total recall persistence of passwords in android
play

Total Recall: Persistence of Passwords in Android Jaeho Lee, Ang - PowerPoint PPT Presentation

Jan 27, 2023 •243 likes •566 views

Total Recall: Persistence of Passwords in Android Jaeho Lee, Ang Chen, Dan S. Wallach Motivation Memory is not a safe place for sensitive data. Unprivileged attackers can access sensitive data from device memory. Cold-boot attack Heartbleed

  1. Total Recall: Persistence of Passwords in Android Jaeho Lee, Ang Chen, Dan S. Wallach

  2. Motivation

  3. Memory is not a safe place for sensitive data. Unprivileged attackers can access sensitive data from device memory. Cold-boot attack Heartbleed (CVE-2014-0160) Nexus 5X bootloader vulnerability (ALEPH-2016000) Meltdown (CVE-2017-5754) Spectre (CVE-2017-5753) 2

  4. Memory is not a safe place for sensitive data. Sensitive data should be deleted as soon as it is no longer in use. ▪ Crypto libraries have long recognized the importance of this practice. ➢ OpenSSL is well engineered to follow the practice. void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) void OPENSSL_clear_free(void *str, size_t num) void OPENSSL_cleanse(void *ptr, size_t len); void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, const char *file, int line) void CRYPTO_clear_free(void *str, size_t num, const char *, int) void *SSL_SESSION_free(SSL_SESSION *ss) { ... OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); ... } 3

  5. Memory is not a safe place for sensitive data. Sensitive data should be deleted as soon as it is no longer in use. ▪ Crypto libraries have long recognized the importance of this practice. [NDSS 18] ➢ OpenSSL is well engineered to follow the practice. void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) void OPENSSL_clear_free(void *str, size_t num) void OPENSSL_cleanse(void *ptr, size_t len); void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, const char *file, int line) void CRYPTO_clear_free(void *str, size_t num, const char *, int) void *SSL_SESSION_free(SSL_SESSION *ss) { ... OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); ... } 4

  6. Focus of Research What about user input passwords in Android? ▪ User input passwords are of paramount importance. ➢ Stolen passwords cause widespread damage. ▪ Numerous 3 rd party apps in Android require our passwords. Do apps manage user input passwords well? Does Android support enough protection for them? Are they safe under memory disclosure attacks ? 5

  7. Preliminary Study Is password exposure a real problem in Android?

  8. Preliminary Study Is password exposure a real problem in Android? Application Type Installs Passwords Gmail Email 1,000 M 6 Chrome Browser 1,000 M 4 Facebook Social 1,000 M 6 Tumblr Social 100 M 4 Yelp Social 10 M 3 Chase Bank Finance 10 M 5 1Password Password 1 M 4 Dashlane Password 1 M 2 Master password Keepass2Android password 1 M 1 passwdSafe password 0.1 M 12 lockscreen Unlocking process system Built-in 7 password 7

  9. Preliminary Study Passwords are vulnerable to memory disclosure attack. Password strings are easily recognizable from the binary dump. Facebook ASCII PASSWORD Tumblr UTF-16 PASSWORD Attackers only need one memory disclosure vulnerability. This is an old issue, but still problematic. ➢ 5/14 apps hoard passwords in memory (CleanOS [OSDI 12]) 8

  10. Goal Answers the two research questions What causes password retention when passwords are no longer used? We analyzed Android framework and various apps, and found root causes. Can we solve the password retention problem effectively? Practical solution is possible to reduce passwords, with minor change and performance impact. 9

  11. Root causes of password retention Password flow in Android 10

  12. Root causes of password retention Three components retain user passwords unnecessary. 11

  13. Root causes of password retention 1. Android Framework

  14. Root causes of password retention Android framework: Keyboard (IME) applications Default keyboard app buffers recent input regardless of passwords. We dumped the memory of keyboard app process after login. Application Application Installs Installs Passwords Passwords LatinIME LatinIME Built-in Built-in 2 2 The insecure default open source may influence 3 rd keyboard apps. Gboard 1,000 M 0 SwiftKey 300 M 0 We investigated popular keyboard apps. Go 100 M 1 KiKA 100 M 1 TouchPal 100 M 4 Cheetah 50 M 7 Captured passwords from 9/13 keyboard apps FaceMoji 10 M 1 New Keyboard 10 M 1 Simeji 10 M 0 Simplified Chinese 0.1 M 135 Baidu Voice 0.1 M 2 TS Korean 0.01 M 0 13

  15. Root causes of password retention Android framework: Password widget Lack of user input password protection in UI implementation. ▪ No dedicated class for the password widget. 12,000 LoC of TextView is reused both for normal and password entry. ▪ Missing necessary secure handling for passwords. ➢ E.g., the widget holds passwords even though the UI is going to the background. 14

  16. Root causes of password retention Android framework: Password widget Poor API design in TextView public CharSequence getText() Return the text that TextView is displaying. ➢ Developers are guided to store passwords in String objects. String is unsuitable for storing sensitive data [Java Crypto Arch. Reference Guide] String objects are immutable. ➢ ➢ No method is defined to overwrite the contents. ➢ Always collect and store security sensitive information in a char array. 15

