Kerberos + Android: A Tale of Opportunity

2,940 views

Published on

Slides from Chris Conlon's presentation about yaSSL's work porting the CyaSSL embedded SSL library, the MIT Kerberos library, and the Kerberos GSS-API to the Android platform.

To learn more, visit www.yassl.com.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,940
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Kerberos + Android: A Tale of Opportunity

  1. 1. Kerberos + Android A Tale of OpportunitySlide 1 / 39 © Copyright 2012 yaSSL
  2. 2. Platform Decisions The StatisticsSlide 2 / 39 © Copyright 2012 yaSSL
  3. 3. Why Go Mobile? 80% of the worlds population now has a mobile phone. ( 5 Billion Phones )Slide 3 / 39 © Copyright 2012 yaSSL
  4. 4. Why Go Mobile? 21.6% Of those 80%, 1.08 Billion are smartphones.Slide 4 / 39 © Copyright 2012 yaSSL
  5. 5. Why Go Mobile? In the US: 60% 40% the ratio is even higher, with smartphones making up 40% of all mobile phones.Slide 5 / 39 © Copyright 2012 yaSSL
  6. 6. OK, well why Android?Slide 6 / 39 © Copyright 2012 yaSSL
  7. 7. Android? Reason 1: US Market Dominance iPhone 28% U.S. Android Smartphones == 40% (40%) Blackberry 19% Windows Mobile, 7% Windows Phone 7, 1% Other, 5%Slide 7 / 39 © Copyright 2012 yaSSL
  8. 8. Android? Reason 2: Consumer Popularity •  100 million activated Android devices (now 400,000 / day) •  200,000 apps in Android Market (4.5 billion activations to date) •  310 devices available to consumers (112 countries)Slide 8 / 39 © Copyright 2012 yaSSL
  9. 9. Android? Reason 3: Developer Popularity •  450,000 developers building for the platform!Slide 9 / 39 © Copyright 2012 yaSSL
  10. 10. Android. Meaning? •  Opportunity for increased Kerberos visibility •  Useful for Android and Kerberos developers •  Fun to see where the community takes itSlide 10 / 39 © Copyright 2012 yaSSL
  11. 11. Our Plan What we wanted to do.Slide 11 / 39 © Copyright 2012 yaSSL
  12. 12. Goals We wanted to fill a missing gap. 1.  Port Kerberos libraries to Android 2.  Port some C-based Kerberos client apps to Android kinit klist kvno kdestroySlide 12 / 39 © Copyright 2012 yaSSL
  13. 13. Goals We wanted to spark community involvement. 3.  Build a sample Android NDK App (with a simple GUI) 4.  Give changes back to communitySlide 13 / 39 © Copyright 2012 yaSSL
  14. 14. Action! What we did.Slide 14 / 39 © Copyright 2012 yaSSL
  15. 15. 1. Crypto ImplementationSlide 15 / 39 © Copyright 2012 yaSSL
  16. 16. Crypto Added new CyaSSL crypto implementation •  Kerberos crypto options: CyaSSL, OpenSSL, NSS, built-inSlide 16 / 39 © Copyright 2012 yaSSL
  17. 17. Crypto Added new CyaSSL crypto implementation •  CyaSSL is very portableSlide 17 / 39 © Copyright 2012 yaSSL
  18. 18. 2. PortingSlide 18 / 39 © Copyright 2012 yaSSL
  19. 19. Android Port Kerberos Libraries + CyaSSL Android. •  Cross-compiled libraries for Android •  Created shell script for easy reproduction by developersSlide 19 / 39 © Copyright 2012 yaSSL
  20. 20. 3. Android ApplicationSlide 20 / 39 © Copyright 2012 yaSSL
  21. 21. Android App Simple sample NDK project Home Screen •  Single screen •  Uses JNI •  Wrapper around native client appsSlide 21 / 39 © Copyright 2012 yaSSL
  22. 22. Android App Simple sample NDK project kinit •  Gets a ticket using specified principalSlide 22 / 39 © Copyright 2012 yaSSL
  23. 23. Android App Simple sample NDK project klist •  Lists our ticketsSlide 23 / 39 © Copyright 2012 yaSSL
  24. 24. Android App Simple sample NDK project kvno •  Gets a service ticket for the entered principalSlide 24 / 39 © Copyright 2012 yaSSL
  25. 25. Android App Simple sample NDK project klist after kvno •  Verify that we got a ticketSlide 25 / 39 © Copyright 2012 yaSSL
  26. 26. Android App Simple sample NDK project kdestroy •  Clear our ticket cacheSlide 26 / 39 © Copyright 2012 yaSSL
  27. 27. Android App Notes •  Uses a keytab instead of passwords •  Storage locations have been chosen for convenience Can be easily modified to what the developer needs Currently at /data/local/kerberosSlide 27 / 39 © Copyright 2012 yaSSL
  28. 28. Android App License Type •  Application code will remain under the MIT licenseSlide 28 / 39 © Copyright 2012 yaSSL
  29. 29. 4. GSS-API WrapperSlide 29 / 39 © Copyright 2012 yaSSL
  30. 30. GSS-API Java Wrapper •  Provide Java bindings for developers to use •  Uses framework •  Wrapper around native Kerberos GSS-API library (Contains functionality found in gssapi.h)Slide 30 / 39 © Copyright 2012 yaSSL
  31. 31. GSS-API Java Wrapper 2 example clients: •  Android client functionality •  Stand-alone Java app for desktop useSlide 31 / 39 © Copyright 2012 yaSSL
  32. 32. GSS-API Integrated into sample app. Example Client •  Est. context with example server •  Send wrapped message, verify returned sig. block (gss_wrap, gss_verify_mic) •  Repeat #2, but with gss_seal, gss_verify •  Misc. API tests and exit.Slide 32 / 39 © Copyright 2012 yaSSL
  33. 33. GSS-API Integrated into sample app. Example Server •  Est. context with client •  Receive and unwrap a message from the client •  Generate & send signature block for received messageSlide 33 / 39 © Copyright 2012 yaSSL
  34. 34. The Future Whats happening next?Slide 34 / 39 © Copyright 2012 yaSSL
  35. 35. The Future Look to the Community. Availability •  Code will be linked from both MIT and yaSSL websitesSlide 35 / 39 © Copyright 2012 yaSSL
  36. 36. The Future Look to the Community. PR Activity / Visibility •  Blog posts •  Forum posts •  Press releases •  GitHub •  Mailing lists •  etc...Slide 36 / 39 © Copyright 2012 yaSSL
  37. 37. The Future Other ideas or thoughts?Slide 37 / 39 © Copyright 2012 yaSSL
  38. 38. References Statistics •  http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/ •  http://www.go-gulf.com/blog/smartphone •  http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40- percent-are-android/ •  Google I/O 2011: http://www.google.com/events/io/2011 Project Locations Kerberos: http://web.mit.edu/kerberos/ CyaSSL: http://www.yassl.com/ •  Android NDK App: https://github.com/cconlon/kerberos-android-ndk •  GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapiSlide 38 / 39 © Copyright 2012 yaSSL
  39. 39. Thanks! www.yassl.comSlide 39 / 39 © Copyright 2012 yaSSL

×