Android Security Mechanisms

Transcription

1 Android Security Mechanisms Lecture 9 Android and Low-level Optimizations Summer School 1 August 2015 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit Android Security Mechanisms, Lecture 9 1/35

2 Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 2/35

3 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 3/35

4 Android Permissions A string The ability to perform a particular operation Built-in permissions documented in the platform API reference Defined in the android package Custom permissions - defined by system or user apps pm list permissions Defining package +.permission + name android.permission.reboot com.android.laucher3.permission.receive_launch_- BROADCASTS Android Security Mechanisms, Lecture 9 4/35

5 Android Permissions Apps request permissions in AndroidManifest.xml <uses-permission android:name="android.permission.internet" /> Assigned to apps at install time by the package manager service Central database of installed packages /data/system/packages.xml Programatically access package information from android.content.pm.packagemanager getpackageinfo() returns PackageInfo instance Cannot be changed or revoked without uninstalling app Android Security Mechanisms, Lecture 9 5/35

6 Permission Protection Levels Potential risk and procedure to grant permission Normal Low risk Automatically granted without user confirmation ACCESS_NETWORK_STATE, GET_ACCOUNTS Dangerous Access to user data or control over the device Requires user confirmation - accept or cancel installation CAMERA, READ_SMS Android Security Mechanisms, Lecture 9 6/35

7 Permission Protection Levels Signature Highest level of protection Apps signed with the same key as the app that declared the permission Built-in permissions are used by system apps (signed with platform key) NET_ADMIN, ACCESS_ALL_EXTERNAL_STORAGE SignatureOrSystem Apps part of system image or signed with the same key as the app that declared the permission Vendors may have preinstalled apps without using the platform key Android Security Mechanisms, Lecture 9 7/35

8 Kernel-Level Enforcement Access to regular files, device nodes and local sockets managed by the Linux kernel, based on UID, GID Permissions are mapped to supplementary GIDs Built-in permission mapping in /etc/permission/platform.xml Example: INTERNET permission associated with GID inet Only apps with INTERNET permission can create network sockets The kernel verifies if the app belongs to GID inet Android Security Mechanisms, Lecture 9 8/35

9 Framework-Level Enforcement Static permission enforcement System keeps track of permissions associated to each app component Checks whether callers have the required permission before allowing access Enforcement by runtime environment Isolating security decisions from business logic Less flexible Dynamic permission enforcement Components check to see if the caller has the necessary permissions Decisions made by each component, not by runtime environment More fine-grained access control More operations in components Android Security Mechanisms, Lecture 9 9/35

10 Dynamic Enforcement Helper methods in android.content.context class to perform permission check checkpermission(string permission, int pid, int uid) Returns PERMISSION_GRANTED or PERMISSION_DENIED For root and system, permission is automatically granted If permission is declared by calling app, it is granted Deny for private components Queries the Package Manager enforcepermission(string permission, int pid, int uid, String message) Throws SecurityException with message if permission is not granted Android Security Mechanisms, Lecture 9 10/35

11 Static Enforcement An app tries to call a component of another app - intent Target component - android:permission Caller - <uses-permission> Activity Manager Resolves intent Checks if target component has an associated permission Delegates permission check to Package Manager If caller has necessary permission, the target component is started Otherwise, a SecurityException is generated Android Security Mechanisms, Lecture 9 11/35

12 Activity and Service Permission Enforcement Permission checks for activities Intent is passed to Context.startActivity() or startactivityforresult() Resolves to an activity that declares a permission Permission checks for services Intent passed to Context.startService() or stopservice() or bindservice() Resolves to a service that declares a permission If caller does not have the necessary permission, generates SecurityExceptions Android Security Mechanisms, Lecture 9 12/35

13 Content Provider Permission Enforcement Protect the whole component or a particular exported URI Different permissions for reading and writing Read permission - ContentResolver.query() on provider or URI Write permission - ContentResolver.insert(), update(), delete() on provider or URI Synchronous checks Android Security Mechanisms, Lecture 9 13/35

14 Broadcast Permission Enforcement Receivers may be required to have a permission Context.sendBroadcast(Intent intent, String receiverpermission) Check when delivering intent to receivers No permission - broadcast not received, no exception Broadcasters may need to have a permission to send a broadcast Specified in manifest or in registerreceiver Checked when delivering broadcast No permission - no delivery, no exception 2 checks for each delivery: for sender and receiver Android Security Mechanisms, Lecture 9 14/35

