Date post: | 26-Sep-2018 |
Category: |
Documents |
Upload: | trinhnguyet |
View: | 218 times |
Download: | 0 times |
Smartphone = Computer+• A smartphone is indeed a sophisticated computer
• Application CPU, Baseband CPU, GPU, Encryption CPU• RAM,ROM, Flash• Rich set of sensors an communication tech (GSM, Wi-fi, BT,
NFC,..)
• Custom OS and application management• Android (Linux), iOS (BSD)
• Special care is taken to ensure security • Sensitive data are stored
• Contacts, message sent/received, bank info, etc..• Mobile Payment• Unwanted action• …
Main stakeholders
Mobile Device
DeviceManufacturer
OS/PlatformProvider
User Developer
OfficialMarketplace
AOSP vs iOSAndroid Studio vs xCode
Apple vs many
Google vs Apple vs…
OS installation• Secure boot (chain)
• Only signed OS from known origin can be loaded• Integrity, Authenticity
• Dm-verity (android, against rootkit)
• iOS Update• Downgrade not possible (unless…)• hash of update code, device unique ID (ECID) and nonce from
device (apple)• No copy to other devices, no old versions
Recovery mode• ‘Magic’ combination of keys allowing:• Reboot system :• apply update from… : firmware installation (from internal
storage, SD or PC (adb).• wipe… : e.g., data factory reset• Connect iTunes for new download (iOS)
Application installation• iOS:
• Official marketplace (Apple)• Undergo to approval (application vetting)
• PC (debug only)
• Android: • Official marketplace (Google Play, >1.5M apps)
• Amazon Appstore, GetJar, Samsung Apps, Mobogenie• SlideMe, Phoload, Insyde Market, Camangi, F-Droid, etc…• PC (debug)
• Server (setting: unknown origin)• Tools:
• Verify Apps (warn about installed malicious app)
Application installation• Developer registers to the marketplace• Developer signs its app and upload to MP• MP owner can in turn sign the app• (for debug purpose app can be uploaded via USB)• (For android, it can downloaded from any server)
• Users download the app and grant permissions• App installer verifies the app signature (origin and
integrity)• Policy manager stores the granted permissions for future
checks (at run-time) to implement sandboxing
Main security techniques in mobile phones• Application isolation
• Sandboxing• Permission-based access control
• Users grant/revoke permissions to make sensible operations
• Application signing• Only signed apps can be installed (e.g., from Apple)• Updates must come from the same developer
• Data encryption
• Application vetting (apple)
• Memory randomization (apple)
Some word about sandboxing• Sandobox: A security mechanism for separating running
programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading [wikipedia].
Sandbox
Process/User
Resource/Object
Sandbox
‘Secure’ Communication facility
Sanboxing in Android (at kernel level)• Exploits multiuser facility• During installation, each package gets a user identifier (UID)
and a group identifier (GID).• Each application has a corresponding Linux user
• app_x, � 10000 + x• Ex.apk � 10001 (first installed app)
• Recall DAC policy (owner, group, other) X (r w x)• As different apps receive different UID (unless.. see later), they
cannot share resources, in particular an app receives a file that cannot accessed from other apps
• To access System resources (like camera, /dev/camera) an app is assigned the same GID of the resource
• At app level this is mapped to the notion of permission (seelater)
Sanboxing in android (binder)• As apps run with different process ID, an Inter-Process
Communication (IPC) framework is required.• In Android, a special framework called Binder is used for
inter-process communication• Binder mediates any communication• When a process make a call, it checks if the is assigned
with the permission• If the calling process has the required permission then the
service invocation will be allowed. • Otherwise, a security check exception will be thrown
(usually, SecurityException).
https://crypto.stanford.edu/cs155/lectures/
SELinux in android• The Android sandbox also uses Security Enhanced Linux
(SELinux) to enforce Mandatory Access Control (MAC) over all processes, even processes running with root and superuser privileges (android 5+).
• SELinux provides a centralized analyzable policy and strongly separates processes from one another
• Drawbacks: many policy rules (complexity)
• https://static.googleusercontent.com/media/enterprise.google.com/en//android/static/files/android-for-work-security-white-paper.pdf
SEAndroid Access Control
SUBJECTS(DOMAINS)
OPERATION OBJETCS
Application….
FileSocket..
R,W,X,bind,..
