Android Security Mechanisms

Android Security Mechanisms Lecture 9

Android and Low-level Optimizations Summer School

1 August 2015

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.

Android Security Mechanisms, Lecture 9

1/35

Android Permissions Cryptographic Providers Network Security Bibliography Keywords

Android Security Mechanisms, Lecture 9

2/35

Outline

Android Permissions Cryptographic Providers Network Security Bibliography Keywords

Android Security Mechanisms, Lecture 9

3/35

Android Permissions

I

A string

I

The ability to perform a particular operation Built-in permissions documented in the platform API reference

I

I

Defined in the android package

I

Custom permissions - defined by system or user apps

I

pm list permissions Defining package + .permission + name

I

I I

android.permission.REBOOT com.android.laucher3.permission.RECEIVE_LAUNCH_BROADCASTS

Android Security Mechanisms, Lecture 9

4/35

Android Permissions

I

Apps request permissions in AndroidManifest.xml

I

I

Assigned to apps at install time by the package manager service Central database of installed packages I

I

I

I

/data/system/packages.xml

Programatically access package information from android.content.pm.PackageManager getPackageInfo() returns PackageInfo instance

Cannot be changed or revoked without uninstalling app

Android Security Mechanisms, Lecture 9

5/35

Permission Protection Levels

I I

Potential risk and procedure to grant permission Normal I I I

I

Low risk Automatically granted without user confirmation ACCESS_NETWORK_STATE, GET_ACCOUNTS

Dangerous I I I

Access to user data or control over the device Requires user confirmation - accept or cancel installation CAMERA, READ_SMS

Android Security Mechanisms, Lecture 9

6/35

Permission Protection Levels

I

Signature I I

I

I

I

Highest level of protection Apps signed with the same key as the app that declared the permission Built-in permissions are used by system apps (signed with platform key) NET_ADMIN, ACCESS_ALL_EXTERNAL_STORAGE

SignatureOrSystem I

I

Apps part of system image or signed with the same key as the app that declared the permission Vendors may have preinstalled apps without using the platform key

Android Security Mechanisms, Lecture 9

7/35

Kernel-Level Enforcement

I

Access to regular files, device nodes and local sockets managed by the Linux kernel, based on UID, GID

I

Permissions are mapped to supplementary GIDs

I

Built-in permission mapping in /etc/permission/platform.xml Example:

I

I I

I

INTERNET permission associated with GID inet Only apps with INTERNET permission can create network sockets The kernel verifies if the app belongs to GID inet

Android Security Mechanisms, Lecture 9

8/35

Framework-Level Enforcement I

Static permission enforcement I

I

I I I

I

System keeps track of permissions associated to each app component Checks whether callers have the required permission before allowing access Enforcement by runtime environment Isolating security decisions from business logic Less flexible

Dynamic permission enforcement I

I

I I

Components check to see if the caller has the necessary permissions Decisions made by each component, not by runtime environment More fine-grained access control More operations in components

Android Security Mechanisms, Lecture 9

9/35

Dynamic Enforcement

I

I

Helper methods in android.content.Context class to perform permission check checkPermission(String permission, int pid, int uid) I I I I I

I

Returns PERMISSION_GRANTED or PERMISSION_DENIED For root and system, permission is automatically granted If permission is declared by calling app, it is granted Deny for private components Queries the Package Manager

enforcePermission(String permission, int pid, int uid, String message) I

Throws SecurityException with message if permission is not granted

Android Security Mechanisms, Lecture 9

10/35

Static Enforcement

I

An app tries to call a component of another app - intent

I

Target component - android:permission

I

Caller - Activity Manager

I

I I I

Resolves intent Checks if target component has an associated permission Delegates permission check to Package Manager

I

If caller has necessary permission, the target component is started

I

Otherwise, a SecurityException is generated

Android Security Mechanisms, Lecture 9

11/35

Activity and Service Permission Enforcement

I

Permission checks for activities I

I

I

Permission checks for services I

I

I

Intent is passed to Context.startActivity() or startActivityForResult() Resolves to an activity that declares a permission Intent passed to Context.startService() or stopService() or bindService() Resolves to a service that declares a permission

