trusted application kit (t.a.k)the t.a.k-client is a software-based security solution that...

Trusted Application Kit (T.A.K) A Short Introduction

March 2019

2

Protecting our personal data | www.build38.com

Table of Contents 1. Protecting our personal data .......................................................... 3

2. Software security .............................................................................. 4

2.1 The economics of attacks .................................................. 4

2.2 The goals of software security .......................................... 4

3. Trusted Application Kit (T.A.K) ....................................................... 6

3.1 What is T.A.K? ..................................................................... 6

3.2 T.A.K is a multi-layer app security framework .............. 7

3.3 Six security modules – tick of your security controls ... 8

3.4 T.A.K security concept ....................................................... 9

3.5 T.A.K threat protection .................................................... 11

3.6 T.A.K ecosystem overview .............................................. 12

3.7 Deploying T.A.K protected applications ........................ 14

3.8 How does T.A.K work ....................................................... 14

3.9 Rental Car app – T.A.K protects access keys ............... 15

4. Summary.......................................................................................... 17

4.1 Go for it – you are safe .................................................... 17

4.2 T.A.K technology highlights............................................. 17

4.3 T.A.K and software security ............................................ 20

List of figures ............................................................................................ 21

Disclaimer ................................................................................................. 22

About Build38 ........................................................................................... 23

Build38 ....................................................................................................... 23

3

Protecting our personal data | www.build38.com

1. Protecting our personal

data

Over the past decade, the exponential rise in the use of mobile

devices has transformed the way we live. This transformation has

been accompanied by increasingly sophisticated criminal attempts

to access the devices we use and depend upon. As our personal

and work data is the prize, only the best security will suffice.

By 2020, annual app store downloads could rise to around 284

billion. Developers recognize that trust is of the utmost importance

when it comes to keeping and attracting customers. In order to

best serve customers, developers must provide secure and

convenient mobile applications. Build38’s Trusted Application Kit

(T.A.K) is a mobile security framework for mobile operating

systems, used by developers. T.A.K is built into the application

during the design phase, not retrofitted. Moreover, T.A.K can be

used as a stand-alone solution or alongside other security

technologies.

By preventing the unauthorized analysis, modification, copying,

and usage of the most security-relevant parts of a mobile

application, T.A.K does exactly what customers expect and demand:

it prevents access to that all-important user information.

4

Software security | www.build38.com

2. Software security

2.1 The economics of attacks

Attacks are generally divided into two phases: the engineering

phase (also called ‘exploit identification’) and the exploitation

phase (see Figure 1).

During the engineering phase, an attacker discovers an exploit, but

still needs to spend time and invest money to industrialize the

exploit and make it applicable to the mass market. The goal of an

attacker is usually to earn as much money as possible by attacking

as many devices as possible, for as long as possible.

Figure 1: The economics of attacks

2.2 The goals of software security

The overall goal of software security is to make life more difficult

for attackers, to frustrate them, and to make potential targets as

unattractive as possible. The second goal is to raise the bar, by

making attacks far too difficult for hobbyists (e.g. script kiddies).

In the engineering phase (see Figure 2), attackers must invest

more money in hacking tools. Adding extra protection forces

5

Software security | www.build38.com

attackers to invest more time, continue spending on tools or

perhaps to build the tools required for an attack. This prolongs the

overall process (arrow t1 in Figure 2) and adds an extra layer of

frustration.

In the exploitation phase (see Figure 2), attackers’ earnings are

limited by providing as much diversity as possible. Once an

attacker enters door number one, three more paths are presented,

requiring additional application analysis and observation. And if a

mobile application is updated regularly, for example, every thirty

days, attackers must start over every time. The aim of software

security is therefore to minimize industrialization and shorten the

impact of attacks (arrow t2 in Figure 2).

Figure 2: Software security measures

6

Trusted Application Kit (T.A.K) | www.build38.com

3. Trusted Application Kit

(T.A.K)

3.1 What is T.A.K?

T.A.K is a collection of security functions every (native) app

developer needs to implement in order to develop more secure

mobile applications, e.g. secure communication, secure storage,

etc. The security approach deployed by T.A.K is based on a client-

and-server principle: The T.A.K-Client and the T.A.K Cloud.

