TCS Internal

Security

2 TCS Internal

Objective

Objective :

Android Platform Security Architecture

3 TCS Internal

Android Platform Security Architecture

Android seeks to be the most secure and usable operating system for mobile platforms by re-purposing traditional operating system security controls to:

Protect user data Protect system resources (including the network) Provide application isolation

To achieve these objectives, Android provides these key security features:

Robust security at the OS level through the Linux kernel Mandatory application sandbox for all applications Secure interprocess communication Application signing Application-defined and user-granted permissions

4 TCS Internal

The Application Sandbox

The Android platform takes advantage of the Linux user-based protection as a means of identifying and isolating application resources.

The Android system assigns a unique user ID (UID) to each Android application and runs it as that user in a separate process.

This approach is different from other operating systems (including the traditional Linux configuration), where multiple applications run with the same user permissions.

This sets up a kernel-level Application Sandbox

5 TCS Internal

System Partition and Safe Mode

The system partition contains Android's kernel as well as the operating system libraries, application runtime, application framework, and applications.

This partition is set to read-only.

When a user boots the device into Safe Mode, only core Android applications are available.

This ensures that the user can boot their phone into an environment that is free of third-party software.

6 TCS Internal

Filesystem Permissions

In a UNIX-style environment, filesystem permissions ensure that one user cannot alter or read another user's files.

In the case of Android, each application runs as its own user. Unless the developer explicitly exposes files to other applications, files created by one application cannot be read or altered by another application

7 TCS Internal

Cryptography

Android provides a set of cryptographic APIs for use by applications. These include implementations of standard and commonly used cryptographic primitives such as AES, RSA, DSA, and SHA. Additionally, APIs are provided for higher level protocols such as SSL and HTTPS.

Android 4.0 introduced the KeyChain class to allow applications to use the system credential storage for private keys and certificate chains.

8 TCS Internal

Cryptography

Here are the three main packages in the APIs:

javax.crypto: This package provides the classes and interfaces for cryptographic applications implementing algorithms for encryption, decryption, or key agreement.

javax.crypto.interfaces: This package provides the interfaces needed to implement the key agreement algorithm.

javax.crypto.spec: This package provides the classes and interfaces needed to specify keys and parameter for encryption.

9 TCS Internal

Cryptography

Data Encryption Code and Explanations

If you want to encrypt data on Android, you have two options: Java Crypto API and OpenSSL API.

mKey = null;try {

kgen = KeyGenerator.getInstance("AES");mKey = kgen.generateKey();

} catch (NoSuchAlgorithmException e) {e.printStackTrace();

}

Java Crypto API

Using Java Crypto API on Android is very straightforward. First, you will need to generate a key for the encryption. There is a KeyGenerator class in the javax.crypto package that can do this for you.

10 TCS Internal

Security with HTTPS and SSL

The Secure Sockets Layer (SSL)—now technically known as Transport Layer Security (TLS)—is a common building block for encrypted communications between clients and servers.

In a typical SSL usage scenario, a server is configured with a certificate containing a public key as well as a matching private key. As part of the handshake between an SSL client and server, the server proves it has the private key by signing its certificate with public-key cryptography.

Concepts

11 TCS Internal

Security with HTTPS and SSL

// Load CAs from an InputStream// (could be from a resource or ByteArrayInputStream or ...)CertificateFactory cf = CertificateFactory.getInstance("X.509");// From https://www.washington.edu/itconnect/security/ca/load-der.crtInputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));Certificate ca;try {ca = cf.generateCertificate(caInput);System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());} finally {caInput.close();}

// Create a KeyStore containing our trusted CAsString keyStoreType = KeyStore.getDefaultType();KeyStore keyStore = KeyStore.getInstance(keyStoreType);keyStore.load(null, null);keyStore.setCertificateEntry("ca", ca);

12 TCS Internal

Security with HTTPS and SSL

// Create a TrustManager that trusts the CAs in our KeyStoreString tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);tmf.init(keyStore);

// Create an SSLContext that uses our TrustManagerSSLContext context = SSLContext.getInstance("TLS");context.init(null, tmf.getTrustManagers(), null);

// Tell the URLConnection to use a SocketFactory from our SSLContextURL url = new URL("https://certs.cac.washington.edu/CAtest/");HttpsURLConnection urlConnection =(HttpsURLConnection)url.openConnection();urlConnection.setSSLSocketFactory(context.getSocketFactory());InputStream in = urlConnection.getInputStream();copyInputStreamToOutputStream(in, System.out);

13 TCS Internal

Rooting of Devices

By default, on Android only the kernel and a small subset of the core applications run with root permissions.

Android does not prevent a user or application with root permissions from modifying the operating system, kernel, and any other application.

In general, root has full access to all applications and all application data.

Users that change the permissions on an Android device to grant root access to applications increase the security exposure to malicious applications and potential application flaws.

<uses-permission android:name="android.permission.ACCESS_SUPERUSER" />

Process p = Runtime.getRuntime().exec("su");

How do I request root access in Android?

14 TCS Internal

Password Protection

Android can be configured to verify a user-supplied password prior to providing access to a device.

In addition to preventing unauthorized use of the device, this password protects the cryptographic key for full filesystem encryption.

Use of a password and/or password complexity rules can be required by a device administrator.

15 TCS Internal

Device Administration

Android 2.2 and later provide the Android Device Administration API, which provides device administration features at the system level.

For example, the built-in Android Email application uses the APIs to improve Exchange support. Through the Email application, Exchange administrators can enforce password policies — including alphanumeric passwords or numeric PINs — across devices. Administrators can also remotely wipe (that is, restore factory defaults on) lost or stolen handsets.

16 TCS Internal

Device Administration API Overview

Here are examples of the types of applications that might use the Device Administration API:· Email clients. · Security applications that do remote wipe. · Device management services and applications.

Other features

Prompt user to set a new password.

Lock device immediately.

Wipe the device's data (that is, restore the device to its factory defaults).

TCS Internal

Thank you