View
218
Download
2
Category
Tags:
Preview:
Citation preview
Secure File System -Final Meeting
Industrial Project (234313)
Prof. Michael Elad
StudentsNoam HershtigYuri Bronshtein
04.02.13
SupervisorsBoris Dolgunov
Constantine Elster
Agenda
Goals Problem Description
High Level solution
Demo
Methodology Technical
Team Work
Protocol
Conclusions
Motivation
Motivation (cont.)
Defcon 20 (July 2012): “Into The Droid” by Thomas Cannon
Shows how easy is to crack the Android Encryption
“Into The Droid” DEFCON20 Slides from:https://viaforensics.com/mobile-security/droid-gaining-access-android-user-data.html
Goal: Prevent Brute Forcing Encryption Key Solution: 2 Stage Authentication
Store Key in TrustZone™ (KeyDB)
KeyDB Throttles key retrieval attempts
Key management is transparent to user & applications.
Solution Components
OS kernel TrustZone
dm-crypt-skm
KeyDBKey
Manager
SFS Kernel Modules
(skm, skm-udp)
User mode
Screen lock application
SFS configuratio
n application
dm-crypt Unmodified
Optional Changes
Original
Demo
Our Process
Study Android & Linux Encryption mechanisms: Device-mapper, dm-crypt
LUKS (key management alternative)
Create “proof of concept” encryption key manager
Create modular design
Define protocol
Implement Separate components: Divide labor by platform: Android Apps / Linux Kernel
Use TDD principles: Unit Tests before code (where applicable)
Use “simulation” (python test scripts) to test interfaces in early stages.
Integration Verify separate modules work as expected together
Key Management
Runs in TrustZone
Login Attempt Throttling: Different Locking Schemes available
Long Term Locking
“Burst Mode”
User Management: Multiple PIN/Key pairs
Useful for Tablets
Administrative Rights
Recovery Options
Kernel Modules
Implemented as part of the device-mapper framework <kernel>/drivers/md
dm-crypt-skm: device-mapper target.
Wraps dm-crypt, the original crypto device service.
skm (secure key management) Implements the protocol generically.
Uses “pluggable” modules for communication with KeyDB in TrustZone.
Managed from usermode via ioctls. Creates “/dev/skm” device.
skm-udp Uses netpoll API to communicate with KeyDB via UDP packets.
TrustZone (KeyDB)
skm-udp
skm
/dev/skm
User: Settings
dm-crypt
dm-crypt-skm
dm (dmsetup)
User: Lock Screen
Development Platform and Languages Android TrustZone Simulator
Java + Android SDK (Eclipse)
Testing: jUnit for Android, python for network simulation
Linux kernel modules (dm-crypt-skm, skm, skm-udp) ANSI C
Run on GNU/Debian as vmware guest
Tested on 2.6.32 kernel, compatible with 3.3 kernel API.
Testing: python for network simulation
Configuration Application ANSI C
Lock Screen Demo Python and wxPython
Source Control git (assembla private repository)
Kernel TrustZone Protocol
Key Retrieval getKey
getStatus
loadKey
unloadKey
Misc. getVersion (For backward
compatibility)
User Management addID
removeID
changePIN
setParams
getParams
unlockID
HW Support
Challenges
Minimal Architectural Changes An early goal was to minimize changes to Android OS & Apps.
After studying the linux crypto services, dm-crypt was chosen as the best subsystem to modify
Kernel Usermode Communications Unorthodox model (simulate ‘CPU mode’ as usermode process)
Usually communication is initiated from usermode
Options which were considered: polling (easy to implement, breaks design for actual ARM chips)
sysfs/proc (not secure enough)
sockets (incompatible with dm)
netpoll (modern API in kernel, used primarily for low level debugging)
Conclusions
Design Good design simplifies code stage
Allows modularization
Modularization Very important for team based coding
Allows easy testing & relatively smooth integration
Helps minimizing changes in porting to another platform
Minimizing Kernel Code Debugging kernel code is non-trivial and
time consuming
Linux APIs are changing all the time: No current documentation available
Version dependent code
Automatic testing is nearly impossible
Early Testing (Test Driven Development) Quick development
Easy regression testing
Thank You!
Recommended