Secure data in Android - Speaker Deck

Slide 1

Slide 1 text

Secure data in Android Remember to hard reset when you leave your device Yakiv Mospan Author, Android Developer @ Team Technologies Svyatoslav Hromyak Android Developer @ Team Technologies

Slide 2

Slide 2 text

Overview Encryption Encryption in Android Encryption in action (Developing Sample Application)

Slide 3

Slide 3 text

Encryption The most effective way to achieve data security

Slide 4

Slide 4 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Financial data Credentials Sensitive data Plain Text Algorithm Asymmetric Symmetric RSA EC AES DES

Slide 5

Slide 5 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Financial data Credentials Sensitive data Algorithm Asymmetric Symmetric Plain Text RSA EC AES DES

Slide 6

Slide 6 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Financial data Credentials Algorithm Asymmetric Symmetric Plain Text Sensitive data RSA EC AES DES Personal life information, physical or mental health details, criminal or civil offences, private photos, private user documents, etc.

Slide 7

Slide 7 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Credentials Algorithm Asymmetric Symmetric Plain Text Sensitive data Financial data RSA EC AES DES Accounts, transactions, reports, credit card information, etc.

Slide 8

Slide 8 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Algorithm Asymmetric Symmetric Plain Text Sensitive data Financial data Credentials RSA EC AES DES Usernames, passwords, touch pincodes, fingerprint data, and all other stuff that can provide access to data above.

Slide 9

Slide 9 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Asymmetric Symmetric Plain Text Algorithm RSA EC AES DES Financial data Credentials Sensitive data

Slide 10

Slide 10 text

Financial data Credentials Sensitive data How it works Symmetric Plain Text Algorithm Key sh7aertsca.. Сipher text Asymmetric Secret key Private key Public key RSA EC AES DES The oldest and best-known technique. The encryption key and the decryption key are the same.

Slide 11

Slide 11 text

How it works Asymmetric Symmetric Financial data Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text RSA EC AES DES A modern branch of cryptography. also known as public-key cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.

Slide 12

Slide 12 text

How it works Asymmetric Symmetric AES Financial data Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text RSA EC DES

Slide 13

Slide 13 text

How it works Symmetric AES DES Financial data Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text Asymmetric RSA EC

Slide 14

Slide 14 text

How it works Asymmetric Symmetric RSA AES DES Financial data Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text EC

Slide 15

Slide 15 text

How it works Asymmetric Symmetric RSA EC AES DES Financial data Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text

Slide 16

Slide 16 text

How it works Key Financial data Credentials Sensitive data Plain Text Algorithm sh7aertsca.. Сipher text Secret key Private key Public key Asymmetric Symmetric RSA EC AES DES

Slide 17

Slide 17 text

How it works Asymmetric Secret key Financial data Credentials Sensitive data Plain Text Key sh7aertsca.. Сipher text Private key Public key RSA EC AES DES A single secret key which is used in conventional symmetric encryption to encrypt and decrypt a message. Algorithm Symmetric

Slide 18

Slide 18 text

How it works Private key Public key Sensitive data Plain Text Key sh7aertsca.. Сipher text Algorithm Financial data Credentials Symmetric RSA EC AES DES Asymmetric Secret key Asymmetric Key Pair.

Slide 19

Slide 19 text

Algorithm How it works Private key Financial data Credentials Sensitive data Plain Text Symmetric Key sh7aertsca.. Сipher text RSA EC AES DES A single secret key which is used in conventional symmetric encryption which is used to encrypt and decrypt a message. Asymmetric Secret key Public key

Slide 20

Slide 20 text

Algorithm How it works Private key Financial data Credentials Sensitive data Plain Text Symmetric Key sh7aertsca.. Сipher text RSA EC AES DES The public component of a pair of cryptographic keys used for encryption in asymmetric cryptography. Asymmetric Secret key Public key

Slide 21

Slide 21 text

Сipher text How it works Key Financial data Credentials Sensitive data Plain Text Algorithm Asymmetric Symmetric RSA EC AES DES sh7aertsca.. Secret key Private key Public key

Slide 22

Slide 22 text

Key How it works Secret key Private key Public key sh7aertsca.. Сipher text Financial data Credentials Sensitive data Plain Text Algorithm Asymmetric Symmetric RSA EC AES DES Cipher Output

Slide 23

Slide 23 text

Financial data Credentials Sensitive data Algorithm Key How it works Asymmetric Symmetric Secret key Private key Public key sh7aertsca.. Plain Text Сipher text RSA EC AES DES

Slide 24

Slide 24 text

Encryption in Android Java Cryptography Architecture & AndroidKeyStore API

Slide 25

Slide 25 text

So long! Do it faster, I want to code something!

