• Like

Kerberos + Android: A Tale of Opportunity

  • 1,692 views
Uploaded on

Slides from Chris Conlon's presentation about yaSSL's work porting the CyaSSL embedded SSL library, the MIT Kerberos library, and the Kerberos GSS-API to the Android platform. …

Slides from Chris Conlon's presentation about yaSSL's work porting the CyaSSL embedded SSL library, the MIT Kerberos library, and the Kerberos GSS-API to the Android platform.

To learn more, visit www.yassl.com.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,692
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
7
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Kerberos + Android A Tale of OpportunitySlide 1 / 39 © Copyright 2012 yaSSL
  • 2. Platform Decisions The StatisticsSlide 2 / 39 © Copyright 2012 yaSSL
  • 3. Why Go Mobile? 80% of the worlds population now has a mobile phone. ( 5 Billion Phones )Slide 3 / 39 © Copyright 2012 yaSSL
  • 4. Why Go Mobile? 21.6% Of those 80%, 1.08 Billion are smartphones.Slide 4 / 39 © Copyright 2012 yaSSL
  • 5. Why Go Mobile? In the US: 60% 40% the ratio is even higher, with smartphones making up 40% of all mobile phones.Slide 5 / 39 © Copyright 2012 yaSSL
  • 6. OK, well why Android?Slide 6 / 39 © Copyright 2012 yaSSL
  • 7. Android? Reason 1: US Market Dominance iPhone 28% U.S. Android Smartphones == 40% (40%) Blackberry 19% Windows Mobile, 7% Windows Phone 7, 1% Other, 5%Slide 7 / 39 © Copyright 2012 yaSSL
  • 8. Android? Reason 2: Consumer Popularity •  100 million activated Android devices (now 400,000 / day) •  200,000 apps in Android Market (4.5 billion activations to date) •  310 devices available to consumers (112 countries)Slide 8 / 39 © Copyright 2012 yaSSL
  • 9. Android? Reason 3: Developer Popularity •  450,000 developers building for the platform!Slide 9 / 39 © Copyright 2012 yaSSL
  • 10. Android. Meaning? •  Opportunity for increased Kerberos visibility •  Useful for Android and Kerberos developers •  Fun to see where the community takes itSlide 10 / 39 © Copyright 2012 yaSSL
  • 11. Our Plan What we wanted to do.Slide 11 / 39 © Copyright 2012 yaSSL
  • 12. Goals We wanted to fill a missing gap. 1.  Port Kerberos libraries to Android 2.  Port some C-based Kerberos client apps to Android kinit klist kvno kdestroySlide 12 / 39 © Copyright 2012 yaSSL
  • 13. Goals We wanted to spark community involvement. 3.  Build a sample Android NDK App (with a simple GUI) 4.  Give changes back to communitySlide 13 / 39 © Copyright 2012 yaSSL
  • 14. Action! What we did.Slide 14 / 39 © Copyright 2012 yaSSL
  • 15. 1. Crypto ImplementationSlide 15 / 39 © Copyright 2012 yaSSL
  • 16. Crypto Added new CyaSSL crypto implementation •  Kerberos crypto options: CyaSSL, OpenSSL, NSS, built-inSlide 16 / 39 © Copyright 2012 yaSSL
  • 17. Crypto Added new CyaSSL crypto implementation •  CyaSSL is very portableSlide 17 / 39 © Copyright 2012 yaSSL
  • 18. 2. PortingSlide 18 / 39 © Copyright 2012 yaSSL
  • 19. Android Port Kerberos Libraries + CyaSSL Android. •  Cross-compiled libraries for Android •  Created shell script for easy reproduction by developersSlide 19 / 39 © Copyright 2012 yaSSL
  • 20. 3. Android ApplicationSlide 20 / 39 © Copyright 2012 yaSSL
  • 21. Android App Simple sample NDK project Home Screen •  Single screen •  Uses JNI •  Wrapper around native client appsSlide 21 / 39 © Copyright 2012 yaSSL
  • 22. Android App Simple sample NDK project kinit •  Gets a ticket using specified principalSlide 22 / 39 © Copyright 2012 yaSSL
  • 23. Android App Simple sample NDK project klist •  Lists our ticketsSlide 23 / 39 © Copyright 2012 yaSSL
  • 24. Android App Simple sample NDK project kvno •  Gets a service ticket for the entered principalSlide 24 / 39 © Copyright 2012 yaSSL
  • 25. Android App Simple sample NDK project klist after kvno •  Verify that we got a ticketSlide 25 / 39 © Copyright 2012 yaSSL
  • 26. Android App Simple sample NDK project kdestroy •  Clear our ticket cacheSlide 26 / 39 © Copyright 2012 yaSSL
  • 27. Android App Notes •  Uses a keytab instead of passwords •  Storage locations have been chosen for convenience Can be easily modified to what the developer needs Currently at /data/local/kerberosSlide 27 / 39 © Copyright 2012 yaSSL
  • 28. Android App License Type •  Application code will remain under the MIT licenseSlide 28 / 39 © Copyright 2012 yaSSL
  • 29. 4. GSS-API WrapperSlide 29 / 39 © Copyright 2012 yaSSL
  • 30. GSS-API Java Wrapper •  Provide Java bindings for developers to use •  Uses framework •  Wrapper around native Kerberos GSS-API library (Contains functionality found in gssapi.h)Slide 30 / 39 © Copyright 2012 yaSSL
  • 31. GSS-API Java Wrapper 2 example clients: •  Android client functionality •  Stand-alone Java app for desktop useSlide 31 / 39 © Copyright 2012 yaSSL
  • 32. GSS-API Integrated into sample app. Example Client •  Est. context with example server •  Send wrapped message, verify returned sig. block (gss_wrap, gss_verify_mic) •  Repeat #2, but with gss_seal, gss_verify •  Misc. API tests and exit.Slide 32 / 39 © Copyright 2012 yaSSL
  • 33. GSS-API Integrated into sample app. Example Server •  Est. context with client •  Receive and unwrap a message from the client •  Generate & send signature block for received messageSlide 33 / 39 © Copyright 2012 yaSSL
  • 34. The Future Whats happening next?Slide 34 / 39 © Copyright 2012 yaSSL
  • 35. The Future Look to the Community. Availability •  Code will be linked from both MIT and yaSSL websitesSlide 35 / 39 © Copyright 2012 yaSSL
  • 36. The Future Look to the Community. PR Activity / Visibility •  Blog posts •  Forum posts •  Press releases •  GitHub •  Mailing lists •  etc...Slide 36 / 39 © Copyright 2012 yaSSL
  • 37. The Future Other ideas or thoughts?Slide 37 / 39 © Copyright 2012 yaSSL
  • 38. References Statistics •  http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/ •  http://www.go-gulf.com/blog/smartphone •  http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40- percent-are-android/ •  Google I/O 2011: http://www.google.com/events/io/2011 Project Locations Kerberos: http://web.mit.edu/kerberos/ CyaSSL: http://www.yassl.com/ •  Android NDK App: https://github.com/cconlon/kerberos-android-ndk •  GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapiSlide 38 / 39 © Copyright 2012 yaSSL
  • 39. Thanks! www.yassl.comSlide 39 / 39 © Copyright 2012 yaSSL