deadbolt
play

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David - PowerPoint PPT Presentation

Nov 02, 2022 •196 likes •488 views

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van Oorschot askillen@ccsl.carleton.ca Carleton Computer Security Lab Carleton University Ottawa, Canada SPSM 2013, Berlin, Germany November 8, 2013 The

  1. Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van Oorschot askillen@ccsl.carleton.ca Carleton Computer Security Lab Carleton University Ottawa, Canada SPSM 2013, Berlin, Germany November 8, 2013

  2. The problem with Android disk encryption Android storage encryption uses Full Disk Encryption (FDE). Key stays in RAM while screen-locked . FDE only protects private data when volume is unmapped. (e.g., device is shutdown) Mobile device always-on usage model weakens FDE. FDE key and private data are susceptible to cold-boot, lock-screen bypass, and hardware based attacks. A. Skillen Deadbolt November 8, 2013 2 / 22

  3. FDE – PC model PCs are regularly shut-down or hibernated, effectively securing the encrypted data by removing the key from RAM A. Skillen Deadbolt November 8, 2013 3 / 22

  4. FDE – Mobile model Mobile devices are instead screen-locked . The key remains in RAM and volume remains mounted A. Skillen Deadbolt November 8, 2013 4 / 22

  5. Android storage encryption Implemented through DM CRYPT Block ciphers act on individual disk sectors. On-the-fly (transparent to users/apps). A. Skillen Deadbolt November 8, 2013 5 / 22

  6. cf. iOS storage encryption Files are encrypted individually, some keys are removed from RAM when screen-locked A. Skillen Deadbolt November 8, 2013 6 / 22

  7. Unlocked iOS device All keys/files available when screen is unlocked A. Skillen Deadbolt November 8, 2013 7 / 22

  8. Locked iOS device Some keys/files available when screen is locked A. Skillen Deadbolt November 8, 2013 8 / 22

  9. Unlocked Android device Key and storage available when screen is unlocked A. Skillen Deadbolt November 8, 2013 9 / 22

  10. Locked Android device Key and storage remain available when screen is locked! A. Skillen Deadbolt November 8, 2013 10 / 22

  11. Contributions 1 Software-only method to protect FDE key and encrypted data. Resilient to cold-boot and lock-screen bypass while in Deadbolt mode. 2 Retains most smart-device functionality. (Dialer, SMS, Internet, optionally import some user data). 3 Resuming from Deadbolt mode is faster than a full boot-up. 4 Added benefit of an optional incognito environment. Logs and activities can be discarded after resuming from Deadbolt. 5 Full design and implementation for use with Android 4.0+ Source code available from project website. A. Skillen Deadbolt November 8, 2013 11 / 22

  12. Use Cases Deadbolt complements the Android lock-screen, for use in high risk situations E.g., travelling, commuting, border-crossing Intended users: anybody that currently uses device encryption Optionally, policies could be used to invoke Deadbolt E.g., time-of-day, GPS location Incognito mode allows users to perform tasks deniably E.g., phone calls will not show up in logs Safe mode allows users to perform potentially hazardous tasks E.g., visit untrusted websites A. Skillen Deadbolt November 8, 2013 12 / 22

  13. Threat model Assume adversary can obtain physical access to device while in Deadbolt Software vulnerabilities – lock-screen routinely bypassed (e.g., recent Android Skype bug, iOS 7 bug). Cold boot attack – keys and intermediate state in RAM, M¨ uller et al. recently demonstrated cold boot on Android [ACNS’13]. Hardware attacks – ARM debug interface, JTAG, etc. A. Skillen Deadbolt November 8, 2013 13 / 22

  14. Deadbolt implementation Implemented in the Android volume mounting daemon ( vold ) Pause running Android framework (GUI, daemons, etc.) 1 Unmount encrypted userdata volume. 2 Zero all key material in RAM. 3 Mount empty tmpfs (RAM filesystem) on /userdata . 4 Restart Android framework. 5 cf. Switching runlevel without restarting kernel. A. Skillen Deadbolt November 8, 2013 14 / 22

  15. Deadbolt environment Uninitialized environment. Default settings, no user data/apps. Base system apps (without user data). Sufficient for phone, web, texting, maps/GPS. tmpfs mounted to userdata storage. Private data inaccessible, all changes must be exported or lost. Optionally import certain data. E.g., contacts, WiFi passwords, etc. A. Skillen Deadbolt November 8, 2013 15 / 22

  16. Deadbolted Android device Key and storage secured, core smartphone functionality retained A. Skillen Deadbolt November 8, 2013 16 / 22

