SlideShare a Scribd company logo

Note on a Mobile Security... or How the Brave Permutation Saved a Naughty Keyboard

Petr Dvorak
Petr Dvorak
TechnologyNews & Politics
1 of 40
Download to read offline
Note on a mobile security ... or How the Brave Permutation Rescued a Naughty Keyboard... Petr Dvořák - @joshis_tweets Tomáš Rosa iOS Development Lead Senior Cryptologist, Raiffeisenbank
Outline • Mobile Security Landscape • Typical Topics in Security • The Perils of Jailbreaking • The Tale of the Brave Permutation
Mobile Security Landscape
Mobile Security Landscape • New Devices, New Problems • New Devices, Old Problems • The Murderer is always the Gardener
Typical Topics
Incorrect Logging • NSLog is not harmless! • Works with the system log, readable by anyone • AppSwitch app • Disable NSLog for the App Store build #define NSLog(...)
Incorrect SSL handling • SSL != Super Secure Line • iOS Checks if CA is trusted • OCSP only for EV certificates, works best attempt • http://mitmproxy.org
MITMProxy
NSURLConnection callback - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace*)space { SecTrustRef trust = [space serverTrust]; SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, 0); NSData* serverCertificateData = (NSData*)SecCertificateCopyData(cert); NSString* description = (NSString*)SecCertificateCopySubjectSummary(certificate); // check the data... “if (isOK(cert)) { phew(@”It’s OK”); }” }
Insufficient design • Too much weight on HTTPS • Typical “session” is not always enough • Use HOTP / TOTP • Study OAuth: Despite popular belief, 2 < 1
Jailbreak
root || !(2*root) • You mustn’t jailbreak! • Jailbreaking = Full root access Saurik • Attackers are tough & pretty smart! • That sucks. Anything is possible • The physics stops working
#HITB
root || !(2*root) • You must jailbreak! • Users are uninformed + don’t care Kelišová • JB can happen without users consent • ... this is what exploits are about... • Save them! Make your app ready for this
Demo - Cycript
root || !(2*root) • Considering Jailbreak makes things hard • Dealing with security on application level • One of many issues: How to protect the password?
How to protect the password?
How to protect password? • Malware on the phone = game over • Password is stolen once you type it • What about a stolen phone? • ... wait, why is it different from mallware?
iOS App in Action Mallware? Game over... App Password App App Started Entered Closed Dead User: The app is done... Attacker steals a phone... System: Let’s keep it for a while... ... or you lose it somewhere... iOS Docs: “The system [iOS] keeps suspended apps in memory for as long as possible, removing them only when the amount of free memory gets low.”
Tale of a Brave Permutation
The Problem • UITextField is very, very naughty • Even when it’s “Secure”, it’s not secure... • How to eliminate password footprint?
Demo - GDB
UITextField Properties • !!! You need to set • Adjust to Fit • Auto-capitalization • Auto-correction • Secure • Not Apple-like. And is it really enough?
Framework / Application • Let’s do better! • Idea • Custom keyboard • One-Time Pad (Vernam cipher) • Security context under strict control • C implementation
Mechanism illustration UITextField C_Ln Sent appended [C_Li]i=1..Length App & Keyboard User taps User H/TOTP App Sends Keyboard App fetches Keyboard a letter presses sign- signature Signed Created [C_Li]i=1..Length Destroyed. Ln in Received Request. C Securtity Security Context H/TOTP Password module Letter Ln Ciphered Context Deciphers signature & Context using OTP Created Password computed Destroyed