Slide 26

Slide 26 text

Android builds on the Java Cryptography Architecture (JCA), that provides API for digital signatures, certificates, encryption, keys generation and management.

Slide 27

Slide 27 text

KeyPair Generator Architecture Certificate Provider Key Store Keys Secure Random Cipher Key Generator

Slide 28

Slide 28 text

KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher Key Generator Provider Provides the public API for generating symmetric cryptographic keys.

Slide 29

Slide 29 text

KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher Key Generator Provider An engine class which is capable of generating a private key and its related public key utilizing the algorithm it was initialized with.

Slide 30

Slide 30 text

KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher Key Generator Provider Generates cryptographically secure pseudo-random numbers.

Slide 31

Slide 31 text

Architecture Certificate Key Store Keys Cipher Provider KeyPair Generator Secure Random Key Generator Keys created with Generators.

Slide 32

Slide 32 text

Architecture Certificate Key Store Keys Cipher Provider KeyPair Generator Secure Random Key Generator Database with a well secured mechanism of data protection, that is used to save, get and remove keys.

Slide 33

Slide 33 text

Architecture Certificate Key Store Keys Cipher Provider KeyPair Generator Secure Random Key Generator Certificate used to validate and save asymmetric keys.

Slide 34

Slide 34 text

KeyPair Generator Architecture Certificate Provider Key Store Keys Secure Random Key Generator Cipher Provides access to implementations of cryptographic ciphers for encryption and decryption.

Slide 35

Slide 35 text

KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher Key Generator Provider Defines a set of extensible implementations - independent API’s.

Slide 36

Slide 36 text

KeyPair Generator Architecture Certificate Provider Key Store Keys Secure Random Cipher Key Generator

Slide 37

Slide 37 text

AndroidKeyStore JCA Provider implementation Android 18 + Key material never enters the application process Key material may be bound to the secure hardware Asymmetric keys available from 18 + Symmetric keys available from 23 +

Slide 38

Slide 38 text

Encryption in Action Developing Sample Application

Slide 39

Slide 39 text

Goals Build application based on Android Fingerprint Sample Use JCA to show how to use encryption in Android Use encryption to save protected passwords Use fingerprint get access to protected keys Use confirm credentials to protect application overall

Slide 40

Slide 40 text

Our main principle should to be as simple as possible.

Slide 41

Slide 41 text

Using newest environment Android Studio 3.0 Android 18+ Kotlin AndroidKeyStore API Fingerprint API Confirm Credentials API Safety Net API

Slide 42

Slide 42 text

What is Fingerprint & Confirm Credentials by Google in 6 minutes.

Slide 43

Slide 43 text

No content

Slide 44

Slide 44 text

Sample Application Workflow & Design.

Slide 45

Slide 45 text

Task list Ensure that device is secured with password Ensure that fingerprint was added Support devices without fingerprint Provide possibility to enter user password Create user password hash and save it Use fingerprint api to protect password Add possibility to encrypt and decrypt user passwords with fingerprint api Add possibility to save encrypted passwords Add possibility to save encrypted passwords Add possibility to retrieve saved passwords Add “Test Encryption” screen Add possibility to generate different key types Add possibility to encrypt/decrypt data with generated keys

Slide 46

Slide 46 text

Environment setup Go to http://github.com Search for Team Technologies organization Search for security-workshop-sample project Follow the instructions from Readme

Slide 47

Slide 47 text

Let’s do it! Yakiv Mospan Svyatoslav Hromyak http://git.temy.co/yakivmospan/security-workshop-sample