The T.A.K-Client is provided to developers / service providers as a

low-level native library, in binary format, with code obfuscation

applied (low-level as compared to a high-level programming

language like Java). This makes reverse engineering far more

difficult for attackers. In contrast, Java can be more easily reverse

engineered.

T.A.K relies on a secure communication channel between the

T.A.K-Client and the T.A.K Cloud. The secure communication

channel principle can also be used to enable secure communication

between the T.A.K-Client and the Service Provider (SP)-server.

This approach prevents network sniffing.

The T.A.K Cloud tracks the status of the T.A.K library and the end

device. This means T.A.K provides active protection to the

application(s). In other words, the T.A.K-Client is built into an

application during the development process, and while the end

user actively uses the application, it can be monitored for

suspicious behavior. The T.A.K Cloud would know whether the

original device or a rooted device were being used, for example.

7


T.A.K provides a higher level of security for mobile applications

produced by financial institutions, enterprise services, insurance

companies, and the automotive industry, among others. The

protection T.A.K provides is not visible to the end user, yet it offers

a higher level of application security for confidential data.

In general, when data is at rest or in transit, T.A.K offers the most

secure means of protecting sensitive or confidential data.

3.2 T.A.K is a multi-layer app security framework

The T.A.K-Client is a software-based security solution that

incorporates many different layers of software security

technologies (like an onion) to strengthen the level of security.

The onion-like concept of the different security walls aims to hinder

any attacker to such an extent that the time required to extract

assets exceeds the time the application is updated on a regular

basis. It offers the best possible application security thanks to the

combination of all applying all security features at the same time

(see Figure 3).

Figure 3: T.A.K is a multi-layered application security framework

8


The layer “Native Code Protection” prevents the binary code of the

library from being easily reversed engineered and manipulated by

hackers.

The T.A.K layer “Enhanced Security Functions” provide unique

security features and functionality which are grouped in 6 different

modules. These are described in more detail in the next chapter.

Summarizing, T.A.K protects confidential or sensitive data, e.g. the

user’s data. It also prevents code lifting, a method whereby the

application is copied from one mobile device and then used on

another mobile device in order to exploit the application.

3.3 Six security modules – tick of your security

controls

This chapter briefly describes the six security modules. Each of the

modules contains a great variety of features and functionality.

Figure 4: Six Security Modules – tick of your security controls

Secure Memory Management offers various means to encrypt

and decrypt data with a wide variety of characteristics, from

reading / writing certificates in a rather slow and highly secure

mode to encrypting hundreds of megabytes of data in seconds, or

9


from supporting a hardened and attack resistant implementation of

cryptographic software up to a hardware-backed storage.

Connectivity Management makes sure that the mobile apps

connections are always secure and ensure secure API usage.

Privilege Escalation Prevention detects commonly known issues

like rooting and jailbreaking. At the same time runtime integrity of

the T.A.K-Client is ensured.

Environment Detection aims at detecting in what environment

the mobile app is running, e.g. the environment it has initially be

installed in or if it is currently attached to a debugger or running in

a virtual machine.

Administration takes care of the personalization of a mobile app,

means a mobile app is personalized to a specific device. It also

provides automated certificate and key management, as well as

the app security management.

Threat and Fraud Prevention is protecting resources and files of

a mobile app, it protects the identity and protects apps from being

misused by and as bots. The trust level provides valuable insights

of a service provider’s T.A.K protected mobile app on a specific

device. It also provides the data input for the server-based insights

and analytics.

3.4 T.A.K security concept

The T.A.K-Client is a software-based security solution that

incorporates many different layers of software security

technologies (like an onion) to strengthen the level of security. Its

goal is to provide a mobile application hardened against threats.

It implements four different functional blocks to prevent threats,

to detect threats and to respond to detected threats in an

10


appropriate manner. In combination with the T.A.K-Server also

threats can be predicted, and countermeasures be taken on the

server side of the service provider, therewith preventing fraud.

Overall, all four functional blocks are always active, meaning in

combination they allow continuous monitoring and analytics of a

T.A.K protected mobile application. See Figure 5 for an overview.

