attacks on android 7 file based encryption
play

Attacks on Android 7 File Based Encryption Ronan Loftus 1 & - PowerPoint PPT Presentation

Jan 09, 2023 •563 likes •990 views

Introduction Overview Attacks Conclusion Attacks on Android 7 File Based Encryption Ronan Loftus 1 & Marwin Baumann 1 1 Systems and Network Engineering MSc. University of Amsterdam Research Project 1, 2017 Ronan Loftus & Marwin

  1. Introduction Overview Attacks Conclusion Attacks on Android 7 File Based Encryption Ronan Loftus 1 & Marwin Baumann 1 1 Systems and Network Engineering MSc. University of Amsterdam Research Project 1, 2017 Ronan Loftus & Marwin Baumann

  2. Introduction Overview Encryption Landscape Attacks Motivation Conclusion Table of Contents Introduction 1 Encryption Landscape Motivation Overview 2 How It’s Made Attacks 3 Remanence Exhaustive Search Authentication Subversion Conclusion 4 Results Recommendations Ronan Loftus & Marwin Baumann

  3. Introduction Overview Encryption Landscape Attacks Motivation Conclusion Encryption Since Android 3.0 ‘Full Disk’ Encryption: Encrypts the data partition Major problem: Needs user interaction after reboot Ronan Loftus & Marwin Baumann

  4. Introduction Overview Encryption Landscape Attacks Motivation Conclusion New in Android 7.0 File Based Encryption: Still only encrypts the data partition Each file encrypted with separate key Per user encryption Ronan Loftus & Marwin Baumann

  5. Introduction Overview Encryption Landscape Attacks Motivation Conclusion Why? Why do people want to encrypt their devices? Ronan Loftus & Marwin Baumann

  6. Introduction Overview Encryption Landscape Attacks Motivation Conclusion Why? Why do people want to encrypt their devices? To protect data at rest. When device is lost/stolen keep your personal data confidential Businesses can feel more comfortable keeping sensitive data on employee devices Ronan Loftus & Marwin Baumann

  7. Introduction Overview Encryption Landscape Attacks Motivation Conclusion What’s the question? Our primary research question: Is Android 7 File Based Encryption vulnerable to the same attacks as Full Disk Encryption in previous Android versions? Ronan Loftus & Marwin Baumann

  8. Introduction Overview Encryption Landscape Attacks Motivation Conclusion What’s the question? Our primary research question: Is Android 7 File Based Encryption vulnerable to the same attacks as Full Disk Encryption in previous Android versions? Kind of. . . Ronan Loftus & Marwin Baumann

  9. Introduction Overview How It’s Made Attacks Conclusion Table of Contents Introduction 1 Encryption Landscape Motivation Overview 2 How It’s Made Attacks 3 Remanence Exhaustive Search Authentication Subversion Conclusion 4 Results Recommendations Ronan Loftus & Marwin Baumann

  10. Introduction Overview How It’s Made Attacks Conclusion How does Full Disk Encryption work? Uses dm-crypt (u)Randomly created master key (DEK) encrypts data partition using AES-128 (CBC) DEK encrypted with KEK using, at least, AES-128 (CBC) Master key is static until partition wiped. Ronan Loftus & Marwin Baumann

  11. Introduction Overview How It’s Made Attacks Conclusion Full Disk Encryption overview Ronan Loftus & Marwin Baumann

  12. Introduction Overview How It’s Made Attacks Conclusion How does File Based Encryption work? Two areas encrypted differently This solves the big problem with Full Disk Encryption mentioned earlier. Ronan Loftus & Marwin Baumann

  13. Introduction Overview How It’s Made Attacks Conclusion How does File Based Encryption work? Many keys Uses native ext4 filesystem level encryption 512 bit master key is encrypted using AES-256 in GCM mode File names encrypted using AES-256 in CBC-CTS mode File contents encrypted using AES-256 in XTS mode Master key still static! Ronan Loftus & Marwin Baumann

  14. Introduction Overview How It’s Made Attacks Conclusion File Based Encryption overview Ronan Loftus & Marwin Baumann

  15. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Table of Contents Introduction 1 Encryption Landscape Motivation Overview 2 How It’s Made Attacks 3 Remanence Exhaustive Search Authentication Subversion Conclusion 4 Results Recommendations Ronan Loftus & Marwin Baumann

