Android Security Mechanisms (2) Lecture 9 Operating Systems Practical 14 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. OSP Android Security Mechanisms (2), Lecture 9 1/33
SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 2/33
Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 3/33
Secure Communication Cryptographic providers for securing communication Recommendation: standardized security protocols Secure Sockets Layer (SSL) and Transport Layer Security (TLS) SSL is the predecesor of TLS OSP Android Security Mechanisms (2), Lecture 9 4/33
SSL/TLS Secure point-to-point communication protocols Authentication, message confidentiality and integrity for communication over TCP/IP Combination of symmetric and asymmetric encryption for confidentiality and integrity Public key certificates for authentication OSP Android Security Mechanisms (2), Lecture 9 5/33
Cipher Suite Cipher suite = set of algorithms for key agreement, authentication, integrity protection and encryption Client sends SSL version and list of cipher suites Client and server negotiate common cipher suite OSP Android Security Mechanisms (2), Lecture 9 6/33
Authentication and Encryption Authenticate through certificates Usually only server authentication Client authentication is also supported Compute shared symmetric key Secure communication using symmetric encryption & key OSP Android Security Mechanisms (2), Lecture 9 7/33
Public Key Certificates Binding an identity to a public key X.509 certificates Signature algorithm Validity Subject DN Issuer DN OSP Android Security Mechanisms (2), Lecture 9 8/33
Direct Trust SSL client communicates with a small number of servers Set of trusted server certificates = trust anchors Can be self-signed A server is trusted if it s certificate is part of the set Good control over trusted server Hard to update server key and certificate OSP Android Security Mechanisms (2), Lecture 9 9/33
Private CAs Private Certificate Authority (CA) -> trust anchor Signs server certificate Client trusts any certificate issued by the CA Easy to update server key and certificate Single point of failure OSP Android Security Mechanisms (2), Lecture 9 10/33
Public CAs Public Certificate Authorities (CAs) -> trust anchors Client configured with a set of trust anchors Web browsers - more than 100 CAs OSP Android Security Mechanisms (2), Lecture 9 11/33
Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 12/33
Java Secure Socket Extension (JSSE) Android provides support for SSL/TLS through JSSE javax.net and javax.net.ssl Provides: SSL client and server sockets Socket factories SSLEngine - producing and consuming SSL streams SSLContext - creates socket factories and engines KeyManager, TrustManager and factories HttpsURLConnection OSP Android Security Mechanisms (2), Lecture 9 13/33
JSSE Classes Source: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/jsserefguide.html OSP Android Security Mechanisms (2), Lecture 9 14/33
SSLSocket SSLSocket is created: Through SSLSocketFactory Accepting a connection on a SSLServerSocket SSLServerSocket created through SSLServerSocketFactory SSLEngine: Created by SSLContext I/O operations handled by the application OSP Android Security Mechanisms (2), Lecture 9 15/33
SSLContext SSL Context obtained in two ways 1. getdefault() method of SSLServerSocketFactory or SSLSocketFactory Default context initialized with default KeyManager, default TrustManager and secure random generator Key material from system properties OSP Android Security Mechanisms (2), Lecture 9 16/33
SSLContext 2. getinstance() static method of SSLContext Context initialized with array of KeyManager, array of TrustManager, secure random generator KeyManager obtained from KeyManagerFactory TrustManager obtained from TrustManagerFactory Factories initialized with KeyStore (key material) OSP Android Security Mechanisms (2), Lecture 9 17/33
SSLSession Established SSL connection -> SSLSession object Includes identities, cipher suites, etc. SSLSession used in multiple connections between same entities OSP Android Security Mechanisms (2), Lecture 9 18/33
TrustManager and KeyManager JSSE delegates trust decisions to TrustManager Delegates authentication key selection to KeyManager Each SSLSocket has access to them through SSLContext TrustManager has a set of trusted CA certificates (trust anchors) A certificate issued by a trusted CA is considered trustworthy OSP Android Security Mechanisms (2), Lecture 9 19/33
System Trust Store Default JSSE TrustManager initialized using the system trust store Major commercial and government CA certificates /system/etc/security/cacerts.bks TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( ( KeyStore ) n u l l ) ; TrustManager [ ] tms = tmf. gettrustmanagers ( ) ; X509TrustManager xtm = ( X509TrustManager ) tms [ 0 ] ; f o r ( X 5 0 9 C e r t i f i c a t e c e r t : xtm. g e t A c c e p t e d I s s u e r s ( ) ) { S t r i n g c e r t S t r = S : + c e r t. getsubjectdn ( ). getname ( ) + \ n I : + c e r t. g e t I s s u e r D N ( ). getname ( ) ; Log. d (TAG, c e r t S t r ) ; } OSP Android Security Mechanisms (2), Lecture 9 20/33
