android security – dual profile device
DESCRIPTION
Android Security – Dual Profile Device. Neelima Krishnan Gayathri Subramanian. Outline. Introduction Why is Android Security Important ? Security Model in Android What we proposed and What we did Implementation Details Results and Conclusion. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Android Security – Dual Profile Device
Neelima KrishnanGayathri Subramanian
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
2Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
IntroductionWhy is Android Security Important ? Security Model in AndroidWhat we proposed and What we didImplementation Details Results and Conclusion
Outline
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Introduction
A software platform and operating system for mobile devices
Based on the Linux kernel
Developed by Google and later the Open Handset Alliance (OHA)
Allows writing managed code in the Java language
Possibility to write applications in other languages and compiling it to ARM native code
Unveiling of the Android platform was announced on 5 November 2007 with the founding of OHA
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
4Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Who is Responsible for Android Security? Google ?
Users ? Application Developers ?
The Big Question
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
5Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Android Market is open unlike Apple StoreDevelopers are free to submit their apps on
the market. Each app should list the permissions it uses before installation.
User should decide if he wants to install the app based on the permissions.
Why is Android Security Important ? (Responsibility ? )
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
6Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Apps make Smart-Phones a general-purpose computing platform.
We can now send text messages, multimedia messages, access email, browse the Web, create and edit pdfs and other documents.
Why is Android Security Important ?
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
7Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
In March 2011 , 58 apps containing malicious activities were removed from
android market. Unfortunately 260,000 downloads had been recorded for these 58 applications.
Why is Android Security Important ? (malware Growth)
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
8Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Growth of Android OS Market
Android is the leading smartphone platform of choice among US smartphone users.Google is receiving more than 550,000 activations per day.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
9Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Challenge :- Security platform should provideflexibility for open platform provide protection for all users Aim:- OS should protect
User dataSystem Resources Application Isolation
Android Security Model
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
10Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Key Security features Robust security at kernel level Mandatory application sandboxSecure IPCApplication SigningApplication-defined and user-granted
permissions
Android Security Model .. Cntd..
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Android Security Model
The secure sandbox
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
12Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
protected APIs areSMS/MMSCameraBluetoothTelephonyGPSNetwork/data connectionsThese are accessible only through APIs
Android Application Security
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
13Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
To use protected API declare them in the manifest file (which is part of apk)
These permissions are displayed when the user installs the application
User cannot grant/deny individual permissionAfter installation user is not prompted to
confirm any of these permissions again
Android Application Security
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
14Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Application layer Security
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Application Layer Security - Manifest.xml
• The Manifest presents essential information about the application.• It describes the components of the application
1. Activities2. Services3. Broadcast Receivers4. Content Providers
• Declares which permissions the application would use.• Declares the minimum level of the Android API that the application
requires• Lists the libraries that the application must be linked against
15
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Android Security Risks
16
Flimsy passwords Naked Data SMShing Unsafe Surfing Nosy Apps Repackaged and fraudulent apps Android malware Fake anti-malware Losing the device.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Rewinding an year of Android Malware
• SMS malware threatsSMS.AndroidOS.FakePlayer.a -b-cAndroidOS_Droisnake.AAndroid.Walkinwat
• GPS malware threatsAndroidOS_Droisnake.AAndroid.Geinimi
• Trojans- Android.Geinimi, Android.Pjapps, Droiddream, Android.Adrd AKA
Android.HongTouTou, Android.Pjapps, Android.BgServ AKA Troj/Bgserv-A AKA AndroidOS_BGSERV.A, Android.Zeahache
17
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
An Android Malware – Droid Dream
18
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
19Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
What we proposed?GPS WatcherDual-Mode GUIEncryptionVPN-Server
Our Solution
What we implemented ?SMS ScannerGPS Scanner(These are part of Application Permission Viewer)Application Malware
ScannerDual-Mode Profile
supporting Encryption
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
20Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Dual-Mode Profile Application Permission Viewer GPS ScannerSMS Scanner
Application Malware ScannerEncryption
IMPLEMENTATION
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
21Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
The GUI consists of a login page which allows you to choose secure or standard log-in
Secure side login button prompts you for entering a secret password.