  17. Root causes of password retention Android framework: Password widget Poor API design in TextView public CharSequence getText() Return the text that TextView is displaying. The content of the return value should not be modified. Make your own copy first. ➢ Developers are guided to store passwords in String objects. Comparing with password widget in Desktop JDK: JPasswordField ➢ Corresponding String getText() has been deprecated since Java 1.2 (‘98). public char[] getPassword() Returned char[] should be cleared after use by setting each character to zero. 16

  18. Root causes of password retention 2. Android applications

  19. Root causes of password retention Android applications Developers often implement authentication routines from scratch. They have different levels of awareness and experience in security. ➢ Various bad practices throughout Android developers. ➢ Sending raw passwords into files or through network. ➢ Widespread use of String passwords Surprisingly, all apps use String passwords except one password manager. – ➢ No cleanup passwords after authentication. 18

  20. Solution

  21. Solution The identified causes should be addressed altogether. Lack of password protection in the Android framework. SecureTextView Developers’ mistake in managing passwords. ▪ Encourage the best practice. Abstraction for the best practices ➢ Use char array passwords. KeyExporter ➢ Clear the buffer of TextView after login. ➢ Derive a strong key and use it instead of raw passwords. ➢ Overwrite all passwords after login. 20

  22. Solution: KeyExporter Developers make mistakes in dealing with passwords. ▪ Even critical apps The purpose of using input passwords is the same throughout the apps. ▪ Developers repeat similar logic. Make easy for developers to do the right thing. 21

  23. Solution: KeyExporter onClick() onClick() password = UI.getText().toString(); pw = UI.getText().toString() ke = KeyExporter(UI) Acessing passwords propagate(pw) Gives what developers actually need. k = ke.deriveKey() k = deriveKey(pw) + Crypto primitives to_file(k) to_file(k) verify_user(k) verify_user(k) to_network(k) to_network(k) decryptDB(k) decryptDB(k) Developers don’t need to access pw. 22

  24. Implementation Android Framework (patch submitted to Google) ▪ SecureTextView : extension of TextView ▪ Fix lockscreen processes and LatinIME Keyboard app ▪ Built on Android 8.1.0_r20 KeyExporter API (unmodified Android) ▪ Support key derivation functions: PBKDF2, HMAC, Scrypt ▪ Support PAKE (password-authenticated key agreement): SRP Protocol 23

  25. Evaluation How effective can our solution fix password retention? Is KeyExporter generally applicable to different types of apps?

  26. Evaluation Evaluation after integrating KeyExporter with various apps. Original SecureTextView Application Description Android + KeyExporter Naïve sample Sending the raw password to the server 25 0 Secure sample HMAC-based challenge-response protocol 21 0 Unlocking process Hash with scrypt and send it to TEE 7 0 passwdSafe Open source password manager with 40,000 LoC 12 0 Evaluation for close source Original SecureTextView Application Description Android Only Yelp Close source. Log in with Facebook OAuth 3 2 Found in memory of Facebook 25

  27. Conclusion Analyzed the Android framework and a variety of apps comprehensively. ▪ Identified the root causes of password retention. Developed practical solution without intrusive modification in Android. ▪ SecureTextView (Android 8.1 framework patch) ▪ KeyExporter (Standalone libraries) Evaluated with apps in various categories including popular security app. 26

  28. Questions? Jaeho Lee jaeho.lee@rice.edu Source: https://github.com/friendlyjlee/totalrecall

  29. Back-up Slides

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

iCLOUD KEYCHAIN WHAT IS KEYCHAIN? Ability to store encrypted passwords in a way that is secure

iCLOUD KEYCHAIN WHAT IS KEYCHAIN? Ability to store encrypted passwords in a way that is secure

iCLOUD KEYCHAIN WHAT IS KEYCHAIN? Ability to store encrypted passwords in a way that is secure and easy to access. TOTAL RECALL BENEFITS Keychain & Safari are integral to Apples operating systems. (IOS for iPad/iPhone and OS X for

442 views • 9 slides
User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML

1.18k views • 92 slides
Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML

Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML

CS 4518 Mobile and Ubiquitous Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML file

701 views • 58 slides
Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020 Caveat Auditor Background Passwords this talk contains opinions Diceware

447 views • 43 slides
Computing Lecture 2a: Introduction to Android Programming Emmanuel Agu Editting in Android

Computing Lecture 2a: Introduction to Android Programming Emmanuel Agu Editting in Android

CS 528 Mobile and Ubiquitous Computing Lecture 2a: Introduction to Android Programming Emmanuel Agu Editting in Android Studio Recall: Editting Android Can edit apps in: Text View: edit XML directly Design View: or drag and drop

701 views • 51 slides
Java Technologies Java Persistence API (JPA) Persistence Layer The Persistence Layer is used by

Java Technologies Java Persistence API (JPA) Persistence Layer The Persistence Layer is used by

Java Technologies Java Persistence API (JPA) Persistence Layer The Persistence Layer is used by an application in order to persist its state, that is to store and retrieve information using some sort of database management system. Presentation