Mechanism illustration UITextField C_Ln Sent appended [C_Li]i=1..Length App & Keyboard User taps User H/TOTP App Sends Keyboard App fetches Keyboard a letter presses sign- signature Signed Created [C_Li]i=1..Length Destroyed. Ln in Received Request. Ln C_Ln C Securtity Security Context H/TOTP Password module Letter Ln Ciphered Context Deciphers signature & Context using OTP Created Password computed Destroyed
Mechanism illustration UITextField C_Ln Sent appended [C_Li]i=1..Length [C_Li]i=1..Length App & Keyboard User taps User H/TOTP App Sends Keyboard App fetches Keyboard a letter presses sign- signature Signed Created [C_Li]i=1..Length Destroyed. Ln in Received Request. [C_Li]i=1..Length binary garbage C Securtity Security Context H/TOTP Password module Letter Ln Ciphered Context Deciphers signature & Context using OTP Created Password computed Destroyed
How to (de)cipher the text?
Preconditions • Decimal PIN of 4 to 8 digits. • Unpredictable cursor shifts are allowed. • UITextField must be able to process the crypto-chars. • The encryption/decryption as well as the setup phase shall be pretty fast.
Permutation tables • To encrypt a PIN digit, we use a particular permutation table ri : {0, ..., 9} → {0, ..., 9}. • Each permutation table is chosen randomly from the set of all possible 10! (=3 628 800) bijective mappings.
Table Generator • There is an algorithm that for each permutation on n-element set computes a unique number k, such that: • 0 ≤ k < n! • It was already noted in [1] that we can obtain a fast permutation generator by running this algorithm backwards. • So called shuffling, cf. [1], algorithms 3.3.2P and 3.4.2P.
Compact Key For Tables • Instead of generating random nonces for each generator cycle (as suggested in [1]), we generate just one random key k with uniform distribution on <0, ..., n!). • According to the factorial number system [1], such k uniquely describes the particular permutation on n-element set. • We then run alg. 3.3.2P in the simple reverse order.
Generator Properties • It can be easily shown that our approach is equivalent to generating random tweets for each pass through the main cycle of the reversed alg. 3.3.2P. • We just collect all these nonces in one number using the wonderful factorial number system. • Of course, there is an independent fresh k for each table generated.
Setup Phase • We subdivide the 7-bit ASCII set to 9 code pages by 10 characters each: • {32, ..., 41}, {42, ..., 51}, ..., {112, ..., 121}. • We also generate 9 independent keys and their corresponding permutation tables: • (k1, ..., k9) → (r0, ..., r8).
Encryption • To encrypt j-th character typed pj, we choose the permutation ri, where i = j mod 9, and compute: • cj = ri ( pj ) + 10*i + 32. • The counter j is incremented with each character encrypted regardless possible cursor shifts, etc.
Decryption • To decrypt a crypto-char c, we first decide which table was used for its encryption: • i = ( c - 32 ) div 10. • Then we use the inverse permutation to obtain the original plaintext char: • p = ri-1 ( c - 10*i - 32 ). • We prepare both ri and ri-1 tables in setup.
Why This Way? • To allow unpredictable cursor shifts • we use the code page offset to encode the keystream index i within each crypto-char. • To eliminates the risk of compromising the whole table when the keystream index i accidentally repeats • we use the general permutation tables instead of a simple finite group operation like xor, add, mul, etc.
Cautionary note • This was pretty clever, right? • Don’t spoil it by doing something stupid. • Wipe out all the keys and permutation tables after having finished!
Thank you!
References • [1] Knuth, D.-E.: The Art of Computer Programming / Vol. 2 - Seminumerical Algorithms, 3rd ed., Addison-Wesley, 1998. • [2] http://developer.apple.com • [3] http://theiphonewiki.com • [4] http://www.cycript.org

