Transcript Data Encryption - Computer Science

A Comparison of
Android and iOS Security Models
Trevor L. Buttrey
Computer and Information Sciences
vs.
Computer and Information Sciences
Reasons for Concern
• Smartphones are advancing technologically
• Have become popular
• People are growing more dependant upon them
• Size makes them easy to lose
• Security problems are becoming more of an issue as
users store more and more personal information on
them
Computer and Information Sciences
2
Unsecure Devices Allow
• Access to emails and social networking accounts
• Access to personal messages
• Access to phone book
• Access to phone accounts
• Access to personal and confidential information
Computer and Information Sciences
3
Unsecure Devices Allow
• Access to bank accounts
• Access to mobile payments
• Access to web accounts
• Access to passwords
• Knowledge of location
Computer and Information Sciences
4
The 5 Security Pillars
Traditional
Access
Controls
Permissions
-based
Access
Control
Encryption
Application
Provenance
Computer and Information Sciences
Isolation
5
Traditional Access
Controls
Computer and Information Sciences
6
Traditional Access Control
iOS
• Password and passcode locking mechanisms
• Touch ID
• Device self-wipe capabilities
• Lockout of internal memory if not unlocked
• Memory is soldered to PCB
Computer and Information Sciences
7
Traditional Access Control
Android
• Starting with 2.x, password, passcode, and pattern
locking mechanism,
• 4.0 introduced facial recognition
• Other locking methods include fingerprint readers and
pictures.
• Lockout of internal memory if not unlocked
• SD card removable
Computer and Information Sciences
8
Data Encryption
Computer and Information Sciences
9
Data Encryption
iOS
•
•
•
•
•
Hierarchy of encryption keys:
Passcode Key
Hardware Keys: Unique ID (UID) and device group ID (GID)
– AES 256-bit keys
– Built Into Hardware and not directly accessible
File System Key
– Generated Randomly and stored in Flash Memory
– Used to encrypt File Metadata
Per File Key
– Encrypted by Class Key for file’s encryption class
– Encrypts contents of files on disk
Computer and Information Sciences
11
Data Encryption
iOS
• Encryption Classes
– Complete Protection
• Only Decryptable when unlocked, unusable when locked
– Protected Unless Open
• Uses Asymmetric Elliptic Curves (it’s complicated)
– Protected Until First User Authentication
• Similar to FDE
– No Protection
• Only protected by UID
Computer and Information Sciences
12
Data Encryption
iOS
• Effaceable Storage
– Low Level access to storage for secure wiping
– Used to erase File System Key
Computer and Information Sciences
13
Data Encryption
iOS
• Secure enclave
– Securely process fingerprints
– Is given the key to decrypt the complete
protection data class when locked.
– Separate and directly inaccessible to OS
Computer and Information Sciences
14
Data Encryption
Android
•
•
•
•
Some data encryption present
Android 3.x “Honeycomb” and above support full
filesystem encryption (AES128 CBC &
ESSIV:SHA256)
SD card encryption is not supported on any version
in AOSP
Device Manufacturers Can implement this
themselves
Computer and Information Sciences
15
Data Encryption
Android
• Samsung Knox:
– Brings android closer to iOS
– Supports AES-256 encryption of internal storage
and SD cards
Computer and Information Sciences
16
Permissions-based
Access Control
Computer and Information Sciences
17
Permissions-based Access Control
• After an app is installed, it has access to all permitted
resources of that device
• It can perform any kind of malicious operation using
the permissions provided
Computer and Information Sciences
18
Permissions-based Access Control
iOS
• Each app is given only certain permissions by iOS
• Once installed, user has granted app access to any of
the devices resources
• Apps can use most resources without additional
permission
• May access things they don’t need
• Does not require permission of the user
Computer and Information Sciences
19
Permissions-based Access Control
Android
• Follows Capability-Based Security Model
• App must request specific permissions from OS
before access
• User sees what is being requested and must grant
permission before app is installed
• Once app is granted permission, it could perform
malicious activity using those permissions
Computer and Information Sciences
20
Permissions-based Access Control
Android vs. iOS
• Android allows more access to the system than iOS
does
• Android only gives explicit permissions to apps
while apps installed on iOS can perform any
operation as defined by the OS
Computer and Information Sciences
21
Default App Permissions: Android vs. iOS
Android
iOS
Internet
Phone
Number
YouTube
History
Read SD Card
Address Book
Music/Video
Files
WiFi Connection
Logs
List of Installed
Apps
Calendar
Safari Search
History
Mic and Video
Camera
Launch An
Installed App
Device UID
AutoComplete
Computer and Information Sciences
22
Requestable App Permissions: Android
vs. iOS
iOS
Location
(GPS)
Prevent Phone
From Sleeping
Android
Fine Location
Coarse Location
(Network)
(GPS)
Internet
Push
Notifications
Record Audio
SMS/MMS
Send/Receive
Calendar
Address Book
Make Phone
Call
Manage
Accounts
Music/Video
/Picture
SD
Read/Write
Make and
Terminate Calls
Send
SMS/MMS
Control NFC
Access
Device Logs
Obtain Task
List
Make Bluetooth
Connections
Computer and Information Sciences
23
Which is Legitimate?