Hashing is used to store and verify the password.
User can any time switch modes after login by accessing the switch button in the Status Notification bar.
Dual-Mode GUI
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
22Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
The GUI
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
23Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Dual-Mode Profile Application Permission Viewer GPS ScannerSMS Scanner
Application Malware ScannerDual-Mode Profile Encryption
IMPLEMENTATION
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
24Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Recap on Application layer Security
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
25Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Permission list
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Manifest.xml of the app (Angry Bird)
26
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Manifest.xml .. Cntd ..
27
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Permissions requested by Angry Birds application
INTERNET READ_PHONE_STATE ACCESS_NETWORK_STATE WRITE_EXTERNAL_STORAGE ACCESS_WIFI_STATE ACCESS_COARSE_LOCATION
28
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
29Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Permissions Used by Weather Channel app ACCESS_COARSE_LOCATION ACCESS_FINE_LOCATION ACCESS_WIFI_STATE ACCESS_LOCATION_EXTRA_COMMANDS CHANGE_NETWORK_STATE CHANGE_CONFIGURATION INTERNET MODE_WORLD_WRITEABLE ACCESS_NETWORK_STATE CALL_PHONE VIBRATE
Some Permission lists used by famous apps
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
30Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Android App which is first step in providing Application layer Security.
Displays the list of Android Apps installed on our device.
Displays all permissions requested by the selected app.
Application Permission Viewer
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
31Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
32Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
33Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
SMS and GPS Scanner are simple extensions to Application Permission Viewer.
Apart from listing the permissions , it displays a warning to the user , if the selected application can send sms or access our location
SMS and GPS Scanner
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
34Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of SMS Scanner
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
35Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of GPS Scanner
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
36Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Dual-Mode Profile Application Permission Viewer GPS Scanner SMS Scanner
Application Malware ScannerDual-Mode Profile
IMPLEMENTATION
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
37Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Gets the list of all apps installed on our deviceFetches the permission list of each of these
apps and compares them against the hard-coded rules
If any one of the rule matches , the app is tagged as ‘Potential Malware’
After Scanning all the apps , lists the Potential Malware as an alert.
Android App Scanner
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Policy Rules
The policy rules we have created from the study on the android malwares1. SET_DEBUG_APP2. INSTALL_PACKAGES3. DELETE_PACKAGES4. RECEIVE_SMS + WRITE_SMS5. WRITE_SMS + SEND_SMS6. RECEIVE_SMS + SEND_SMS7. UNINSTALL_SHORTCUT + INSTALL_SHORTCUT8. PROCESS_OUTGOINGCALLS + RECORD_AUDIO + INTERNET9. READ_PHONE_STATE + RECORD_AUDIO + INTERNET10. WRITE_CONTACT + READ_CONTACTS + INTERNET11. CAMERA+ SEND_SMS + INTERNET12. CHANGE_WIFI_STATE + READ_CONTACTS + INTERNET
38
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Policy Rules (Contd.)