If caller does not have the necessary permission, generates SecurityExceptions

Android Security Mechanisms, Lecture 9

12/35

Content Provider Permission Enforcement

I

Protect the whole component or a particular exported URI

I

Different permissions for reading and writing

I

Read permission - ContentResolver.query() on provider or URI

I

Write permission - ContentResolver.insert(), update(), delete() on provider or URI

I

Synchronous checks

Android Security Mechanisms, Lecture 9

13/35

Broadcast Permission Enforcement

I

Receivers may be required to have a permission I

I I

I

Broadcasters may need to have a permission to send a broadcast I I I

I

Context.sendBroadcast(Intent intent, String receiverPermission) Check when delivering intent to receivers No permission - broadcast not received, no exception

Specified in manifest or in registerReceiver Checked when delivering broadcast No permission - no delivery, no exception

2 checks for each delivery: for sender and receiver

Android Security Mechanisms, Lecture 9

14/35

Custom Permissions I

Declared by apps

I

Checked statically by the system or dynamically by the components

I

Declared in AndroidManifest.xml

: name=”com . e x a m p l e . app . p e r m i s s i o n . PERMISSION1” : l a b e l =” @ s t r i n g / p e r m i s s i o n 1 l a b e l ” : d e s c r i p t i o n =” @ s t r i n g / p e r m i s s i o n 1 d e s c ” : p e r m i s s i o n G r o u p =”com . e x a m p l e . app . p e r m i s s i o n −g r o u p . TEST GROUP” : p r o t e c t i o n L e v e l =” s i g n a t u r e ” />

Android Security Mechanisms, Lecture 9

15/35

Outline

Android Permissions Cryptographic Providers Network Security Bibliography Keywords

Android Security Mechanisms, Lecture 9

16/35

JCA Provider Architecture

I

Java Cryptography Architecture (JCA) I I I

I

Cryptographic Service Provider (CSP) I I I I

I

Extensible cryptographic provider framework Set of APIs - major cryptographic primitives Applications specify an algorithm, do not depend on particular provider implementation Package with implementation of cryptographic services Advertises the implemented services and algorithms JCA maintains a registry of providers and their algorithms Providers in a order of preference

Service Provider Interface (SPI) I I

Common interface for implementations of a specific algorithm Abstract class implemented by provider

Android Security Mechanisms, Lecture 9

17/35

JCA Engine Classes I

JCA engines provide: I I

I

Cryptographic operations (encrypt/decrypt, sign/verify, hash) Generation or conversion of cryptographic material (keys, parameters) Management and storage of cryptographic objects (keys, certificates)

I

Decouple client code from algorithm implementation

I

Static factory method getInstance()

I

Request implementation indirectly s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m ) throws NoSuchAlgorithmException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g algorithm , S t r i n g p r o v i d e r ) throws NoSuchAlgorithmException , NoSuchProviderException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g algorithm , P r o v i d e r p r o v i d e r ) throws NoSuchAlgorithmException

Android Security Mechanisms, Lecture 9

18/35

Message Digest

I

Hash function M e s s a g e D i g e s t md = M e s s a g e D i g e s t . g e t I n s t a n c e ( ”SHA− 2 5 6 ” ) ; byte [ ] data = getMessage ( ) ; b y t e [ ] h a s h = md . d i g e s t ( d a t a ) ;

I

Data provided in chuncks using update() then call digest()

I

If data is short and fixed - hashed in one step using digest()

Android Security Mechanisms, Lecture 9

19/35

Signature I

Digital signature algorithms based on asymmetric encryption

I

Algorithm name: with

I

Sign: b y t e [ ] d a t a = ” m e s s a g e t o be s i g n e d ” . g e t B y t e s ( ” A S C I I ” ) ; S i g n a t u r e s = S i g n a t u r e . g e t I n s t a n c e ( ” SHA256withRSA ” ) ; s . i n i t S i g n ( privKey ) ; s i g . update ( data ) ; byte [ ] s i g n a t u r e = s i g . sign ( ) ;