AndroidOS.FakePlay
er
Legit Video Player
Computer and Information Sciences
24
Application Provenance
Computer and Information Sciences
25
Application Provenance
iOS
• Robust signing system
• Apple provides digital certificate only to those who
register
• $100 per year
• Thorough analysis of apps, takes weeks
Computer and Information Sciences
26
Application Provenance
Android
• Not a robust signing system
• Anonymous signing certificates can be made without
oversight from Google
• Allows legitimate applications to be repackaged after
adding malware
• Although not signed with the same signature, they will
be signed, and can be distributed on the web.
Computer and Information Sciences
27
Isolation
Computer and Information Sciences
28
Programming
iOS:
• All apps are Objective-C or Swift
Android:
• Apps run in Dalvik JVM
• Android does not use that as main form of isolation
as not all code run in the VM
• Most web browsers use significant amounts of
native code
Computer and Information Sciences
29
Isolation
iOS
• Sandboxed
– Own home directory
– Must use APIs to access or modify system
settings
– Cannot communicate with other apps directly
– Nothing runs as root except kernel
Computer and Information Sciences
30
Isolation
iOS
• Declared Entitlements
– Digitally signed
– Allow extra permissions
– Alternative to running as root
Computer and Information Sciences
31
Isolation
Android
• Sandboxing
– Uses native Linux user-based permissions model
– Each app is it’s own user
– Secured by the Linux kernel itself
Computer and Information Sciences
32
Isolation
Android
• Samsung Knox:
– Further separates applications
– Prevents access to Android APIs
– Reduces API set allows data in, but not out
Computer and Information Sciences
33
Jailbreaking, Rooting, and
Exploits
Computer and Information Sciences
34
Jailbreaking, Rooting, and Exploits
iOS
• Jailbreaking: Uses exploits (buffer overflows among
other things) to allow unsigned code to run
Android
• Rooting: Uses exploits (usually buffer overflows) to
load a su binary (usually harder than it sounds) to
allow apps to run with elevated privileges
Computer and Information Sciences
35
Jailbreaking, Rooting, and Exploits
The Point:
Although the uses for the exploits are usually
beneficial for the user, their existence represents
flaws in OS’s that can be leveraged by malicious apps.
Computer and Information Sciences
36
Jailbreaking and Rooting
Advantages:
• The (hacking) community can push out patches for
other exploits faster than the manufactures (iOS
PDF)
• Finer control over the system
Computer and Information Sciences
37
Jailbreaking and Rooting
Disadvantages:
• May cause security vulnerabilities
• May “brick” the device
• May void the warranty
Computer and Information Sciences
38
After running the exploits, the device may
become vulnerable in other ways (iPhone.Ikee)
Computer and Information Sciences
39
Summary
• Both have Strong Isolation
• iOS’s Permission system is static, but due to vetting process harder
for apps to abuse them.
• Android’s Permission system is flexible, but requires user vigilance.
• Both have Strong Traditional access controls
• Both have encryption on recent versions, however android 2.x
versions don’t have any and 3.x+ encryption pales compared to iOS
• Apple has a stronger vetting process, but also takes longer for app
updates
• Android has weaker vetting process, but updates get pushed out
almost immediately
Computer and Information Sciences
40
xkcd,com
Computer and Information Sciences
41