Figure 5: T.A.K Security Framework

Hardening against threats already happens when implementing

the hardened T.A.K-Client library, and once the T.A.K hardened

mobile app is installed and executed for the first time, the

application hardening goes into the second phase.

Preventing threats is achieved by hardening the system and

isolating functionality from the underlying operating systems. Also,

the attacker’s attention is diverted here.

Detecting threats means that security relevant incidences are

detected and contained. For example, manipulation of the API

within the app, using wrong certificates for communication or a

cloned mobile app are part of this step.

11


Responding to threats is equally important as both preventing

and detecting to treats. It allows the app to react independently

out in the field to threats by taking predefined actions as response

to a detected threat.

The security status of each single mobile application and device is

monitored by the T.A.K-Server. This allows the prediction of

attacks, but also allows making a proactive exposure assessment.

3.5 T.A.K threat protection

T.A.K protects against a wide variety threats (see Figure 6), from

more common threats like reverse engineering and code lifting, up

to highly sophisticated attacks like Side Channel Attacks. Therewith

T.A.K could also be called the swiss-army-knife of threat protection.

Figure 6: T.A.K protects against threats (selection)

Almost all modules are actively involved in threat prevention or its

detection. Following, a high-level overview with exemplary use

cases and functionality is given.

The functions within the Secure Memory Management module

are designed and implemented in such a way that key extraction or

successful side channel attacks are prevented.

12


The Connectivity Management module prevents sniffing of

network data from the T.A.K-Client to the T.A.K-Server, but also

ensures secure transmission of data from the mobile application to

the service provider’s backend. On top of that a potential

manipulation of the T.A.K API is being detected.

The Privilege Escalation Prevention module detects rooting or

jailbreak attempts and ensure the integrity of the T.A.K-Client, too.

The Environment Detection module detects for example any

change in runtime environment, for example if the mobile app has

been cloned to another device.

The Threat and Fraud Prevention module protects resources

and app specific files from manipulation and provides input for the

trust level of a mobile app and device that service providers can

query. It also protects the mobile app from being misused by and

as bots.

All six security modules are hardened by applying native code

protection to it, as T.A.K is a native code library. This is the outer

layer of T.A.K protection which prevents code manipulation and

ensures that reverse engineering is a cumbersome task.

3.6 T.A.K ecosystem overview

As previously mentioned, T.A.K is more than just a native client

library that offers security to app developers or service providers.

The following section discusses the T.A.K ecosystem, a software

security framework.

T.A.K is based on a client-server architecture, and its main

components are the T.A.K-Client and the T.A.K Cloud. The T.A.K

Cloud delivers several benefits to various stakeholders of the

ecosystem.

13


When you are a firm believer of ‘Trust is essential, control is better’,

then you as a service provider should integrate the Verify I/F for

fraud prevention (see Figure 7). Your server-side decision can then

be based on an outside opinion (the “Trust Level”), and not what

the apps tells you.

Marketeers and security experts will benefit from the various

dashboards provided to you. Along the saying “knowledge is power”

it delivers you great insights and analytics. Make use of the

information gain and get to know what your mobile apps are doing.

Fights potential threats and fraud early.

Launching mobile apps and new services faster than anyone else.

This thought already starts with your own developers or your

developing company: be faster during build, test and deploy.

Integrate our tools and APIs into the DevOps cycle for improved

continuous development and continuous integration.

Figure 7: T.A.K ecosystem overview

14


3.7 Deploying T.A.K protected applications

Service providers and their developers always receive a software

library tailored to their requirements. This also includes

documentation enriched with multimedia content and self-study

examples.

Even if you want to use T.A.K for two different projects, we ensure

that the library looks different on the surface in size and in direct

code comparison, although you want to use the same range of

functions in both cases. This is part of the security precautions.

Today, mobile applications are regularly updated for a variety of

reasons, such as user interface modifications or the provision of

new functionality. T.A.K updates can be included in this workflow

without interruptions. Build38 therefore recommends that service

providers and their developers regularly request a new build of the

specific T.A.K. client library and update the mobile application

accordingly. This ensures that application security remains at the

highest level.

However, the service provider and its developer remain responsible

for distributing the app through app stores such as iTunes (Apple)

or Play Store (Google).

