Blackphone Jon Callas CTO and co-founder, Silent Circle The Device - - PowerPoint PPT Presentation

blackphone
SMART_READER_LITE
LIVE PREVIEW

Blackphone Jon Callas CTO and co-founder, Silent Circle The Device - - PowerPoint PPT Presentation

Dec 15, 2022 140 likes •408 views

Blackphone Jon Callas CTO and co-founder, Silent Circle The Device Blackphone 2 Android Lollipop (5.1.1) Qualcomm hardware Medium-to-high end hardware specs 64-bit, 8-core, 3GB RAM Spaces virtualization, based on SE

slide-1
SLIDE 1

Blackphone

Jon Callas CTO and co-founder, Silent Circle

slide-2
SLIDE 2

The Device — Blackphone 2

  • Android Lollipop (5.1.1)
  • Qualcomm hardware
  • Medium-to-high end hardware

specs

  • 64-bit, 8-core, 3GB RAM
  • Spaces virtualization, based
  • n SE Android, not hypervisor
  • Target customer is non-

technical professionals

slide-3
SLIDE 3

Blackphone Features (1)

  • Fine-grained app permissions
  • Spaces
  • Four virtual phones, one with Google Services
  • Silent Circle Services - Secure Voice and Texting
slide-4
SLIDE 4

Blackphone Features (2)

  • Rapid update of software, bugs fixed quickly
  • Often before main Android release
  • Silent Store recommendations layer over Google

Play Store

slide-5
SLIDE 5

Near Future Enhancements

  • Android Marshmallow OS
  • Privacy meter, monitoring
  • Baseband security guidance
  • Includes Silent Circle comms
slide-6
SLIDE 6

Much of what makes Blackphone is not crypto

slide-7
SLIDE 7

Blackphone Crypto

  • Storage encryption via Android
  • Enhanced easy setup, improvements over stock
  • ROM / OS signing
  • Curated Certificate Store
  • Certificate pinning on all SSL
  • Silent Circle Service communications
slide-8
SLIDE 8

Silent Circle Comms

  • Voice/Video via ZRTP + SDES
  • End-to-End with app-to-app
  • SDES alone to PSTN connection
  • Texting security through SCIMP/Axolotl±
  • Verification mixes ZRTP/Texting modes
slide-9
SLIDE 9

Crypto, pre-Snowden

  • Philosophical Guidance
  • Choices are good, but choices are bad
  • Too many parameters is hard to do, maintain
  • Create parameter suites
  • P-384 ECC, AES, CCM/CTR, SHA-2
  • 128-bit, 256-bit suites
  • Implementations in C and JS (via SJCL, 128-bit suite)
slide-10
SLIDE 10

Two Suites are Important!

  • General crypto agility is vital, but easy to overdo
  • Two suites means suite-selection gets tested
  • This is all software engineering, planning for

updates

slide-11
SLIDE 11

We succeeded in convincing amateurs not to design crypto, but the crypto people think they can do UX

slide-12
SLIDE 12

Crypto people also think API design is easy

slide-13
SLIDE 13

Crypto people think software and release engineering is impossible

slide-14
SLIDE 14

Software lifecycle includes end-of-life

slide-15
SLIDE 15

Many crypto breaks are really just bad lifecycle management!

slide-16
SLIDE 16

Two lifecycle problems

  • Bringing in new things you couldn't have thought of
  • Retiring things that are at their end of life
  • These can be small or large
  • As small as a protocol parameter, even
slide-17
SLIDE 17

Crypto, post-Snowden

  • Many users feared security of AES, P-384, SHA2
  • Crypto needs confidence in addition to security
  • Bernstein/Lange offer to create new EC
  • This is 41417
  • We need greater than 128-bit security because

users want it

slide-18
SLIDE 18

User Confidence Issues

  • Crypto users are passionate
  • They have strong opinions, likes, dislikes
  • These may not be rational to us
  • They are real and best worked with
slide-19
SLIDE 19

Familiar Options

  • ZRTP, like OpenPGP already had options for Twofish.

Also support for Skein one-pass-MAC

  • Create a new “Non-NIST” cipher suite (256 bits only)
  • P-384 41417
  • AES Twofish
  • SHA-2 Skein
  • Preference in UI for NIST/Non-NIST
slide-20
SLIDE 20

Observations

  • This is arguably only “marketing" but is there for

real user demand

  • The new block cipher and hash are NIST

competition finalists

  • 41417 has nice characteristics: very fast compared

to NIST curves, implementations are simpler

  • The spread didn’t go to SSL, BP storage, etc.
slide-21
SLIDE 21

Deployment

  • Previous testing of suite negotiation made it easy
  • Old software rejected new suite
  • New software preferred it by default
  • At present conflicts resolve to non-NIST
slide-22
SLIDE 22

A Tale of Good Intentions

  • SC Services are supposed to work like normal

dialer, texter.

  • Must authenticate user to services
  • Via full-entropy password the user never sees
  • Unlocking phone unlocks the app; no mandatory

secondly passcode

  • Has to run when the phone is locked
slide-23
SLIDE 23

No "keychain" in Android

  • If you want to protect the credentials you need

encrypted DB

  • If you want encrypted DB, you need a key
  • Key needs to come from a user passcode,

separate from unlock, and disk encrypt passcode

  • End result “Silent Key Manager” that just annoys
  • people. We removed it after a while
slide-24
SLIDE 24

Summary

  • The real world of Blackphone is that it is privacy-

enhanced Android with fast patching

  • Crypto management is part of the complete system
  • Software Engineering concerns, especially release

engineering, drive most of the real security, and crypto is one of these.

slide-25
SLIDE 25

Questions?