15 Custom Permissions Declared by apps Checked statically by the system or dynamically by the components Declared in AndroidManifest.xml <permission t r e e android : name= com. example. app. permission a n d r o i d : l a b e l s t r i n g / e x a m p l e p e r m i s s i o n t r e e l a b e l /> <p e r m i s s i o n group android : name= com. example. app. permission group. TEST GROUP a n d r o i d : l a b e l s t r i n g / t e s t p e r m i s s i o n g r o u p l a b e l a n d r o i d : d e s c r i p t i o n s t r i n g / t e s t p e r m i s s i o n g r o u p d e s c /> <p e r m i s s i o n android : name= com. example. app. permission. PERMISSION1 a n d r o i d : l a b e l s t r i n g / p e r m i s s i o n 1 l a b e l a n d r o i d : d e s c r i p t i o n s t r i n g / p e r m i s s i o n 1 d e s c android : permissiongroup= com. example. app. permission group. TEST GROUP a n d r o i d : p r o t e c t i o n L e v e l = s i g n a t u r e /> Android Security Mechanisms, Lecture 9 15/35

16 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 16/35

17 JCA Provider Architecture Java Cryptography Architecture (JCA) Extensible cryptographic provider framework Set of APIs - major cryptographic primitives Applications specify an algorithm, do not depend on particular provider implementation Cryptographic Service Provider (CSP) Package with implementation of cryptographic services Advertises the implemented services and algorithms JCA maintains a registry of providers and their algorithms Providers in a order of preference Service Provider Interface (SPI) Common interface for implementations of a specific algorithm Abstract class implemented by provider Android Security Mechanisms, Lecture 9 17/35

18 JCA Engine Classes JCA engines provide: Cryptographic operations (encrypt/decrypt, sign/verify, hash) Generation or conversion of cryptographic material (keys, parameters) Management and storage of cryptographic objects (keys, certificates) Decouple client code from algorithm implementation Static factory method getinstance() Request implementation indirectly s t a t i c EngineClassName getinstance ( String algorithm ) throws NoSuchAlgorithmException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m, S t r i n g p r o v i d e r ) throws NoSuchAlgorithmException, NoSuchProviderException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m, P r o v i d e r p r o v i d e r ) throws NoSuchAlgorithmException Android Security Mechanisms, Lecture 9 18/35

19 Message Digest Hash function M essagedigest md = MessageDigest. g e t I n s t a n c e ( SHA 256 ); b y t e [ ] data = getmessage ( ) ; b y t e [ ] hash = md. d i g e s t ( data ) ; Data provided in chuncks using update() then call digest() If data is short and fixed - hashed in one step using digest() Android Security Mechanisms, Lecture 9 19/35

20 Signature Digital signature algorithms based on asymmetric encryption Algorithm name: <digest>with<encryption> Sign: b y t e [ ] data = message to be s i g n e d. g e t B y t e s ( ASCII ) ; S i g n a t u r e s = S i g n a t u r e. g e t I n s t a n c e ( SHA256withRSA ) ; s. i n i t S i g n ( p r i v K e y ) ; s i g. update ( data ) ; b y t e [ ] s i g n a t u r e = s i g. s i g n ( ) ; Verify: S i g n a t u r e s = S i g n a t u r e. g e t I n s t a n c e ( SHA256withRSA ) ; s. i n i t V e r i f y ( pubkey ) ; s. update ( data ) ; b o o l e a n v a l i d = s. v e r i f y ( s i g n a t u r e ) ; Android Security Mechanisms, Lecture 9 20/35

21 Cipher Encryption and decryption operations Encryption: S e c r e t key = g e t S e c r e t K e y ( ) ; C i p h e r c = C i p h e r. g e t I n s t a n c e ( AES/CBC/PKCS5Padding ) ; b y t e [ ] i v = new b y t e [ c. g e t B l o c k S i z e ( ) ] ; SecureRandom s r = new SecureRandom ( ) ; s r. n e x t B y t e s ( i v ) ; I v P a r a m e t e r S p e c i v p = new I v P a r a m e t e r S p e c ( i v ) ; c. i n i t ( C i p h e r.encrypt MODE, key, i v p ) ; b y t e [ ] data = Message to e n c r y p t. g e t B y t e s ( UTF 8 ); b y t e [ ] c i p h e r t e x t = c. d o F i n a l ( data ) ; Android Security Mechanisms, Lecture 9 21/35

22 Cipher Decryption: C i p h e r c = C i p h e r. g e t I n s t a n c e ( AES/CBC/PKCS5Padding ) ; c. i n i t ( C i p h e r.decrypt MODE, key, i v p ) ; b y t e [ ] data = c. d o F i n a l ( c i p h e r t e x t ) ; Android Security Mechanisms, Lecture 9 22/35

23 MAC Message Authentication Code algorithms S e c r e t K e y key = g e t S e c r e t K e y ( ) ; Mac m = Mac. g e t I n s t a n c e ( HmacSha256 ) ; m. i n i t ( key ) ; b y t e [ ] data = Message. g e t B y t e s ( UTF 8 ); b y t e [ ] hmac = m. d o F i n a l ( data ) ; Android Security Mechanisms, Lecture 9 23/35