  16. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Madness Let’s attack the cryptosystem directly . . . Ronan Loftus & Marwin Baumann

  17. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Madness Let’s attack the cryptosystem directly . . . Nope! Ronan Loftus & Marwin Baumann

  18. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Cold Boot Data remanence attacks rely on cryptographic keys being kept in memory Trusted Execution Environment (TEE) secure area of the main processor Since TEE, keys not stored in RAM Ronan Loftus & Marwin Baumann

  19. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Brute Force (online) Enumerate all the combinations. Always possible in theory! Attack: Using Android Debug Bridge Using On-the-Go protocol Using robot Ronan Loftus & Marwin Baumann

  20. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Brute Force (offline) Qualcomm no TEE: Image partitions and start cracking Ronan Loftus & Marwin Baumann

  21. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Brute Force (offline) Qualcomm no TEE: Image partitions and start cracking with TEE: not possible, unless the device has a Qualcomm chip ( ≈ 60% of Android devices) The key derivation function is not actually bound to the hardware in Qualcomm chips Been patched in AOSP but still exists in hardware so a downgrade attack is still viable for Full Disk Encryption Ronan Loftus & Marwin Baumann

  22. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Brute Force (semi-online) Try to offload some of the work from the device Make the device do the hardware specific work then compute the rest on a more powerful machine Ronan Loftus & Marwin Baumann

  23. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Evil Maid Classic attack on encrypted devices. Just install a keylogger! Capture users authentication credentials using a non encrypted part of the device Install a new keyboard Subvert code displaying PIN prompts Ronan Loftus & Marwin Baumann

  24. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Evil Maid Subvert "Binder" Input Method Editor com.android.inputmethod.latin Ronan Loftus & Marwin Baumann

  25. Introduction Remanence Overview Exhaustive Search Attacks Authentication Subversion Conclusion Fingerprints Becoming far more common for users to authenticate to their cryptosystem via fingerprint With trivial modification to the source, sensor will authenticate anything it can read Ronan Loftus & Marwin Baumann

  26. Introduction Overview Results Attacks Recommendations Conclusion Table of Contents Introduction 1 Encryption Landscape Motivation Overview 2 How It’s Made Attacks 3 Remanence Exhaustive Search Authentication Subversion Conclusion 4 Results Recommendations Ronan Loftus & Marwin Baumann

  27. Introduction Overview Results Attacks Recommendations Conclusion Cold Boot Since Android 7.0 devices MUST come with a hardware backed keystore (TEE) This renders remanence attacks obsolete! Ronan Loftus & Marwin Baumann

  28. Introduction Overview Results Attacks Recommendations Conclusion Brute Force (online) Rate limits have been updated since 7.0 Try to subvert the “Gatekeeper” Ronan Loftus & Marwin Baumann

  29. Introduction Overview Results Attacks Recommendations Conclusion Brute Force (offline) Qualcomm vulnerability has been software patched Downgrade attack would still be possible but . . . Ronan Loftus & Marwin Baumann

  30. Introduction Overview Results Attacks Recommendations Conclusion Brute Force (semi-online) We theorise that is still possible Untested Ronan Loftus & Marwin Baumann

  31. Introduction Overview Results Attacks Recommendations Conclusion Evil Maid Hook the binder Dump the credentials to the disk Can also Send over network (out of scope) Ronan Loftus & Marwin Baumann

  32. Introduction Overview Results Attacks Recommendations Conclusion IPCThreadState.cpp Listing 1: IPCThreadState::talkWithDriver i o c t l ( mProcess − >mDriverFD , BINDER_WRITE_READ, &bwr ) 1 Listing 2: evil_ioctl int e v i l _ i o c t l ( int fd , int op_type , 1 binder_write_read ∗ bwr ) { 2 int r e s = i o c t l ( fd , op_type , bwr ) ; 3 e v i l _ r e p l y _ m a n i p u l a t i o n ( bwr ) ; 4 return r e s ; 5 } 6 Ronan Loftus & Marwin Baumann

  33. Introduction Overview Results Attacks Recommendations Conclusion Fingerprints Phone contains modified fingerprintd binary. Listing 3: FingerprintDaemonProxy.cpp callback -> onAuthenticated (device , 1 // msg ->data. authenticated .finger.fid , 2 0x1a4 , // non -zero id 3 msg ->data. authenticated .finger.gid); 4 Ronan Loftus & Marwin Baumann