I

Verify: S i g n a t u r e s = S i g n a t u r e . g e t I n s t a n c e ( ” SHA256withRSA ” ) ; s . i n i t V e r i f y ( pubKey ) ; s . update ( data ) ; boolean v a l i d = s . v e r i f y ( signature ) ;

Android Security Mechanisms, Lecture 9

20/35

Cipher

I

Encryption and decryption operations

I

Encryption:

S e c r e t key = getSecretKey ( ) ; C i p h e r c = C i p h e r . g e t I n s t a n c e ( ” AES/CBC/ PKCS5Padding ” ) ; b y t e [ ] i v = new b y t e [ c . g e t B l o c k S i z e ( ) ] ; SecureRandom s r = new SecureRandom ( ) ; sr . nextBytes ( iv ) ; I v P a r a m e t e r S p e c i v p = new I v P a r a m e t e r S p e c ( i v ) ; c . i n i t ( C i p h e r . ENCRYPT MODE, key , i v p ) ; b y t e [ ] d a t a = ” Message t o e n c r y p t ” . g e t B y t e s ( ”UTF−8”); byte [ ] c i p h e r t e x t = c . doFinal ( data ) ;

Android Security Mechanisms, Lecture 9

21/35

Cipher

I

Decryption:

C i p h e r c = C i p h e r . g e t I n s t a n c e ( ” AES/CBC/ PKCS5Padding ” ) ; c . i n i t ( C i p h e r . DECRYPT MODE, key , i v p ) ; byte [ ] data = c . doFinal ( c i p h e r t e x t ) ;

Android Security Mechanisms, Lecture 9

22/35

MAC

I

Message Authentication Code algorithms

SecretKey key = getSecretKey ( ) ; Mac m = Mac . g e t I n s t a n c e ( ” HmacSha256 ” ) ; m. i n i t ( k e y ) ; b y t e [ ] d a t a = ” Message ” . g e t B y t e s ( ”UTF−8”); b y t e [ ] hmac = m. d o F i n a l ( d a t a ) ;

Android Security Mechanisms, Lecture 9

23/35

KeyGenerator

I

Generates symmetric keys

I

Additional checks for weak keys

I

Set key parity when necessary

I

Takes advantage of the cryptographic hardware

K e y G e n e r a t o r kg = K e y G e n e r a t o r . g e t I n s t a n c e ( ” HmacSha256 ” ) ; S e c r e t K e y k e y = kg . g e n e r a t e K e y ( ) ;

K e y G e n e r a t o r kg = K e y G e n e r a t o r . g e t I n s t a n c e ( ” AES ” ) ; kg . i n i t ( 2 5 6 ) ; S e c r e t K e y k e y = kg . g e n e r a t e K e y ( ) ;

Android Security Mechanisms, Lecture 9

24/35

KeyPairGenerator

I

Generates public and private keys

K e y P a i r G e n e r a t o r kpg = K e y P a i r G e n e r a t o r . g e t I n s t a n c e ( ”RSA ” ) ; kpg . i n i t i a l i z e ( 1 0 2 4 ) ; K e y P a i r p a i r = kpg . g e n e r a t e K e y P a i r ( ) ; PrivateKey p riv = pair . getPrivate ( ) ; P u b l i c K e y pub = p a i r . g e t P u b l i c ( ) ;

Android Security Mechanisms, Lecture 9

25/35

Android JCA Providers I

Harmony’s Crypto Provider I I I

I

Android’s Bouncy Castle Provider I I I

I

I

Limited JCA provider part of the Java runtime library SecureRandom (SHA1PRNG), KeyFactory (DSA) MessageDigest (SHA-1), Signature (SHA1withDSA) Full-featured JCA provider Part of the Bouncy Castle Crypto API Cipher, KeyGenerator, Mac, MessageDigest, SecretKeyFactory, Signature, CertificateFactory Large number of algorithms

AndroidOpenSSL Provider I I I I

Native code, performance reasons Covers most functionality of Bouncy Castle Preferred provider Implementation uses JNI to access OpenSSL’s native code

Android Security Mechanisms, Lecture 9

26/35

Outline

Android Permissions Cryptographic Providers Network Security Bibliography Keywords