  17. Deadbolt modes Incognito mode is like a Live-CD environment: no data persists after exiting (Default mode) Allows importing/exporting data to encrypted storage Safe mode allows users to perform potentially danger- ous tasks without the risk of disclosing private data Importing/exporting of private data is disabled A. Skillen Deadbolt November 8, 2013 17 / 22

  18. Deadbolt UI Enter Deadbolt Exit Deadbolt (Suspend full environment) (Resume full environment) A. Skillen Deadbolt November 8, 2013 18 / 22

  19. Deadbolt performance – Locking data Tested on Nexus 7 tablet with AOSP 4.2.2 Power off device: 14 . 03 s ( σ = 0 . 145) Enter Deadbolt: 31 . 62 s ( σ = 1 . 235) A. Skillen Deadbolt November 8, 2013 19 / 22

  20. Deadbolt performance – Unlocking data Boot up: 42 . 17 s ( σ = 0 . 638) Exit Deadbolt: 14 . 00 s ( σ = 0 . 122) Trade increased time to lock for decreased time to unlock, and maintain core functionality A. Skillen Deadbolt November 8, 2013 20 / 22

  21. Limitations and usability concerns Absence of user apps and data (e.g., games, email passwords). App notifications must use other means (e.g., over SMS). Minimum 256 MB RAM (Android 4.0+ devices). Cannot be installed after market, must be implemented in OS. (Can possibly be made part of default Android OS). Private data fragments may remain in RAM. A. Skillen Deadbolt November 8, 2013 21 / 22

  22. Summary With FDE, data remains unlocked while device powered on. Deadbolt offers security benefits of a powered off device while retaining most mobile functionality. Switching to Deadbolt faster than reboot. Some usability/security trade-offs. Deadbolt project website: http://www.ccsl.carleton.ca/~askillen/deadbolt A. Skillen Deadbolt November 8, 2013 22 / 22

  23. Deadbolt overview User enables Deadbolt FDE Key cleared Deadbolt Mode Power on device Device Off FDE Mode User enters password Incognito Safe Mode Mode User exits Deadbolt User enters password FDE Key unavailable All user apps+data available Some user apps+data available System apps available System apps available FDE Key unavailable Enhanced Android lock-screen. All private data encrypted and inaccessible. Temporary (empty) Android environment. Core phone functionality available. A. Skillen Deadbolt November 11, 2013 Extra 1

  24. Deadbolt comparison Lock-screen bypass resilient Cold-boot resilient App notifications Incognito mode Software only Apple iOS • • File BlackBerry • • • • Windows Phone • FDE Android FDE • • Deadbolt ◦ a • • • • a (e.g., over SMS) A. Skillen Deadbolt November 11, 2013 Extra 2

  25. Alternative approaches and future work Exiting Deadbolt is fast (only requires restarting GUI/services) Suspend to disk (likely not an advantage given Android’s memory model) Entering Deadbolt is slower (requires creating directory structure, unpacking system apps, restart framework) Pre-created disk image could be used with OverlayFS (RO, COW) Trusted execution implementation (key only available inside TEE) A. Skillen Deadbolt November 11, 2013 Extra 3

  26. Data transfer between environments Copy files and merge SQLite databases while tmpfs and FDE storage mounted concurrently. Import – Optionally import some data into Deadbolt. Any imported data is susceptible to disclosure. E.g., contacts, WiFi settings/passwords, bookmarks. Export – Save some data created in Deadbolt. E.g., call log, SMS/MMS, photos. A. Skillen Deadbolt November 11, 2013 Extra 4

  27. Security evaluation dm-crypt uses kzfree on key material when unmapped We wipe vold ’s copy of the key/password (using memset ) Used LiME and AESKeyFind to examine memory in Deadbolt Plaintext private data fragments may exist in RAM. When exiting Deadbolt, we wipe the tmpfs Data imported into Deadbolt is subject to disclosure while in Deadbolt A. Skillen Deadbolt November 11, 2013 Extra 5

  28. Related Work J. G¨ ozfried and T. M¨ uler. ARMORED: CPU-bound encryption for Android-driven ARM devices (ARES 2013). Key stored in CPU registers rather than RAM. (Defence against cold boot, but still susceptible to physical attack and lock-screen bypass) A. Skillen Deadbolt November 11, 2013 Extra 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference Minneapolis, Minnesota A Brief History PE Resiliency Initial releases of UNICOS/mk system panicked processes hung system would

732 views • 21 slides
Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt Microsoft Research In the old days Application Operating system 2 In the old days Application Operating system 2 In the old days

631 views • 34 slides
Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is as old as the trade of hacking Common Characteristics: Physical access (at least within transmission range of EM/Accoustic signals). Seemingly

252 views • 22 slides
Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to use Mandos? 1. Physical/bare metal hardware? 2. More than just one physical machine? 3. Want to use full-disk encryption? You should use Mandos!