Recommended

.Net & c#
.Net & c#.Net & c#
.Net & c#Alexandre Marreiros
 
3. permutation and combination
3. permutation and combination3. permutation and combination
3. permutation and combinationsmaplabu
 
Secure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted SignaturesSecure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted SignaturesSatoshi Hada
 
Cryptography
CryptographyCryptography
CryptographyLaibaRehman3
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and NetworkingZahidul Hossain
 
Aizatulin poster
Aizatulin posterAizatulin poster
Aizatulin posteranesah
 
Communication security
Communication securityCommunication security
Communication securitySotheavy Nhoung
 

Recommended

.Net & c#
.Net & c#.Net & c#
.Net & c#Alexandre Marreiros
 
3. permutation and combination
3. permutation and combination3. permutation and combination
3. permutation and combinationsmaplabu
 
Secure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted SignaturesSecure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted SignaturesSatoshi Hada
 
Cryptography
CryptographyCryptography
CryptographyLaibaRehman3
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and NetworkingZahidul Hossain
 
Aizatulin poster
Aizatulin posterAizatulin poster
Aizatulin posteranesah
 
Communication security
Communication securityCommunication security
Communication securitySotheavy Nhoung
 
Lec21
Lec21Lec21
Lec21tani41
 
Eco system apps
Eco system appsEco system apps
Eco system appsSergey Seletsky
 
Embedded
EmbeddedEmbedded
EmbeddedAbindas
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxsmile790243
 
The use of Symfony2 @ Overblog
The use of Symfony2 @ OverblogThe use of Symfony2 @ Overblog
The use of Symfony2 @ OverblogXavier Hausherr
 
Wanhive vs Chord Distributed Hash Table
Wanhive vs Chord Distributed Hash TableWanhive vs Chord Distributed Hash Table
Wanhive vs Chord Distributed Hash TableAmit Kumar
 
Ch15,secu..
Ch15,secu..Ch15,secu..
Ch15,secu..eman37aseb
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - SecurityWayne Jones Jnr
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
Cryptography
CryptographyCryptography
CryptographyAbhi Prithi
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Network security
Network securityNetwork security
Network securityPerfect Training Center
 
delphi-interfaces.pdf
delphi-interfaces.pdfdelphi-interfaces.pdf
delphi-interfaces.pdfGestio Organització Comunicació S.A.
 
delphi-interfaces.pdf
delphi-interfaces.pdfdelphi-interfaces.pdf
delphi-interfaces.pdfGestio Organització Comunicació S.A.
 
delphi-interfaces.pdf
delphi-interfaces.pdfdelphi-interfaces.pdf
delphi-interfaces.pdfGestio Organització Comunicació S.A.
 
Userland Hooking in Windows
Userland Hooking in WindowsUserland Hooking in Windows
Userland Hooking in WindowsHigh-Tech Bridge SA (HTBridge)
 
Homomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalHomomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalSantanu Das Saan
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPrabhatMishraAbvp
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingPetr Dvorak
 

More Related Content

Similar to Note on a Mobile Security... or How the Brave Permutation Saved a Naughty Keyboard

Embedded
EmbeddedEmbedded
EmbeddedAbindas
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxsmile790243
 
The use of Symfony2 @ Overblog
The use of Symfony2 @ OverblogThe use of Symfony2 @ Overblog
The use of Symfony2 @ OverblogXavier Hausherr
 
Wanhive vs Chord Distributed Hash Table
Wanhive vs Chord Distributed Hash TableWanhive vs Chord Distributed Hash Table
Wanhive vs Chord Distributed Hash TableAmit Kumar
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Homomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalHomomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalSantanu Das Saan
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPrabhatMishraAbvp
 

Similar to Note on a Mobile Security... or How the Brave Permutation Saved a Naughty Keyboard (20)

Lec21
Lec21Lec21
Lec21
 
Eco system apps
Eco system appsEco system apps
Eco system apps
 
Embedded
EmbeddedEmbedded
Embedded
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
 
The use of Symfony2 @ Overblog
The use of Symfony2 @ OverblogThe use of Symfony2 @ Overblog
The use of Symfony2 @ Overblog
 
Wanhive vs Chord Distributed Hash Table
Wanhive vs Chord Distributed Hash TableWanhive vs Chord Distributed Hash Table
Wanhive vs Chord Distributed Hash Table
 
Ch15,secu..
Ch15,secu..Ch15,secu..
Ch15,secu..
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS III
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Cryptography
CryptographyCryptography
Cryptography
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Network security
Network securityNetwork security
Network security
 
delphi-interfaces.pdf
delphi-interfaces.pdfdelphi-interfaces.pdf
delphi-interfaces.pdf
 
delphi-interfaces.pdf
delphi-interfaces.pdfdelphi-interfaces.pdf
delphi-interfaces.pdf
 
delphi-interfaces.pdf
delphi-interfaces.pdfdelphi-interfaces.pdf
delphi-interfaces.pdf
 
Userland Hooking in Windows
Userland Hooking in WindowsUserland Hooking in Windows
Userland Hooking in Windows
 
Homomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalHomomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing final
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 

More from Petr Dvorak

Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingPetr Dvorak
 
mDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appmDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appPetr Dvorak
 
Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Petr Dvorak
 
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíSmart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíPetr Dvorak
 
Bankovní API ve světě
Bankovní API ve světěBankovní API ve světě
Bankovní API ve světěPetr Dvorak
 
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePetr Dvorak
 
Představení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePředstavení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePetr Dvorak
 
Lime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionLime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionPetr Dvorak
 
Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Petr Dvorak
 
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Petr Dvorak
 
Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Petr Dvorak
 
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Petr Dvorak
 
Zingly - Single app for all banks
Zingly - Single app for all banksZingly - Single app for all banks
Zingly - Single app for all banksPetr Dvorak
 
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Petr Dvorak
 
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Petr Dvorak
 
Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Petr Dvorak
 
What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?Petr Dvorak
 
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelemDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelePetr Dvorak
 
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživateleiCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatelePetr Dvorak
 

More from Petr Dvorak (20)

Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.
 
