6. Android Security
Key Management
Cryptography in Mobile
Applications
โ Protect data
โ Sensitive data
โ Data on /sdcard
โ Cryptographic material
โ Exchange data securely
โ Documents
โ Mail
โ SMS
โ Session Keys
โ Digital Signature
โ Documents
โ Mail
8. Android Security
Key Management
CryptoSystem
"refers to a suite of algorithms needed to implement a particular
form of encryption and decryption"
โ
โ Two types of encryption:
โ Symmetric Key Algorithms
โ Identical encryption key for
encryption/decryption
โ AES, Blowfish, DES, Triple DES
โ Asymmetric Key Algorithms
โ Different key for
encryption/decryption
โ RSA, DSA, ECDSA
9. Android Security
Key Management
Ciphers
โ Two types of ciphers:
โ Block: Process entire blocks of fixed-length
groups of bits at a time ( padding may be
required)
โ Stream: Process single byte at a time ( no
padding )
โ Block Cipher modes of operation
โ ECB: each block encrypted independently
โ CBC, CFB, OFB: the previous block of
output is used to alter the input blocks
before applying the encryption algorithm
starting from a IV ( initialization vector )
10. Android Security
Key Management
Crypto in Android
โ Based on JCA ( Java
Cryptographic Architecture)
provides API for:
โ Encryption/Decryption
โ Digital signatures
โ Message digests (hashes)
โ Key management
โ Secure random number
generation
โ โProviderโ Architecture with CSP
โ Bouncy Castle is Android default
CSP
11. Android Security
Key Management
Bouncy Castle Android Version
โ Customized:
โ Some services and API removed
โ Varies between Android versions
โ Fixed only in the latest versions
โ Solution: Spongy Castle
โ Repackage of Bouncy Castle
โ Supports more cryptographic options
โ Up-to-date
โ Not vulnerable to the Heartbleed Bug
(CVE-2014-0160)
20. Android Security
Key Management
SecretKey Specification
javax.crypto.spec.SecretKeySpec
โ SecretKeySpec specifies a key for a specific algorithm
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Topic of this workshop
Cryptographic Algorithm
21. Android Security
Key Management
Cipher GetInstance
javax.crypto.Cipher
โ Provides access to implementations of cryptographic ciphers
for encryption and decryption
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Paddingโ,โSCโ);
Trasformation
(describes set of operation to
perform):
โข algorithm/mode/padding
โข algorithm
Provider
( SpongyCastle )
22. Android Security
Key Management
Cipher Init
javax.crypto.Cipher
โ Initializes the cipher instance with the specified operational
mode, key and algorithm parameters.
cipher.init(Cipher.DECRYPT_MODE, keySpec,
new IvParameterSpec(iv));
Operational Mode:
โข ENCRYPT_MODE
โข DECRYPT_MODE
โข WRAP_MODE
โข UNWRAP_MODE
SecretKeySpec Specify Cipher
Algorithm parameters
( IV for CBC )
23. Android Security
Key Management
Cipher Final
javax.crypto.Cipher
โ Finishes a multi-part transformation (encryption or decryption)
byte[] encryptedText = cipher.doFinal(clearText.getBytes());
Encrypted
Text in byte
ClearText in
bytes
25. Android Security
Key Management
SecureRandom
java.security.SecureRandom
โ Cryptographically secure pseudo-random number generator
SecureRandom secureRandom = new SecureRandom();
Default constructor uses the
most cryptographically
strong provider available
โ Seeding
SecureRandom is
dangerous:
โ Not Secure
โ Output may change
26. Android Security
Key Management
Some SecureRandom
Thoughts...
