Secure data in Android

Transcript

1. Secure data in Android Remember to hard reset when you

   leave your device Yakiv Mospan Author, Android Developer @ Team Technologies Svyatoslav Hromyak Android Developer @ Team Technologies

2. Overview Encryption Encryption in Android Encryption in action (Developing Sample

   Application)

3. Encryption The most effective way to achieve data security

4. Key How it works Secret key Private key Public key

   sh7aertsca.. Сipher text Financial data Credentials Sensitive data Plain Text Algorithm Asymmetric Symmetric RSA EC AES DES

5. Key How it works Secret key Private key Public key

   sh7aertsca.. Сipher text Financial data Credentials Sensitive data Algorithm Asymmetric Symmetric Plain Text RSA EC AES DES

6. Key How it works Secret key Private key Public key

   sh7aertsca.. Сipher text Financial data Credentials Algorithm Asymmetric Symmetric Plain Text Sensitive data RSA EC AES DES Personal life information, physical or mental health details, criminal or civil offences, private photos, private user documents, etc.

7. Key How it works Secret key Private key Public key

   sh7aertsca.. Сipher text Credentials Algorithm Asymmetric Symmetric Plain Text Sensitive data Financial data RSA EC AES DES Accounts, transactions, reports, credit card information, etc.

8. Key How it works Secret key Private key Public key

   sh7aertsca.. Сipher text Algorithm Asymmetric Symmetric Plain Text Sensitive data Financial data Credentials RSA EC AES DES Usernames, passwords, touch pincodes, fingerprint data, and all other stuff that can provide access to data above.

9. Key How it works Secret key Private key Public key

   sh7aertsca.. Сipher text Asymmetric Symmetric Plain Text Algorithm RSA EC AES DES Financial data Credentials Sensitive data

10. Financial data Credentials Sensitive data How it works Symmetric Plain

    Text Algorithm Key sh7aertsca.. Сipher text Asymmetric Secret key Private key Public key RSA EC AES DES The oldest and best-known technique. The encryption key and the decryption key are the same.

11. How it works Asymmetric Symmetric Financial data Credentials Sensitive data

    Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text RSA EC AES DES A modern branch of cryptography. also known as public-key cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.

12. How it works Asymmetric Symmetric AES Financial data Credentials Sensitive

    data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text RSA EC DES

13. How it works Symmetric AES DES Financial data Credentials Sensitive

    data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text Asymmetric RSA EC

14. How it works Asymmetric Symmetric RSA AES DES Financial data

    Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text EC

15. How it works Asymmetric Symmetric RSA EC AES DES Financial

    data Credentials Sensitive data Plain Text Algorithm Key Secret key Private key Public key sh7aertsca.. Сipher text

16. How it works Key Financial data Credentials Sensitive data Plain

    Text Algorithm sh7aertsca.. Сipher text Secret key Private key Public key Asymmetric Symmetric RSA EC AES DES

17. How it works Asymmetric Secret key Financial data Credentials Sensitive

    data Plain Text Key sh7aertsca.. Сipher text Private key Public key RSA EC AES DES A single secret key which is used in conventional symmetric encryption to encrypt and decrypt a message. Algorithm Symmetric

18. How it works Private key Public key Sensitive data Plain

    Text Key sh7aertsca.. Сipher text Algorithm Financial data Credentials Symmetric RSA EC AES DES Asymmetric Secret key Asymmetric Key Pair.

19. Algorithm How it works Private key Financial data Credentials Sensitive

    data Plain Text Symmetric Key sh7aertsca.. Сipher text RSA EC AES DES A single secret key which is used in conventional symmetric encryption which is used to encrypt and decrypt a message. Asymmetric Secret key Public key

20. Algorithm How it works Private key Financial data Credentials Sensitive

    data Plain Text Symmetric Key sh7aertsca.. Сipher text RSA EC AES DES The public component of a pair of cryptographic keys used for encryption in asymmetric cryptography. Asymmetric Secret key Public key

21. Сipher text How it works Key Financial data Credentials Sensitive

    data Plain Text Algorithm Asymmetric Symmetric RSA EC AES DES sh7aertsca.. Secret key Private key Public key

22. Key How it works Secret key Private key Public key

    sh7aertsca.. Сipher text Financial data Credentials Sensitive data Plain Text Algorithm Asymmetric Symmetric RSA EC AES DES Cipher Output

23. Financial data Credentials Sensitive data Algorithm Key How it works

    Asymmetric Symmetric Secret key Private key Public key sh7aertsca.. Plain Text Сipher text RSA EC AES DES

24. Encryption in Android Java Cryptography Architecture & AndroidKeyStore API

25. So long! Do it faster, I want to code something!

26. Android builds on the Java Cryptography Architecture (JCA), that provides

    API for digital signatures, certificates, encryption, keys generation and management.

27. KeyPair Generator Architecture Certificate Provider Key Store Keys Secure Random

    Cipher Key Generator

28. KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher

    Key Generator Provider Provides the public API for generating symmetric cryptographic keys.

29. KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher

    Key Generator Provider An engine class which is capable of generating a private key and its related public key utilizing the algorithm it was initialized with.

30. KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher

    Key Generator Provider Generates cryptographically secure pseudo-random numbers.

31. Architecture Certificate Key Store Keys Cipher Provider KeyPair Generator Secure

    Random Key Generator Keys created with Generators.

32. Architecture Certificate Key Store Keys Cipher Provider KeyPair Generator Secure

    Random Key Generator Database with a well secured mechanism of data protection, that is used to save, get and remove keys.

33. Architecture Certificate Key Store Keys Cipher Provider KeyPair Generator Secure

    Random Key Generator Certificate used to validate and save asymmetric keys.

34. KeyPair Generator Architecture Certificate Provider Key Store Keys Secure Random

    Key Generator Cipher Provides access to implementations of cryptographic ciphers for encryption and decryption.

35. KeyPair Generator Architecture Certificate Key Store Keys Secure Random Cipher

    Key Generator Provider Defines a set of extensible implementations - independent API’s.

36. KeyPair Generator Architecture Certificate Provider Key Store Keys Secure Random

    Cipher Key Generator

37. AndroidKeyStore JCA Provider implementation Android 18 + Key material never

    enters the application process Key material may be bound to the secure hardware Asymmetric keys available from 18 + Symmetric keys available from 23 +

38. Encryption in Action Developing Sample Application

39. Goals Build application based on Android Fingerprint Sample Use JCA

    to show how to use encryption in Android Use encryption to save protected passwords Use fingerprint get access to protected keys Use confirm credentials to protect application overall

40. Our main principle should to be as simple as possible.

41. Using newest environment Android Studio 3.0 Android 18+ Kotlin AndroidKeyStore

    API Fingerprint API Confirm Credentials API Safety Net API

42. What is Fingerprint & Confirm Credentials by Google in 6

    minutes.
43. None

44. Sample Application Workflow & Design.

45. Task list Ensure that device is secured with password Ensure

    that fingerprint was added Support devices without fingerprint Provide possibility to enter user password Create user password hash and save it Use fingerprint api to protect password Add possibility to encrypt and decrypt user passwords with fingerprint api Add possibility to save encrypted passwords Add possibility to save encrypted passwords Add possibility to retrieve saved passwords Add “Test Encryption” screen Add possibility to generate different key types Add possibility to encrypt/decrypt data with generated keys

46. Environment setup Go to http://github.com Search for Team Technologies organization

    Search for security-workshop-sample project Follow the instructions from Readme

47. Let’s do it! Yakiv Mospan Svyatoslav Hromyak http://git.temy.co/yakivmospan/security-workshop-sample