Android Security Mechanisms, Lecture 9

27/35

SSL/TLS

I

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

I

SSL is the predecesor of TLS

I

Secure point-to-point communication protocols

I

Authentication, Message confidentiality and integrity for communication over TCP/IP

I

Combination of symmetric and asymmetric encryption for confidentiality and integrity

I

Public key certificates for authentication

I

Java Secure Socket Extension (JSSE)

Android Security Mechanisms, Lecture 9

28/35

Authentication

I

Based on public key cryptography and certificates

I

Both ends presents its certificate

I

If trusted, they negotiate a shared key for securing the communication using pairs of public/private keys

I

JSSE delegates trust decisions to TrustManager and authentication key selection to KeyManager

I

Each SSLSocket has access to them through SSLContext

I

TrustManager has a set of trusted CA certificates (trust anchors)

Android Security Mechanisms, Lecture 9

29/35

Obtain Trust Anchors

I

Default JSSE TrustManager initialized using the system trust store I

/system/etc/security/cacerts.bks

T r u s t M a n a g e r F a c t o r y tmf = T r u s t M a n a g e r F a c t o r y . g e t I n s t a n c e ( TrustManagerFactory . getDefaultAlgorithm ( ) ) ; tmf . i n i t ( ( K e y S t o r e ) n u l l ) ; X509TrustManager xtm = ( X509TrustManager ) tmf . getTrustManagers ( ) [ 0 ] ; f o r ( X 5 0 9 C e r t i f i c a t e c e r t : xtm . g e t A c c e p t e d I s s u e r s ( ) ) { S t r i n g c e r t S t r = ”S : ” + c e r t . g e t S u b j e c t D N ( ) . getName ( ) + ”\ n I : ” + c e r t . g e t I s s u e r D N ( ) . getName ( ) ; Log . d (TAG, c e r t S t r ) ; }

Android Security Mechanisms, Lecture 9

30/35

Use your own Trust Store I

Generate your trust store using Bouncy Castle and openSSL in comand line

I

Preferred HTTPS API

K e y S t o r e l o c a l T r u s t S t o r e = K e y S t o r e . g e t I n s t a n c e ( ”BKS ” ) ; I n p u t S t r e a m i n = g e t R e s o u r c e s ( ) . openRawResource ( R . raw . m y t r u s t s t o r e ) ; l o c a l T r u s t S t o r e . l o a d ( i n , TRUSTSTORE PASSWORD . t o C h a r A r r a y ( ) ) ; T r u s t M a n a g e r F a c t o r y tmf = T r u s t M a n a g e r F a c t o r y . g e t I n s t a n c e ( TrustManagerFactory . getDefaultAlgorithm ( ) ) ; tmf . i n i t ( t r u s t S t o r e ) ; S S L C o n t e x t s s l C t x = S S L C o n t e x t . g e t I n s t a n c e ( ” TLS ” ) ; s s l C t x . i n i t ( n u l l , tmf . g e t T r u s t M a n a g e r s ( ) , n u l l ) ; URL u r l = new URL( ” h t t p s : / / m y s e r v e r . com ” ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l urlConnection . setSSLSocketFactory ( sslCtx . getSocketFactory ( ) ) ;

Android Security Mechanisms, Lecture 9

31/35

Outline

Android Permissions Cryptographic Providers Network Security Bibliography Keywords

Android Security Mechanisms, Lecture 9

32/35

Bibliography

I

Android Security Internals, Nikolay Elenkov

I

http://nelenkov.blogspot.ro/2011/12/ using-custom-certificate-trust-store-on.html

I

https://github.com/nelenkov/custom-cert-https

Android Security Mechanisms, Lecture 9

33/35

Outline

Android Permissions Cryptographic Providers Network Security Bibliography Keywords

Android Security Mechanisms, Lecture 9

34/35

Keywords

I

Permissions

I

Java Cryptography Architecture

I

Protection levels

I

Cryptographic Service Provider

I

Static enforcement

I

Engine classes

I

Dynamic enforcement

I

Java Secure Socket Extension

I

Custom permissions

I

Trust Store

Android Security Mechanisms, Lecture 9

35/35

Recommend Documents