โ Android security team discovered a JCA improper PRNG
initialization in August 2013
โ Applications invoking system-provided OpenSSL PRNG without
explicit initialization are also affected
โ Key Generation, Signing or Random Number Generation not
receiving cryptographically strong values
โ Developer must explicitly initialize the PRNG
PRNGFixes.apply()
27. Android Security
Key Management
KeyGenerator keyGenerator = KeyGenerator.getInstance("AESโ,โSCโ);
keyGenerator.init(outputKeyLength, secureRandom);
SecretKey key = keyGenerator.generateKey();
Generate Secret Key
javax.crypto.KeyGenerator
โ Symmetric cryptographic keys generator API
Specify Key Size
Algorithm
and Provider
Key to use in Cipher.init()
28. Android Security
Key Management
Key Management: Store on
device
โ Protected by Android Filesystem Isolation
โ Plain File
โ SharedPreferences
โ Keystore File (BKS, JKS)
โ More secure with Phone Encryption
โ Store safely
โ MODE_PRIVATE flag
โ Use only internal storage
/data/data/app_package
31. Android Security
Key Management
Key Management: Store in App
โ Uses static keys or device specific information at run-time (IMEI, mac
address, ANDROID_ID)
โ Android app can be easily reversed ( live demo )
โ Hide with Code obfuscation
โ Security by Obscurity is never a good idea...
34. Android Security
Key Management
Key Management: PBKDF2
โ Password Based Key Derivation Function (PKCS#5)
โ Variable length password in input
โ Fixed length key in output
โ User interaction required
โ Params:
โ Password
โ Pseudorandom Function
โ Salt
โ Number of iteration
โ Key Size
35. Android Security
Key Management
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt,
NUM_OF_ITERATIONS, KEY_SIZE);
SecretKeyFactory secretKeyFactory =
SecretKeyFactory.getInstance(PBE_ALGORITHM);
encKey = secretKeyFactory.generateSecret(keySpec);
Key Management: PBKDF2
javax.crypto.spec.PBEKeySpec
โ PBE Key specification and generation
A good PBE algorithm is
PBKDF2WithHmacSHA1
User
Password
N. >= 1000
36. Android Security
Key Management
SecretKeyFactory factory;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT)
// Use compatibility key factory -- only uses lower 8-bits of passphrase chars
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
else if (Build.VERSION.SDK_INT >= 10)
// Traditional key factory. Will use lower 8-bits of passphrase chars on
// older Android versions (API level 18 and lower) and all available bits
// on KitKat and newer (API level 19 and higher)
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
else // FIX for Android 8,9
factory = SecretKeyFactory.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
SecretKeyFactory API in
Android 4.4
38. Android Security
Key Management
Key Management: Other
solutions
โ Store on server side
โ Internet connection required
โ Use trusted and protected connections (HTTPS, Certificate
Pinning)
โ Store on external device
โ NFC Java Card (NXP J3A081)
โ Smartcard
โ USB PenDrive
โ MicroSD with secure storage
โ AndroidKeyStore???
39. Android Security
Key Management
Asymmetric Algorithms
โ Public/Private Key
โ Public Key -> encrypt/verify signature
โ Private Key -> decrypt/sign
โ Advantages:
โ Public Key distribution is not dangerous
โ Disadvantages:
โ Computationally expensive
โ Usually used with PKI (Public Key Infrastructure for digital
certificates)
40. Android Security
Key Management
Public-key Applications
โ Can classify uses into 3 categories:
โ Encryption/Decryption (provides confidentiality)
โ Digital Signatures (provides authentication and Integrity)
โ Key Exchange (of session keys)
โ Some algorithms are suitable for all uses (RSA),
others are specific to one
41. Android Security
Key Management
PKCS for Asymmetric
Algorithms
โ PKCS is a group of public-key cryptography
standards published by RSA Security Inc
โ PKCS#1 (v.2.1)
โ RSA Cryptography Standard