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open Banking
 
mDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appmDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking app
 
Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API?
 
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíSmart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
 
Bankovní API ve světě
Bankovní API ve světěBankovní API ve světě
Bankovní API ve světě
 
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
 
Představení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePředstavení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integrace
 
Lime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionLime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introduction
 
Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Lime - Push notifications. The big way.
Lime - Push notifications. The big way.
 
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
 
Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?
 
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
 
Zingly - Single app for all banks
Zingly - Single app for all banksZingly - Single app for all banks
Zingly - Single app for all banks
 
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
 
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
 
Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015
 
What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?
 
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelemDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
 
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživateleiCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Note on a Mobile Security... or How the Brave Permutation Saved a Naughty Keyboard

  • 1. Note on a mobile security ... or How the Brave Permutation Rescued a Naughty Keyboard... Petr Dvořák - @joshis_tweets Tomáš Rosa iOS Development Lead Senior Cryptologist, Raiffeisenbank
  • 2. Outline • Mobile Security Landscape • Typical Topics in Security • The Perils of Jailbreaking • The Tale of the Brave Permutation
  • 4. Mobile Security Landscape • New Devices, New Problems • New Devices, Old Problems • The Murderer is always the Gardener
  • 6. Incorrect Logging • NSLog is not harmless! • Works with the system log, readable by anyone • AppSwitch app • Disable NSLog for the App Store build #define NSLog(...)
  • 7. Incorrect SSL handling • SSL != Super Secure Line • iOS Checks if CA is trusted • OCSP only for EV certificates, works best attempt • http://mitmproxy.org
  • 9. NSURLConnection callback - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace*)space { SecTrustRef trust = [space serverTrust]; SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, 0); NSData* serverCertificateData = (NSData*)SecCertificateCopyData(cert); NSString* description = (NSString*)SecCertificateCopySubjectSummary(certificate); // check the data... “if (isOK(cert)) { phew(@”It’s OK”); }” }
  • 10. Insufficient design • Too much weight on HTTPS • Typical “session” is not always enough • Use HOTP / TOTP • Study OAuth: Despite popular belief, 2 < 1
  • 12. root || !(2*root) • You mustn’t jailbreak! • Jailbreaking = Full root access Saurik • Attackers are tough & pretty smart! • That sucks. Anything is possible • The physics stops working
  • 13. #HITB
  • 14. root || !(2*root) • You must jailbreak! • Users are uninformed + don’t care Kelišová • JB can happen without users consent • ... this is what exploits are about... • Save them! Make your app ready for this
  • 16. root || !(2*root) • Considering Jailbreak makes things hard • Dealing with security on application level • One of many issues: How to protect the password?
  • 17. How to protect the password?
  • 18. How to protect password? • Malware on the phone = game over • Password is stolen once you type it • What about a stolen phone? • ... wait, why is it different from mallware?
  • 19. iOS App in Action Mallware? Game over... App Password App App Started Entered Closed Dead User: The app is done... Attacker steals a phone... System: Let’s keep it for a while... ... or you lose it somewhere... iOS Docs: “The system [iOS] keeps suspended apps in memory for as long as possible, removing them only when the amount of free memory gets low.”
  • 20. Tale of a Brave Permutation
  • 21. The Problem • UITextField is very, very naughty • Even when it’s “Secure”, it’s not secure... • How to eliminate password footprint?
  • 23. UITextField Properties • !!! You need to set • Adjust to Fit • Auto-capitalization • Auto-correction • Secure • Not Apple-like. And is it really enough?