3.8 How does T.A.K work

Once the user has downloaded the T.A.K-protected app from an

App Store and is running it for the first time on their mobile device,

the T.A.K client library will contact the T.A.K Cloud to perform

some background security checks to ensure the integrity of the

mobile app. Based on these checks, the app either runs or refuses

to run and, if necessary, informs the user of the reason.

15


The service provider's server (usually a web or application server)

can also use the T.A.K Cloud to perform an out-of-band security

check (OOB), i.e. a check via a second and independent

communication channel. Thus, the T.A.K Cloud also enables risk

and threat management, and an independent risk assessment can

be performed by the service provider on its servers rather than by

the application itself. This step is highly recommended by Build38

as it further minimizes the risk of misuse or manipulation of the

mobile application by the hacker, even if not mandatory. The use

of an OOB check provides an additional layer of security in the

background that is not visible to the hacker.

The service provider can access the portal's dashboard at any time.

Here the service provider receives relevant information about the

T.A.K-protected application, e.g. number of registrations, number

of rooted devices, proportion of operating system releases used,

etc. In order to comply with data protection laws, only summarized

data and no personal data is displayed here.

Build38 takes care of the operation of T.A.K, does for example

administrative tasks such as creating new customers (the service

provider), adding new users to the developer portal, and so on.

Build38 does not have access to the service provider's data.

3.9 Rental Car app – T.A.K protects access keys

The following example discuss how a temporary rental car key

could be protected by T.A.K. Using the overall architecture as an

example, Build38 made the following assumptions:

▪ The end-to-end architecture is a secure architecture and its

security assets, security anchors, and attack vectors have been

assessed and documented.

▪ The rental car key is temporary, based on derived credentials.

16


▪ The derived credentials will be created on demand, based on

the relevant security situation, e.g. daily, weekly, or when the

driver changes (e.g. rental enterprise).

▪ The derived credentials will be handled by the functions in the

Secure Memory Management module.

▪ The diagram (Figure 8) has to be extended by the T.A.K Cloud

communication as in Figure 7.

▪ In this specific situation the enterprise key can be revoked

(declared “inactive”) via the T.A.K Cloud.

Figure 8: Car Rental app – car keys protected by T.A.K

17

Summary | www.build38.com

4. Summary

4.1 Go for it – you are safe

Mobile applications are the critical infrastructure of today’s digital

world. Build38 can help your business to become an innovative

organization of tomorrow:

▪ Focus on your core competency: app development.

Don’t worry about security – that’s Build38’s job

▪ Customer satisfaction is your goal.

Build38 helps you developing secure mobile apps faster. You

can meet you project timelines.

▪ Knowledge is power.

You should know what your mobile apps are doing out there in

the wild.

4.2 T.A.K technology highlights

Service providers can use the T.A.K-Client library to develop

security-critical applications on a standard platform across a wide

range of mobile devices (Android ≥ 4.4; iOS ≥ 9). The fact that the

T.A.K-Client comes packaged with the application and is then

installed on the mobile device makes it an attractive solution for

many service providers. Moreover, T.A.K security is non-intrusive

to the user, meaning that the application delivers the best possible

security and user experience while hiding the complexities of this

enhanced security from the user.

One of the many advantages of T.A.K is flexibility: T.A.K is based

on a multi-layered security approach, supporting multiple operating

systems and therefore reaching the broadest possible number of

mobile devices.

In addition, T.A.K reduces dependency on a secure element issuer

18


(SEI) (a mobile network operator (MNO) or the owner of an

embedded Secure Element (SE) owner or hardware manufacturer).

This allows the service provider more control.

The main highlights of T.A.K for the service provider are:

• Security solution for mobile devices – T.A.K provides

security on the broadest possible range of mobile devices.

• Develop once for Android and iOS – use the security

concept for both your Android and iOS mobile applications.

• Gateway to the mobile ecosystem – the T.A.K Cloud acts as

a device- and service-agnostic gateway, abstracting the

complexity of the ecosystem from the service provider.

• Efficient integration – for efficient integration and fast time-

to-market, the T.A.K-Client library provides all the security

features and functionality that an app developer need.

• Secure app communication – the T.A.K-Client uses a secure

communication channel for T.A.K-related security

communication.