24 KeyGenerator Generates symmetric keys Additional checks for weak keys Set key parity when necessary Takes advantage of the cryptographic hardware KeyGenerator kg = KeyGenerator. g e t I n s t a n c e ( HmacSha256 ) ; S e c r e t K e y key = kg. g e n e r a t e K e y ( ) ; KeyGenerator kg = KeyGenerator. g e t I n s t a n c e ( AES ) ; kg. i n i t ( ) ; S e c r e t K e y key = kg. g e n e r a t e K e y ( ) ; Android Security Mechanisms, Lecture 9 24/35

25 KeyPairGenerator Generates public and private keys K e y P a i r G e n e r a t o r kpg = K e y P a i r G e n e r a t o r. g e t I n s t a n c e ( RSA ) ; kpg. i n i t i a l i z e ( ) ; KeyPair p a i r = kpg. g e n e r a t e K e y P a i r ( ) ; P r i v a t e K e y p r i v = p a i r. g e t P r i v a t e ( ) ; P u b l i c K e y pub = p a i r. g e t P u b l i c ( ) ; Android Security Mechanisms, Lecture 9 25/35

26 Android JCA Providers Harmony s Crypto Provider Limited JCA provider part of the Java runtime library SecureRandom (SHA1PRNG), KeyFactory (DSA) MessageDigest (SHA-1), Signature (SHA1withDSA) Android s Bouncy Castle Provider Full-featured JCA provider Part of the Bouncy Castle Crypto API Cipher, KeyGenerator, Mac, MessageDigest, SecretKeyFactory, Signature, CertificateFactory Large number of algorithms AndroidOpenSSL Provider Native code, performance reasons Covers most functionality of Bouncy Castle Preferred provider Implementation uses JNI to access OpenSSL s native code Android Security Mechanisms, Lecture 9 26/35

27 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 27/35

28 SSL/TLS Secure Sockets Layer (SSL) and Transport Layer Security (TLS) SSL is the predecesor of TLS Secure point-to-point communication protocols Authentication, Message confidentiality and integrity for communication over TCP/IP Combination of symmetric and asymmetric encryption for confidentiality and integrity Public key certificates for authentication Java Secure Socket Extension (JSSE) Android Security Mechanisms, Lecture 9 28/35

29 Authentication Based on public key cryptography and certificates Both ends presents its certificate If trusted, they negotiate a shared key for securing the communication using pairs of public/private keys JSSE delegates trust decisions to TrustManager and authentication key selection to KeyManager Each SSLSocket has access to them through SSLContext TrustManager has a set of trusted CA certificates (trust anchors) Android Security Mechanisms, Lecture 9 29/35

30 Obtain Trust Anchors Default JSSE TrustManager initialized using the system trust store /system/etc/security/cacerts.bks TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( ( KeyStore ) n u l l ) ; X509TrustManager xtm = ( X509TrustManager ) tmf. gettrustmanagers ( ) [ 0 ] ; f o r ( X C e r t i f i c a t e c e r t : xtm. g e t A c c e p t e d I s s u e r s ( ) ) { S t r i n g c e r t S t r = S : + c e r t. getsubjectdn ( ). getname ( ) + \ n I : + c e r t. g e t I s s u e r D N ( ). getname ( ) ; Log. d (TAG, c e r t S t r ) ; } Android Security Mechanisms, Lecture 9 30/35

31 Use your own Trust Store Generate your trust store using Bouncy Castle and openssl in comand line Preferred HTTPS API KeyStore l o c a l T r u s t S t o r e = KeyStore. g e t I n s t a n c e ( BKS ) ; I n p u t S t r e a m i n = g e t R e s o u r c e s ( ). openrawresource ( R. raw. m y t r u s t s t o r e ) ; l o c a l T r u s t S t o r e. l o a d ( in, TRUSTSTORE PASSWORD. t o C h a r A r r a y ( ) ) ; TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( t r u s t S t o r e ) ; SSLContext s s l C t x = SSLContext. g e t I n s t a n c e ( TLS ) ; s s l C t x. i n i t ( n u l l, tmf. gettrustmanagers ( ), n u l l ) ; URL u r l = new URL( h t t p s : / / m y s e r v e r. com ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l u r l C o n n e c t i o n. s e t S S L S o c k e t F a c t o r y ( s s l C t x. g e t S o c k e t F a c t o r y ( ) ) ; Android Security Mechanisms, Lecture 9 31/35

32 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 32/35

33 Bibliography Android Security Internals, Nikolay Elenkov using-custom-certificate-trust-store-on.html Android Security Mechanisms, Lecture 9 33/35

34 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 34/35

35 Keywords Permissions Protection levels Static enforcement Dynamic enforcement Custom permissions Java Cryptography Architecture Cryptographic Service Provider Engine classes Java Secure Socket Extension Trust Store Android Security Mechanisms, Lecture 9 35/35