Allow [domain][type] : [class][allowed permissions]
subject object
https://source.android.com/security/selinux/
Trusted Execution Environment (TEE) - android
• A TEE processor is typically a separate microprocessor in the system or a virtualized instance of the main processor.
• The TEE processor is isolated from the rest of the system using memory and I/O protection mechanisms supported by the hardware. It runs its own OS
Data encryption (android)• Cryptography is used throughout Android to provide
confidentiality and integrity. • Google supports most of the industry-standard algorithms.• All user-created data is automatically encrypted before
committing it to disk and all reads automatically decrypt data before returning it to the calling process
• The encryption algorithm is 128 (AES) with cipher-block chaining (CBC) and ESSIV:SHA256.
Source:https://static.googleusercontent.com/media/enterprise.google.com/en//android/static/files/android-for-work-security-white-paper.pdf
Secure Enclave - Apple• The Secure Enclave is a coprocessor fabricated in the
Apple S2, Apple A7, and later A-series processors. • It uses encrypted memory and includes a hardware
random number generator. • The Secure Enclave provides all cryptographic operations
for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.
• Used in Mobile Payment with TouchID• Apple has not released its design specifications
• Cupcake (1.5)• Donut (1.6)• Éclair (2.0/2.1)• Froyo (2.2)• Gingerbread (2.3)• Honeycomb (3.0/3.1/3.2)• Ice Cream sandwich (4.0)• Jelly Bean (4.1/4.2/4.3)• Kitkat (4.4)• Lollipop (5.0/5.0.2)
HW: Sensors• Most devices have built-in sensors that measure motion, orientation,
and various environmental conditions.
• Three broad categories of sensors:
• Motion sensors. These sensors measure acceleration forces and rotational forces along three axes. This category includes accelerometers, gravity sensors, gyroscopes
• Position sensors. These sensors measure the physical position of a device. This category includes and magnetometers, proximity sensor
• Environmental sensors. These sensors measure various environmental parameters, such as ambient air temperature and pressure, illumination, and humidity. This category includes barometers, photometers, and thermometers.
• .
Example of list of available sensors(iPhone 6S+)• Proximity sensor• Ambient light sensor• 12MP Camera with OIS• Accelerometer• Gyroscope• Compass• Barometer• NFC for Apple Pay• Touch ID fingerprint scanner• Pressure sensitive display
Example: Accelometer• They are Micro ElectroMechanical Systems or
micromachine
http://www5.epsondevice.com/en/information/technical_info/gyro/
GPS• Based on triangolaritazion• Principle: the position of a device can be determined from
the distance from 3 known positions and their coordinate
All details: http://geomatica.como.polimi.it/corsi/misure_geodetiche/seminario20040519.pdf
Triangolarization (2D)
(x1,y1)d1
(x2,y2)
(x3,y3)
(x1-x)2+(y1-y)2=d1
(x2-x)2+(y2-y)2=d2
(x3-x)2+(y3-y)2=d3
d2
d3
(x,y)
GPS• Based on triangolaritazion• 24+3 satellites• Circular orbits on 6 circular planes at about 20 Km from
the ground• The receiver computes the distance from the satellites
using synchronized clocks• Computing the distance requires to know the delay
(about 0,007 s) and start time of the received signal• Satellite clocks are atomic clocks, while gps receiver
clocks are not, but their values are adjusted when the intersection of the spheres is not unique
• Relativistic effects have to be managed
All details: http://geomatica.como.polimi.it/corsi/misure_geodetiche/seminario20040519.pdf
HW location• Other location providers are based on cell-ID and wi-fi• Android uses these methods together (GPS, cell tower,
Wi-Fi) to get an idea of where the device is, and make that available to apps via a "Location Services" API.
Touch screen technologies• Resistive touch screen • Capacitive touch screen (� used in modern
smartphones)• Single touch / multi-touch (pointers)
Pixel density (dots per inch, dpi)
x
1,5x d
1,5 x2+x2=d2 � x=1,77 � dpi=320/1,77=180dpi
480/320
Aspect Ratio (AR)= 3:2
(AR+1) x2=d2 � x=d /sqrt(1+AR) � dpi=w/x
width (w)
height (h)
Other «magic integers»• 4:3• 5:3• 16:9• 16:10
Uman eye resolution:about 600dpi@30cm