The slides describe the PBKDF2 algorithm and its application in storing sensitive data securely in Android applications.

1. Applications of PBKDF2
Algorithm in Android Application
Secure Data Storage
Shiv Sahni
Sr. Security Analyst
Confidential

2. What is PBKDF?
PBKDF2 applies a pseudorandom function, such as hash-based message authentication
code (HMAC), to the input password or passphrase along with a salt value and repeats
the process many times to produce a derived key, which can then be used as a
cryptographic key in subsequent operations.

3. The Process!
The PBKDF2 key derivation function has five input parameters:
DK = PBKDF2(PRF, Password, Salt, c, dkLen)
where:
● PRF is a pseudorandom function (e.g. a keyed HMAC)
● Password is the master password from which a derived key is generated
● Salt is a sequence of bits, known as a cryptographic salt
● c is the number of iterations desired
● dkLen is the desired length of the derived key
● DK is the generated derived key

4. Why PBKDF?
● The algorithm is designed to increase the computation cost so as to prevent
Brute-force Attacks.

5. Usage?
● Key Derivation Functions
● Password Hashing

6. Hashing -> Salted Hashes->PBKDF
Salts are added so as to increase the computation requirements for cracking the
hashes.
PBKDF makes it more complex.

7. Storing Sensitive Data Securely in
Local Data Storage of Android
Applications

8. Attacker Can Not Reach to Private Data
Directory??
The Android sandbox for application data is not enough to create a
truly secure application.
● File System Misconfiguration
● Exploitation

9. The Sensitive Data is Actually Required?
Think Again!
It is recommended that the application should not capture unnecessary sensitive
data. Only the required sensitive data should be captured and should be securely
handled.

10. Not Just Encrypt it - SECURELY ENCRYPT IT!
● Say no to custom encryption algorithm.
● Avoid usage of weak cryptographic algorithms
○ Weak Encryption Algorithms: DES, 3DES, AES (ECB Mode) etc.
○ Weak Hashing Algorithms: RC4, MD5, SHA-1 etc.
○ Insecure Random Number Generators: Usage of java.util.Random for random number
generation.
● Poor Key Management
○ Hardcoded Encryption Keys
○ Storing Keys with Ciphertext Locally

11. Do we have pin/password/passphrase
implementation?
If the application requires password for authentication then
● Use user supplied password should be used to derive encryption key via a key
derivation function such as PBKDF2.
● The encryption key can be derived at the time of registration/first login and
can be used to encrypt sensitive data.
● The same key can be used to decrypt sensitive data whenever correct
password is supplied.

12. Not Just Encryption - Secure Encryption
● The application must have Strong Password Policy to prevent decryption of
sensitive data through brute-force attacks.
● Use Key Derivation Function with 10,000 or more rounds of iteration so as to
make brute-force attacks expensive.

13. Code Snippet
public static SecretKey generateKey(char[] passphraseOrPin, byte[] salt) throws NoSuchAlgorithmException,
InvalidKeySpecException {
// Number of PBKDF2 hardening rounds to use. Larger values increase
// computation time. You should select a value that causes computation
// to take >100ms.
final int iterations = 1000;
// Generate a 256-bit key
final int outputKeyLength = 256;
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec keySpec = new PBEKeySpec(passphraseOrPin, salt, iterations, outputKeyLength);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
return secretKey;
}
Reference:android-developers.googleblog.com

14. Example: AES Encryption and Decryption
Reference: https://gist.github.com/dweymouth/11089238

15. References
● The Mobile Application Hacker’s Handbook
● Wikipedia (https://en.wikipedia.org/)
● Android Developers Blogs (http://android-developers.blogspot.com)