โ PKCS#3 (v.1.4)
โ Diffie-Hellman Key Agreement Standard
โ PKCS#8 (v.1.2)
โ Private-Key Information Syntax Standard
โ PKCS#10 (v.1.7)
โ Certification Request Standard
โ PKCS#12 (v.1.0)
โ Personal Information Exchange Syntax Standard
42. Android Security
Key Management
Android: RSA
KeyPairGenerator kpg =
KeyPairGenerator.getIstance(โRSA");
Java.security.KeyPairGenerator
โ KeyPairGenerator is an engine capable of
generating public/private keys with specified
algorithms
Cryptographic Algorithm
43. Android Security
Key Management
Available Providers for RSA
Algorithm
KeyPairGenerator.getInstance(โRSAโ,โSEC_PROVIDERSโ);
Java.security.KeyPairGenerator
โ Different security providers could be used (could
change for different OS versions)
โAndroidOpenSSLโ
โBCโ
โAndroidKeyStroreโ
Version 1.0
Version 1.49
Version 1.0
44. Android Security
Key Management
โ KeySize โ 1024,2048,4096 bits
KeyPairGenerator: Initialization
and Randomness
KeyPairGenerator kpg =
KeyPairGenerator.initialize(2048);
Java.security.KeyPairGenerator
โ KeyPairGenerator initialization with the key size
Key Size
45. Android Security
Key Management
KeyPairGenerator: Initialization
and Randomness
KeyPairGenerator kpg =
KeyPairGenerator.initialize(2048,sr);
Java.security.KeyPairGenerator, Java.security.SecureRandom
โ KeyPairGenerator initialization with a
SecureRandom
SecureRandom sr = new SecureRandom();
46. Android Security
Key Management
Generating RSA Key
Java.security.KeyPair
โ KeyPair is a container for a public/private key
generated by the KeyPairGenerator
KeyPair keypair = kpg.genKeyPair()
โ We can retrieve public/private keys from KeyPair
Key public_key = kaypair.getPublic();
Key private_key = kaypair.getPrivate();
47. Android Security
Key Management
Using RSA Keys: cipher
example
Javax.crypto.Cipher
โ Cipher provides access to implementation of
cryptography ciphers for encryption and decryption
Cipher cipher = Cipher.getInstance(โRSAโ,โSEC_PROVIDER);
Transformation
โAndroidOpenSSLโ
โBCโ
โAndroidKeyStroreโ
50. Android Security
Key Management
Extract Parameters of RSA
Keys
Java.security.spec.RSAPublicKeySpec, java.security.spec.RSAPrivateKeySpec
โ Retrieved parameters can be stored
BigInteger m = rsa_public.getModulus();
BigInteger e = rsa_public.getPublicExponent();
BigInteger d = rsa_private.getPrivateExponent();
Is Private
52. Android Security
Key Management
AndroidKeyStore
โ Custom Java Security Provider available from Android 4.3
version and beyond
โ An App can generate and save private keys
โ Keys are private for each App
โ 2048-bit key size (4.3), 1024-2048-4096-bit key size (4.4) can
be stored
โ ECDSA support added from Android 4.4
53. Android Security
Key Management
Key Management Evolution
API LEVEL 14 API LEVEL 18
Global Level:
KeyChain
( Public API )
App Level:
KeyStore
( Closed API )
Global Level Only:
Default TrustStore
cacerts.bks
(ROOTED device)
Global Level:
KeyChain
( Public API )
App Level and
per User Level:
AndroidKeyStore
( Public API )
54. Android Security
Key Management
AndroidKeyStore Storage
โ Two kinds of storage
โ Hardware-backed (Nexus 7, Nexus
4, Nexus 5 :-) with OS >= 4.3)
โ Secure Element
โ TPM
โ TrustZone
โ Software only (Other devices with
OS >= 4.3)
55. Android Security
Key Management
Type of Storage
import android.security.KeyChain;
if (KeyChain.isBoundKeyAlgorithm("RSA"))
// Hardware-Backed
else
// Software Only
56. Android Security
Key Management
Certificate parameters
Context cx = getActivity();
String pkg = cx.getPackageName();
Calendar notBefore = Calendar.getInstance();
Calendar notAfter = Calendar.getInstance();
notAfter.add(1, Calendar.YEAR);
import android.security.KeyPairGeneratorSpec.Builder;
Builder builder = new KeyPairGeneratorSpec.Builder(cx);
builder.setAlias(โDEVKEY1โ);
String infocert = String.format("CN=%s, OU=%s", โDEVKEY1โ, pkg);