  • 24. Framework / Application • Let’s do better! • Idea • Custom keyboard • One-Time Pad (Vernam cipher) • Security context under strict control • C implementation
  • 25. Mechanism illustration UITextField C_Ln Sent appended [C_Li]i=1..Length App & Keyboard User taps User H/TOTP App Sends Keyboard App fetches Keyboard a letter presses sign- signature Signed Created [C_Li]i=1..Length Destroyed. Ln in Received Request. C Securtity Security Context H/TOTP Password module Letter Ln Ciphered Context Deciphers signature & Context using OTP Created Password computed Destroyed
  • 26. Mechanism illustration UITextField C_Ln Sent appended [C_Li]i=1..Length App & Keyboard User taps User H/TOTP App Sends Keyboard App fetches Keyboard a letter presses sign- signature Signed Created [C_Li]i=1..Length Destroyed. Ln in Received Request. Ln C_Ln C Securtity Security Context H/TOTP Password module Letter Ln Ciphered Context Deciphers signature & Context using OTP Created Password computed Destroyed
  • 27. Mechanism illustration UITextField C_Ln Sent appended [C_Li]i=1..Length [C_Li]i=1..Length App & Keyboard User taps User H/TOTP App Sends Keyboard App fetches Keyboard a letter presses sign- signature Signed Created [C_Li]i=1..Length Destroyed. Ln in Received Request. [C_Li]i=1..Length binary garbage C Securtity Security Context H/TOTP Password module Letter Ln Ciphered Context Deciphers signature & Context using OTP Created Password computed Destroyed
  • 28. How to (de)cipher the text?
  • 29. Preconditions • Decimal PIN of 4 to 8 digits. • Unpredictable cursor shifts are allowed. • UITextField must be able to process the crypto-chars. • The encryption/decryption as well as the setup phase shall be pretty fast.
  • 30. Permutation tables • To encrypt a PIN digit, we use a particular permutation table ri : {0, ..., 9} → {0, ..., 9}. • Each permutation table is chosen randomly from the set of all possible 10! (=3 628 800) bijective mappings.
  • 31. Table Generator • There is an algorithm that for each permutation on n-element set computes a unique number k, such that: • 0 ≤ k < n! • It was already noted in [1] that we can obtain a fast permutation generator by running this algorithm backwards. • So called shuffling, cf. [1], algorithms 3.3.2P and 3.4.2P.
  • 32. Compact Key For Tables • Instead of generating random nonces for each generator cycle (as suggested in [1]), we generate just one random key k with uniform distribution on <0, ..., n!). • According to the factorial number system [1], such k uniquely describes the particular permutation on n-element set. • We then run alg. 3.3.2P in the simple reverse order.
  • 33. Generator Properties • It can be easily shown that our approach is equivalent to generating random tweets for each pass through the main cycle of the reversed alg. 3.3.2P. • We just collect all these nonces in one number using the wonderful factorial number system. • Of course, there is an independent fresh k for each table generated.
  • 34. Setup Phase • We subdivide the 7-bit ASCII set to 9 code pages by 10 characters each: • {32, ..., 41}, {42, ..., 51}, ..., {112, ..., 121}. • We also generate 9 independent keys and their corresponding permutation tables: • (k1, ..., k9) → (r0, ..., r8).
  • 35. Encryption • To encrypt j-th character typed pj, we choose the permutation ri, where i = j mod 9, and compute: • cj = ri ( pj ) + 10*i + 32. • The counter j is incremented with each character encrypted regardless possible cursor shifts, etc.
  • 36. Decryption • To decrypt a crypto-char c, we first decide which table was used for its encryption: • i = ( c - 32 ) div 10. • Then we use the inverse permutation to obtain the original plaintext char: • p = ri-1 ( c - 10*i - 32 ). • We prepare both ri and ri-1 tables in setup.
  • 37. Why This Way? • To allow unpredictable cursor shifts • we use the code page offset to encode the keystream index i within each crypto-char. • To eliminates the risk of compromising the whole table when the keystream index i accidentally repeats • we use the general permutation tables instead of a simple finite group operation like xor, add, mul, etc.
  • 38. Cautionary note • This was pretty clever, right? • Don’t spoil it by doing something stupid. • Wipe out all the keys and permutation tables after having finished!
  • 40. References • [1] Knuth, D.-E.: The Art of Computer Programming / Vol. 2 - Seminumerical Algorithms, 3rd ed., Addison-Wesley, 1998. • [2] http://developer.apple.com • [3] http://theiphonewiki.com • [4] http://www.cycript.org