559 views • 11 slides
Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Motivation A Language-Based Approach Issues Summary Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2 Filippo Del Tedesco 2 1 City University London 2 Chalmers University of Technology, Sweden The

1.03k views • 29 slides
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei Shih Prasun Gera Taesoo Kim Hyesoon Kim Marcus Peinado 26 th USENIX Security Symposium August 17, 2017 Intel Software Guard Extension (SGX)

437 views • 42 slides
About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production Environments Student: Benjamin Taubmann PhD stage: Third year, finisher Advisor: Prof. Dr. Hans P. Reiser Affiliation: Assistant Professorship of

313 views • 8 slides
Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer Security Day 21: Firewalls, NATs, and IDSes Firewalls and NAT boxes Stephen McCamant University of Minnesota, Computer Science & Engineering

1.35k views • 7 slides
Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

7/15/2014 Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics Agenda 2 FDSOI STNOC with FDSOI Application example Conclusions 1 7/15/2014 FD-SOI Speed & Energy Efficiency

211 views • 8 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and

Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and

Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and S. Sen Gupta Cryptology Research Group, ASU Indian Statistcal Institute, Kolkata May 3, 2010 Background Slide 2 of 31 RSA Framework Key-Gen

607 views • 58 slides
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security! Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript

891 views • 59 slides
Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS, Princeton Joint with Zeev Dvir Anup Rao Amir Yehudayoff Restriction Access, A new model of Grey-box access Systems, Models, Observations From

751 views • 29 slides
NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting 29 July 2019 Power cut #1 July 23 Power cut with subsequent cooling failure brought down all servers except np04-srv-001 and np04-srv-004 (on

238 views • 6 slides
SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno Bodin Tom Spink Bjrn Franke Institute for Computing Systems Architecture University of Edinburgh ISPASS 2017 1 Motivation Instruction Set

1.05k views • 52 slides
Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography Krzysztof Pietrzak Challenges

994 views • 96 slides
TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in

TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in

TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in Computer Engineering (Engineering College of Copenhagen 2004) M. SC. EE. In System on Chip (LTH 2006) Work experience EMP 2006

629 views • 37 slides
Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was

Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was

Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was based on hardness of problems in modular arithmetic and number theory (RSA/factoring, modular discrete log) Problems from several other areas, since

400 views • 17 slides
bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1.

bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1.

bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1. Einheit: Mo, 2001-05-28, 13:00: 2H316 [Abteilung fr Wirtschaftsinformatik] Termine webEngineering Zwischenprsentation: 11. Juni, 13:00

322 views • 16 slides
Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last

Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last

Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last slide for references Contact info Jay Urbain, PhD email: urbain@msoe.edu Office hours: http://jayurbain.com/msoe Course home:

1.08k views • 55 slides
1. Introduction ( (to Agents and Multiagent g g Systems) ems (SMA-UPC) Javier

1. Introduction ( (to Agents and Multiagent g g Systems) ems (SMA-UPC) Javier

1. Introduction ( (to Agents and Multiagent g g Systems) ems (SMA-UPC) Javier Vzquez-Salceda q Multiagent Syste SMA-UPC https://kemlg.upc.edu ems (SMA-UPC) Origins Trends in Computer Science Agents and Multiagent Systems 2

554 views • 33 slides
Design of I ntelligent Agents for Collaborative Testing of Service-Based Systems Xiaoying BAI and

Design of I ntelligent Agents for Collaborative Testing of Service-Based Systems Xiaoying BAI and

Department of Computer Science and Technology , Tsinghua University Design of I ntelligent Agents for Collaborative Testing of Service-Based Systems Xiaoying BAI and Bin CHEN Dept. of CS&T, Tsinghua University, Beijing, China, 100084 Bo

447 views • 31 slides
Introduction Dr. Ahmed Rafea CSCI485 Intelligent Agents 1 Chapter Outline Artificial

Introduction Dr. Ahmed Rafea CSCI485 Intelligent Agents 1 Chapter Outline Artificial

Introduction Dr. Ahmed Rafea CSCI485 Intelligent Agents 1 Chapter Outline Artificial intelligence Internet and the Web Intelligent Agents Events, Conditions and Actions Agents and Human-Computer Interfaces Using Java for

506 views • 19 slides
web-based collaborative systems Masoud Koleini, Hasan Qunoo, Mark Ryan School of Computer Science

web-based collaborative systems Masoud Koleini, Hasan Qunoo, Mark Ryan School of Computer Science

Modelling and verifying access control policies for web-based collaborative systems Masoud Koleini, Hasan Qunoo, Mark Ryan School of Computer Science University of Birmingham 18 th Nov 2009 Introduction There is an ever increasing use of

502 views • 15 slides

More recommend