets-in-androids.html
    ●  http://nelenkov.blogspot.it/2012/04/using-password-based-encryption-on.html
    ●  http://nelenkov.blogspot.it/2011/11/ics-credential-storage-implementation.html
    ●  http://developer.android.com/reference/android/security/KeyPairGeneratorSpec.html
    ●  http://android-developers.blogspot.it/2013/02/using-cryptography-to-store-
    credentials.html
    ●  http://www.bouncycastle.org/
    ●  http://android-developers.blogspot.it/2013/08/some-securerandom-thoughts.html
    ●  http://nelenkov.blogspot.it/2013/10/signing-email-with-nfc-smart-card.html
    ●  http://en.wikipedia.org/wiki/PKCS
    ●  http://developer.android.com/reference/android/security/KeyChain.html
    ●  http://android-developers.blogspot.it/2013/12/changes-to-secretkeyfactory-api-in.html

    View Slide

  75. Android Security
    Key Management DroidCon Italy – Torino – February 2014
    Thank you
    Q&A
    www.mseclab.com
    www.consulthink.it
    [email protected]
    goo.gl/TA8EA1

    View Slide