builder.setSubject(new X500Principal(infocert));
builder.setSerialNumber(BigInteger.ONE);
builder.setStartDate(notBefore.getTime());
builder.setEndDate(notAfter.getTime());
KeyPairGeneratorSpec spec = builder.build();
Times parameters
Self-Signed X.509
โ Common Name (CN)
โ Subject (OU)
โ Serial Number
Generate certificate
ALIAS to index the
certificate
57. Android Security
Key Management
Generating Public/Private keys
KeyPairGenerator kpGenerator;
kpGenerator = KeyPairGenerator
.getInstance("RSA", "AndroidKeyStore");
kpGenerator.initialize(spec);
KeyPair kp;
kp = kpGenerator.generateKeyPair();
Engine to generate
Public/Private key
Init Engine with:
โ RSA Algorithm
โ Provider: AndroidKeyStore
Init Engine with certificate parameters
After generation, the keys will be stored into AndroidKeyStore and will be
accessible by ALIAS
โ Generating Private/Public key
58. Android Security
Key Management
AndroidKeyStore Initialization
keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
Now we have the KeyStore reference that will be used to
access to the Private/Public key by the ALIAS
Should be used if there is an InputStream to load
(for example the name of imported KeyStore). If not
used the App will crash
Get a reference to the AndroidKeyStore
60. Android Security
Key Management
RSA Digital Signature
โ Digital Signature
โ Authentication, Non-Repudiation and Integrity
โ RSA Private key to Sign
โ RSA Public Key to Verify
KeyStore.Entry entry = ks.getEntry(โDEVKEY1โ, null);
byte[] data = โGDG-Meets-U 2014!โ.getBytes();
Signature s = Signature.getInstance(โSHA256withRSAโ);
s.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
s.update(data);
byte[] signature = s.sign();
String result = null;
result = Base64.encodeToString(signature, Base64.DEFAULT);
Access to Private/Public key identified
by ALIAS
Algorithm choice
Private key to sign
Signature and Base64
encoding
61. Android Security
Key Management
Verify RSA Digital Signature
byte[] data = input.getBytes();
byte[] signature;
signature = Base64.decode(signatureStr, Base64.DEFAULT);
KeyStore.Entry entry = ks.getEntry(โDEVKEY1โ, null);
Signature s = Signature.getInstance("SHA256withRSA");
s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
s.update(data);
boolean valid = s.verify(signature);
Base64 decoding
Access to the Private/Public key
identified by ALIAS==DEVKEY1
Algorithm choice
Public Key in certificate to
verify signature
TRUE == Verified
FALSE== Not Verified
66. Android Security
Key Management
It is observed that...
โ Different screen lock
โ The choice of screen lock
impactsthe keys
โ If you change the screen lock the
keys are deleted
67. Android Security
Key Management
Expected behavior?
โ The official documentation shows:
โ The keys should ramain intact when the type of screen lock is
changed by the user
71. Android Security
Key Management
Example: Import Certificates
โ Import .p12 certificates
Intent intent = KeyChain.createInstallIntent();
byte[] p12 = readFile(โCERTIFICATE_NAME.p12โ);
Intent.putExtra(KeyChain.EXTRA_PKCS12,p12);
Specify PKCS#12 Key to install
startActivity(intent);
The user will be
prompted for the
password
72. Android Security
Key Management
KeyChain.choosePrivateKeyAlias(
Activity activity,
KeyChainAliasCallBack response,
String[] keyTypes,
Principal[] issuers,
String host,
Int port,
String Alias);
Example: Retrieve the key
โ The KeyChainAliasCallback invoked when a user chooses a
certificate/private key
73. Android Security
Key Management
@Override
public void alias(String alias){
.
.
PrivateKey private_key = KeyChain.
getPrivateKey(this,alias);
.
.
X509Certificate[] chain = KeyChain.
getCertificateChain(this,โDroidconโ);
.
PublicKey public_key = chain[0].getPublicKey();
}
Example: Retrieve and use the
keys
โ KeyChainAliasCallbak must implement the abstract method
alias:
Private Key
Public Key