13. WRITE_SETTINGS + READ_PHONE_STATE + GET_ACCOUNTS + INTERNET
14. CHANGE_CONFIGURATION + MODE_WORLD_WRITABLE + CALL_PHONE_INTERNET
15. READ_LOGS + ACCESS_WIFI_STATE + INTERNET
16. READ_PHONE_STATE + ACCESS_WIFI_STATE + INTERNET
17. READ_PHONE_STATE + ACCESS_COARSE_LOCATION + INTERNET
18. RECEIVE_BOOT_COMPLETE + ACCESS_COARSE_LOCATION + INTERNET
19. RECEIVE_BOOT_COMPLETE + ACCESS_FINE_LOCATION + INTERNET
39
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
40Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Application Name potential Malware ? InferenceSudoko noAngry-Bird v1.3 yes READ_PHONE_STATE ,
ACCESS_NETWORK_STATE,WRITE_EXTERNAL_STORAGEACCESS_WIFI_STATEACCESS_COARSE_LOCATIONINTERNET
Bar Code Scanner Yes CAMERA READ_CONTACTS WRITE_CONTACTS INTERNET READ_HISTORY_BOOKMARKS VIBRATE FLASHLIGHT WRITE_EXTERNAL_STORAGE WRITE_SETTINGS CHANGE_WIFI_STATE ACCESS_WIFI_STATE ACCESS_NETWORK_STATE WAKE_LOCK
Results of Investigating popular apps against our rules
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
41Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Results of Investigating popular apps against our rules
Application Name potential Malware ? InferenceFaceBook Messenger / oovoo
yes INTERNET GET_ACCOUNTS ACCESS_NETWORK_STATE WAKE_LOCK ACCESS_FINE_LOCATION READ_CONTACTS WRITE_EXTERNAL_STORAGE READ_PHONE_STATE ACCESS_WIFI_STATE RECEIVE_BOOT_COMPLETED CAMERA
Facebook no WAKE_LOCK INTERNET READ_CONTACTS WRITE_CONTACTS GET_ACCOUNTS MANAGE_ACCOUNTS AUTHENTICATE_ACCOUNTS READ_SYNC_SETTINGS WRITE_SYNC_SETTINGS ACCESS_FINE_LOCATION
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
42Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Results of Investigating popular apps against our rules
Application Name potential Malware ? InferenceGoogle+ No INTERNET
ACCESS_FINE_LOCATION ACCESS_NETWORK_STATE GET_ACCOUNTS MANAGE_ACCOUNTS READ_CONTACTS READ_PHONE_STATE USE_CREDENTIALS WAKE_LOCK WRITE_EXTERNAL_STORAGE ACCESS_NETWORK_STATE GET_ACCOUNTS INTERNET MANAGE_ACCOUNTS USE_CREDENTIALS VIBRATE WRITE_EXTERNAL_STORAGE USE_CREDENTIALS READ_SYNC_STATS READ_SYNC_SETTINGS WRITE_SYNC_SETTINGS SUBSCRIBED_FEEDS_READ SUBSCRIBED_FEEDS_WRITE
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
43Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Results of Investigating popular apps against our rules
Application Name potential Malware ? Inference netflix yes INTERNET
ACCESS_NETWORK_STATE ACCESS_WIFI_STATE READ_PHONE_STATE WAKE_LOCK READ_LOGS WRITE_EXTERNAL_STORAGE GET_TASKS
Yahoo mail yes READ_SMS READ_SYNC_SETTINGS READ_SYNC_STATS RECEIVE_BOOT_COMPLETED RECEIVE_SMS SEND_SMS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
44Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
45Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
46Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Dual-Mode Profile Application Permission Viewer GPS Scanner SMS Scanner
Application Malware ScannerDual-Mode Profile
IMPLEMENTATION
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
47Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Features: Encrypted data and cache. Encryption done using AES-CBC Implemented the Linux Unified Key System (LUKS) Crypt setup was used to create an encrypted file
system Crypt setup is implemented as a device mapper target,
thus enabling the encryption of block devices and files Key Storage Mount encrypted data and cache into /data and /cache on
profile switch.
Dual Mode Profile
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
48Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Zygote Loop back Filesystem Block device Encryption-AES-CBC
Keyterms
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
49Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Configure the kernel to support encryption. Create an empty file, secureMode. Mknod Losetup Encrypt the blocks Format the new encrypted filesystem- mkfs or mke2fs. Copy contents of current /data and /cache folder into a mount point. Stop Zygote. Unencrypt the encrypted block. Mount this into the /data and /cache . Restart Zygote. After use Encrypt and umount this, and mount original /data and /cache
back. Why?
Steps to perform Encryption
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
50Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
51Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
52Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Screenshot of the output
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
53Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Secure the personal dataDon’t worry if your device is stolen. Less number of gadgets to carry around Remember, this is only a first step to make
your life “private”.
Conclusion
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Questions
54
?