System Trust Store Until Android 4.0, A single file: /system/etc/security/cacerts.bks Read-only partition From Android 4.0 In addition, two directories /data/misc/keychain/cacerts-added /data/misc/keychain/cacerts-removed Modified only by the system user Add trust anchors through TrustedCertificateStore class OSP Android Security Mechanisms (2), Lecture 9 21/33
Validate Server Certificate TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( X509 ) ; tmf. i n i t ( ( KeyStore ) n u l l ) ; TrustManager [ ] tms = tmf. gettrustmanagers ( ) ; X509TrustManager xtm = ( X509TrustManager ) tms [ 0 ] ; X 5 0 9 C e r t i f i c a t e [ ] c e r t C h a i n = { s e r v e r C e r t } ; xtm. c h e c k S e r v e r T r u s t e d ( c e r t C h a i n, RSA ) ; SSLSocket and HttpURLConnection perform similar validations OSP Android Security Mechanisms (2), Lecture 9 22/33
HttpURLConnection Preferred method for connecting to a HTTPS server Uses default SSLSocketFactory to create secure sockets Custom trust store or authentication keys setdefaultsslsocketfactory() or setsslsocketfactory() of HttpsURLConnection OSP Android Security Mechanisms (2), Lecture 9 23/33
Use your own Trust Store Use your own trust store instead of the system trust store Load trust store in a KeyStore object Obtain TrustManagerFactory and initialize it with trust store Load key material in KeyStore object (for client authentication) Obtain KeyManagerFactory and initailize it with key store Obtain SSLContext and initialize it with TrustManager and KeyManager Create URL and HttpURLConnection Associate SSLSocketFactory of SSLContext to HttpURLConnection OSP Android Security Mechanisms (2), Lecture 9 24/33
Use your own Trust Store KeyStore t r u s t S t o r e = l o a d T r u s t S t o r e ( ) ; KeyStore k e y S t o r e = l o a d K e y S t o r e ( ) ; TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( t r u s t S t o r e ) ; KeyManagerFactory kmf = KeyManagerFactory. g e t I n s t a n c e ( KeyManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; kmf. i n i t ( k e y S t o r e, KEYSTORE PASSWORD. t o C h a r A r r a y ( ) ) ; SSLContext s s l C t x = SSLContext. g e t I n s t a n c e ( TLS ) ; s s l C t x. i n i t ( kmf. getkeymanagers ( ), tmf. g ettrustmanagers ( ), n u l l ) ; URL u r l = new URL( h t t p s : / / m y s e r v e r. com ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l u r l C o n n e c t i o n. s e t S S L S o c k e t F a c t o r y ( s s l C t x. g e t S o c k e t F a c t o r y ( ) ) ; OSP Android Security Mechanisms (2), Lecture 9 25/33
Use your own Trust Store Generate your trust store using Bouncy Castle and openssl in comand line Trust store file in /res/raw/ KeyStore l o c a l T r u s t S t o r e = KeyStore. g e t I n s t a n c e ( BKS ) ; I n p u t S t r e a m i n = g e t R e s o u r c e s ( ). openrawresource ( R. raw. m y t r u s t s t o r e ) ; l o c a l T r u s t S t o r e. l o a d ( in, TRUSTSTORE PASSWORD. t o C h a r A r r a y ( ) ) ; TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( l o c a l T r u s t S t o r e ) ; SSLContext s s l C t x = SSLContext. g e t I n s t a n c e ( TLS ) ; s s l C t x. i n i t ( n u l l, tmf. gettrustmanagers ( ), n u l l ) ; URL u r l = new URL( h t t p s : / / m y s e r v e r. com ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l u r l C o n n e c t i o n. s e t S S L S o c k e t F a c t o r y ( s s l C t x. g e t S o c k e t F a c t o r y ( ) ) ; OSP Android Security Mechanisms (2), Lecture 9 26/33
Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 27/33
Android JSSE Providers JSSE providers implement functionality for engine classes Trust managers, key managers, secure sockets, etc. Developers work with engine classes Android includes two JSSE providers: HarmonyJSSE AndroidOpenSSL OSP Android Security Mechanisms (2), Lecture 9 28/33
Harmony JSSE Implemented in Java Java sockets, JCA cryptographic classes SSLv3, TLSv1 Deprecated, not actively maintained OSP Android Security Mechanisms (2), Lecture 9 29/33
AndroidOpenSSL Calls to OpenSSL native library (JNI) TLSv1.1, TLSv1.2 Server Name Indication (SNI) SSL clients specify target hostname Server with multiple virtual hosts Used by default by HttpsURLConnection Both providers share KeyManager and TrustManager code Different SSL socket implementation OSP Android Security Mechanisms (2), Lecture 9 30/33
Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 31/33
Bibliography Android Security Internals, Nikolay Elenkov http://nelenkov.blogspot.ro/2011/12/ using-custom-certificate-trust-store-on.html https://github.com/nelenkov/custom-cert-https http://docs.oracle.com/javase/7/docs/technotes/ guides/security/jsse/jsserefguide.html OSP Android Security Mechanisms (2), Lecture 9 32/33
Keywords SSL/TLS Trust anchors Certificate Authority Trust store Java Secure Socket Extension SSLSocket HttpsURLConnection AndroidOpenSSL OSP Android Security Mechanisms (2), Lecture 9 33/33