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

923 views • 51 slides
Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

681 views • 51 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M. Eichlseder 1 , T. Korak 1 , V. Lomn e 2 , F. Mendel 1 AsiaCrypt 2016 1 Graz University of Technology, Austria 2 ANSSI, Paris, France

602 views • 27 slides
HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android

HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android

HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android project Application name Company domain Project location Hello World Project Target Android Devices Hello World Project Add an

213 views • 18 slides
Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML

Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML

CS 4518 Mobile and Ubiquitous Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML file

701 views • 58 slides
Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption Changhyun Lee, Yeonju Choi, Hyeongmin Park, Kangbin Yim, and Sun-Young Lee Soonchunhyang University IMIS 2019 Presenter: Brandon Falk (

645 views • 21 slides
File format fuzzing in Android: Giving Stagefright to the Android installer Alexandru Blanda

File format fuzzing in Android: Giving Stagefright to the Android installer Alexandru Blanda

File format fuzzing in Android: Giving Stagefright to the Android installer Alexandru Blanda Intel OTC Security SQE Agenda File format fuzzing in Android Fuzzing the Stagefright media framework Fuzzing the Android application

614 views • 40 slides
Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl,

Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl,

S C I E N C E P A S S I O N T E C H N O L O G Y Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University of Technology, Austria CHES 2017,

753 views • 58 slides
Understanding Gradle for Android Kevin Pelgrims Schedule The build file Groovy basics

Understanding Gradle for Android Kevin Pelgrims Schedule The build file Groovy basics

Understanding Gradle for Android Kevin Pelgrims Schedule The build file Groovy basics Back to the build file Custom tasks Tasks for Android Tips and tricks The build file The build file apply plugin:

616 views • 47 slides
Authenticated Encryption Atul Luykx COSIC, ESAT, KU Leuven, Belgium July 15, 2016 1 2 2 2 2

Authenticated Encryption Atul Luykx COSIC, ESAT, KU Leuven, Belgium July 15, 2016 1 2 2 2 2

Authenticated Encryption Atul Luykx COSIC, ESAT, KU Leuven, Belgium July 15, 2016 1 2 2 2 2 2 2 2 2 2 2 Modeling Attacks 3 Modeling Attacks 3 Modeling Attacks Encryption 3 Modeling Attacks Encryption 3 Modeling Attacks

1.82k views • 169 slides
Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on:

Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on:

Lesson 25 Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work created and shared by Google

518 views • 41 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML

1.18k views • 92 slides
Location Services Introduction A location-based service (LBS) is an information system driven by

Location Services Introduction A location-based service (LBS) is an information system driven by

Lesson 24 Lesson 24 Android Android Location Based Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are

531 views • 25 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in 32 bit and 64 bit Requires a dedicated test/build box Difficult Crypt::OpenPGP dependencies Poor error reporting Not thread

495 views • 5 slides
Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure

Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure

Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure voice and messaging, that Adds security to Your standard mobile phone Gives the You absolute and exclusive control of all cryptographic

262 views • 15 slides
DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University

DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University

DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University Weimar 22nd April 2009 Dennis Hoppe (BUW) DARXplorer 22nd April 2009 1 / 31 Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3

757 views • 42 slides
Full Cost Allocation Plan and User Fee Study Results Presentation Goals t Present scope of

Full Cost Allocation Plan and User Fee Study Results Presentation Goals t Present scope of

Full Cost Allocation Plan and User Fee Study Results Presentation Goals t Present scope of services and study objectives t Present basic costing methodology and approach t Discuss a summary of findings and results t Questions Scope of Services t

434 views • 25 slides
DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug

DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug

DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug ugust ust 20 2016 16 FORWARD LOOKING STATEMENTS This presentation contains forward looking information or "forward looking

625 views • 47 slides
SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER

SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER

SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # Use

393 views • 25 slides
Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah Muzahid , Shanxiang Qi , and Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu MICRO December 2012 Sequential

261 views • 24 slides
We build Transport for the North John Cridland for a better Spitalfields Crypt Trust Gary

We build Transport for the North John Cridland for a better Spitalfields Crypt Trust Gary

Upfront magazine We build for a better society issue #7: 17, June A Skanska publication in print online Inside this issue Creating a positive legacy K&L Gates Clarissa Coleman We build Transport for the North John Cridland for a

292 views • 5 slides

More recommend