633 views • 60 slides
Databases SWEN-250 Persistence First a detour Persistence is the key to solving most

Databases SWEN-250 Persistence First a detour Persistence is the key to solving most

Databases SWEN-250 Persistence First a detour Persistence is the key to solving most mysteries. Christopher Pike, Black Blood Persistence when you are stuck on a piece of new code is hardly ever a virtue. Try redesigning the

619 views • 25 slides
PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords Passwords is a user authentication mechanism that is widely adopted for many years Methods for user authentication: Something you know

901 views • 52 slides
Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

CSCE Intro to Computer Systems Security - Passwords Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not too long ago Hi, I forgot my password! Let me help you. What is your name? My Name is John

369 views • 5 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A S S W O R D F R O M H O M E ! Students: Update your password this summer from home! Student passwords were reset on 7/3/2019. Please follow the

525 views • 14 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random research, rants, etc. Nmap dev news Password database I post updates to Twitter https://twitter.com/iagox86 My job... Tenable Network Security

990 views • 88 slides
CS371m - Mobile Computing Persistence - Web Based Storage CHECK OUT

CS371m - Mobile Computing Persistence - Web Based Storage CHECK OUT

CS371m - Mobile Computing Persistence - Web Based Storage CHECK OUT https://developer.android.com/trainin g/sync-adapters/index.html The Cloud . 2 Backend No clear definition of backend front end - user interface backend

793 views • 63 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
Market Driven Multi Resource Allocation Liran Funaro Under the supervision of Prof. Assaf

Market Driven Multi Resource Allocation Liran Funaro Under the supervision of Prof. Assaf

Market Driven Multi Resource Allocation Liran Funaro Under the supervision of Prof. Assaf Schuster and Dr. Orna Agmon Ben-Yehuda Department of Computer Science Cost Efficient Scaling Jan. 26, 2020 L. Funaro (Technion) Market Driven Multi

652 views • 37 slides
Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lectures 20:

Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lectures 20:

Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lectures 20: Engineering Complex Systems Today Complex Systems What is it? Examples Technologies involved

770 views • 55 slides
SQUALL: a Controlled Natural Language for Querying and Updating RDF Graphs Sbastien Ferr

SQUALL: a Controlled Natural Language for Querying and Updating RDF Graphs Sbastien Ferr

SQUALL: a Controlled Natural Language for Querying and Updating RDF Graphs Sbastien Ferr Team LIS, Data and Knowledge Management, Irisa Controlled Natural Language, 30 August 2012, Zurich The Web of Data How to search and explore the

311 views • 29 slides
ATOM ate It! End-user Context-Sensitive Automation using Heterogeneous Information Sources on the

ATOM ate It! End-user Context-Sensitive Automation using Heterogeneous Information Sources on the

ATOM ate It! End-user Context-Sensitive Automation using Heterogeneous Information Sources on the Web Max Van Kleek, Brennan Moore, David Karger Max Van Kleek, Paul Andr, mc schraefel MIT CSAIL enAKTing ECS, University of Southampton {

1.44k views • 90 slides
Solve the paradox Less Downtime More Security LinuxCon Berlin, Germany October 4, 12:10

Solve the paradox Less Downtime More Security LinuxCon Berlin, Germany October 4, 12:10

Solve the paradox Less Downtime More Security LinuxCon Berlin, Germany October 4, 12:10 13:00 Hannes Khnemund SUSE Product Management Downtime Considerations for your digital architecture Take a holistic approach - End-users

997 views • 77 slides
Dynamic and Adaptive Updates of Non-Quiescent Subsystems in Commodity OS Kernels Kristis Makris

Dynamic and Adaptive Updates of Non-Quiescent Subsystems in Commodity OS Kernels Kristis Makris

Dynamic and Adaptive Updates of Non-Quiescent Subsystems in Commodity OS Kernels Kristis Makris <kristis.makris@asu.edu> Arizona State University Kyung Dong Ryu <kryu@us.ibm.com> IBM T.J. Watson Research Center 1 March 23, 2007

506 views • 35 slides
Lecture 10: Recurrent Neural Networks Fei-Fei Li & Andrej Karpathy & Justin Johnson

Lecture 10: Recurrent Neural Networks Fei-Fei Li & Andrej Karpathy & Justin Johnson

Lecture 10: Recurrent Neural Networks Fei-Fei Li & Andrej Karpathy & Justin Johnson Fei-Fei Li & Andrej Karpathy & Justin Johnson Lecture 10 - Lecture 10 - 8 Feb 2016 8 Feb 2016 1 Administrative - Midterm this Wednesday!

1.22k views • 82 slides
Descriptors III CSE 576 Ali Farhadi Many slides from Larry Zitnick, Steve Seitz How can we find

Descriptors III CSE 576 Ali Farhadi Many slides from Larry Zitnick, Steve Seitz How can we find

Descriptors III CSE 576 Ali Farhadi Many slides from Larry Zitnick, Steve Seitz How can we find corresponding points? How can we find correspondences? SIFT descriptor Full version Divide the 16x16 window into a 4x4 grid of cells (2x2 case

530 views • 48 slides

More recommend