The same mechanism can be used to establish a secure

channel to application servers to exchange confidential

information. Network sniffing is prevented since the

communication is established at a native level, rather than at a

high-level programming language level.

• Insights and Analytics – T.A.K security is built into an

application during the implementation and coding phase. In

contrast to many other software security solutions, T.A.K

provides active security feedback during application usage

throughout the app’s life. The service provider has access to

this information (e.g. normal protected, runs in a rooted or

emulated environment) and can make relevant business

decisions based on the given information. Analytics provides a

further deeper level of information.

19


• Eligibility checking – the T.A.K Cloud → SP-server

communication channel offers an additional check option via

out-of-band security signaling.

• T.A.K-Client personalization – after installation and initial

use of the application, the T.A.K-Client library is personalized

based on device-specific credentials.

• Device-specific encryption – deploying an application with

T.A.K inside establishes an environment where specific code

protection is enabled by the T.A.K-Client and reverse-

engineering is made extremely difficult, as code lifting is

prevented. It must be remembered that given enough time,

money, resources, and motivation an attacker will eventually

have some success. The goal is to limit this success and create

a climate of frustration for attackers.

• Secure storage of keys – application keys are protected by

the Secure Memory Management’s functionality, ranging from a

hardened and attack resistant implementation of cryptographic

algorithms, or – if supported – by the hardware-backed secure

storage. In the case of code lifting, confidential data stored in

secure storage remains protected as it is encrypted.

• GDPR conformity – the security software framework “Trusted

Application Kit” (T.A.K) has been aligned with the Bavarian

Data Protection Authority (BayLDA) to ensure that all data

protection requirements are met.

20


4.3 T.A.K and software security

The software security model, as introduced in Chapter 2 and shown

again below (Figure 9), now indicates the security measures

introduced by T.A.K to meet the goals of software security: make

attackers’ lives more difficult and raise the bar.

Figure 9: T.A.K software security measures

21

List of figures | www.build38.com

List of figures

Figure 1: The economics of attacks ....................................................... 4

Figure 2: Software security measures .................................................. 5

Figure 3: T.A.K is a multi-layered application security framework .. 7

Figure 4: Six Security Modules – tick of your security controls ....... 8

Figure 5: T.A.K Security Framework ....................................................10

Figure 6: T.A.K protects against threats (selection) .........................11

Figure 7: T.A.K ecosystem overview ....................................................13

Figure 8: Car Rental app – car keys protected by T.A.K ..................16

Figure 9: T.A.K software security measures .......................................20

22

Disclaimer | www.build38.com

Disclaimer

This document as well as the information or material contained is

copyrighted. Any use not explicitly permitted by copyright law

requires prior consent of Build38. This applies to any reproduction,

revision, translation, storage on microfilm as well as its import and

processing in electronic systems.

The information or material contained in this document is property

of Build38. Any recipient of this document shall not disclose

or divulge, directly or indirectly, this document or the information

or material contained herein, without the prior written consent of

Build38.

All copyrights, trademarks, patents, and other rights in connection

herewith are expressly reserved to Build38 and no license is

created hereby.

“Trusted Application Kit” might be abbreviated as T.A.K throughout

this document due to space constraints. This is not related to any

trademark that might exist anywhere else.

This document is subject to technical changes.

23

About Build38 | www.build38.com

About Build38

It’s a long way to becoming a trusted service provider. Don’t go it

alone. Build38 is leading provider of next generation app-hardening

and threat protection solutions, enabling the proliferation of new

digital business models. It delivers its Trusted Application Kit

(T.A.K) across various industries including retail, automotive,

financial, public transport and health care. It is headquartered in

Munich with global offices in Barcelona and Singapore.

Our main investor is Giesecke+Devrient, the long-established

technology group with more than 165 years of history and

experience. We bring together the fresh approach of a new venture,

together with the core technology from G+D, reliable and market

proven cyber security portfolio to extend even more the many

users of the technology globally.

Build38

Build38 GmbH

Atelier Str. 29

81671 Munich

Germany

www.build38.com

[email protected]

© Build38 GmbH, 2019

Subject to change without notice.

V18

trusted application kit (t.a.k)the t.a.k-client is a software-based security solution that...

Documents