1 / 54

Android Security – Dual Profile Device

Android Security – Dual Profile Device. Neelima Krishnan Gayathri Subramanian. Outline. Introduction Why is Android Security Important ? Security Model in Android What we proposed and What we did Implementation Details Results and Conclusion. Introduction.

jeslyn
Télécharger la présentation

Android Security – Dual Profile Device

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android Security – Dual Profile Device Neelima Krishnan Gayathri Subramanian

  2. Outline • Introduction • Why is Android Security Important ? • Security Model in Android • What we proposed and What we did • Implementation Details • Results and Conclusion

  3. Introduction • A software platform and operating system for mobile devices • Based on the Linux kernel • Developed by Google and later the Open Handset Alliance (OHA) • Allows writing managed code in the Java language • Possibility to write applications in other languages and compiling it to ARM native code • Unveiling of the Android platform was announced on 5 November 2007 with the founding of OHA

  4. The Big Question Who is Responsible for Android Security? Google ? Users ? Application Developers ?

  5. Why is Android Security Important ? (Responsibility ? ) • Android Market is open unlike Apple Store • Developers are free to submit their apps on the market. Each app should list the permissions it uses before installation. • User should decide if he wants to install the app based on the permissions.

  6. Why is Android Security Important ? • Apps make Smart-Phones a general-purpose computing platform. • We can now send text messages, multimedia messages, access email, browse the Web,create and edit pdfs and other documents.

  7. Why is Android Security Important ? (malware Growth) • In March 2011 , 58 apps containing malicious activities were removed from android market. • Unfortunately 260,000 downloads had been recorded for these 58 applications.

  8. Growth of Android OS Market Android is the leading smartphone platform of choice among US smartphone users. Google is receiving more than 550,000 activations per day.

  9. Android Security Model • Challenge :- Security platform should provide • flexibility for open platform • provide protection for all users • Aim:- OS should protect User data System Resources  Application Isolation

  10. Android Security Model .. Cntd.. • Key Security features • Robust security at kernel level • Mandatory application sandbox • Secure IPC • Application Signing • Application-defined and user-granted permissions

  11. Android Security Model • The secure sandbox

  12. Android Application Security • protected APIs are • SMS/MMS • Camera • Bluetooth • Telephony • GPS • Network/data connections • These are accessible only through APIs

  13. Android Application Security • To use protected API declare them in the manifest file (which is part of apk) • These permissions are displayed when the user installs the application • User cannot grant/deny individual permission • After installation user is not prompted to confirm any of these permissions again

  14. Application layer Security

  15. Application Layer Security - Manifest.xml • The Manifest presents essential information about the application. • It describes the components of the application • Activities • Services • Broadcast Receivers • Content Providers • Declares which permissions the application would use. • Declares the minimum level of the Android API that the application requires • Lists the libraries that the application must be linked against

  16. Android Security Risks • Flimsy passwords • Naked Data • SMShing • Unsafe Surfing • Nosy Apps • Repackaged and fraudulent apps • Android malware • Fake anti-malware • Losing the device.

  17. Rewinding an year of Android Malware • SMS malware threats SMS.AndroidOS.FakePlayer.a -b-c AndroidOS_Droisnake.A Android.Walkinwat • GPS malware threats AndroidOS_Droisnake.A Android.Geinimi • Trojans • Android.Geinimi, Android.Pjapps, Droiddream, Android.Adrd AKA Android.HongTouTou, Android.Pjapps, Android.BgServ AKA Troj/Bgserv-A AKA AndroidOS_BGSERV.A, Android.Zeahache

  18. An Android Malware – Droid Dream

  19. Our Solution What we proposed? • GPS Watcher • Dual-Mode GUI • Encryption • VPN-Server What we implemented ? • SMS Scanner • GPS Scanner (These are part of Application Permission Viewer) • Application Malware Scanner • Dual-Mode Profile supporting Encryption

  20. IMPLEMENTATION • Dual-Mode Profile • Application Permission Viewer  GPS Scanner • SMS Scanner • Application Malware Scanner • Encryption

  21. Dual-Mode GUI • The GUI consists ofa login page which allows you to choose secure or standard log-in • Secure side login button prompts you for entering a secret password. • Hashing is used to store and verify the password. • User can any time switch modes after login by accessing the switch button in the Status Notification bar.

  22. The GUI

  23. IMPLEMENTATION • Dual-Mode Profile • Application Permission Viewer  GPS Scanner • SMS Scanner • Application Malware Scanner • Dual-Mode Profile Encryption

  24. Recap on Application layer Security

  25. Permission list

  26. Manifest.xml of the app (Angry Bird)

  27. Manifest.xml .. Cntd ..

  28. Permissions requested by Angry Birds application • INTERNET • READ_PHONE_STATE • ACCESS_NETWORK_STATE • WRITE_EXTERNAL_STORAGE • ACCESS_WIFI_STATE • ACCESS_COARSE_LOCATION

  29. Some Permission lists used by famous apps • Permissions Used by Weather Channel app ACCESS_COARSE_LOCATION ACCESS_FINE_LOCATION ACCESS_WIFI_STATE ACCESS_LOCATION_EXTRA_COMMANDS CHANGE_NETWORK_STATE CHANGE_CONFIGURATION INTERNET MODE_WORLD_WRITEABLE ACCESS_NETWORK_STATE CALL_PHONE VIBRATE

  30. Application Permission Viewer • Android App which is first step in providing Application layer Security. • Displays the list of Android Apps installed on our device. • Displays all permissions requested by the selected app.

  31. Screenshot of the output

  32. Screenshot of the output

  33. SMS and GPS Scanner • SMS and GPS Scanner are simple extensions to Application Permission Viewer. • Apart from listing the permissions , it displays a warning to the user , if the selected application can send sms or access our location

  34. Screenshot of SMS Scanner

  35. Screenshot of GPS Scanner

  36. IMPLEMENTATION • Dual-Mode Profile • Application Permission Viewer  GPS Scanner  SMS Scanner • Application Malware Scanner • Dual-Mode Profile

  37. Android App Scanner • Gets the list of all apps installed on our device • Fetches the permission list of each of these apps and compares them against the hard-coded rules • If any one of the rule matches , the app is tagged as ‘Potential Malware’ • After Scanning all the apps , lists the Potential Malware as an alert.

  38. Policy Rules • The policy rules we have created from the study on the android malwares • SET_DEBUG_APP • INSTALL_PACKAGES • DELETE_PACKAGES • RECEIVE_SMS + WRITE_SMS • WRITE_SMS + SEND_SMS • RECEIVE_SMS + SEND_SMS • UNINSTALL_SHORTCUT + INSTALL_SHORTCUT • PROCESS_OUTGOINGCALLS + RECORD_AUDIO + INTERNET • READ_PHONE_STATE + RECORD_AUDIO + INTERNET • WRITE_CONTACT + READ_CONTACTS + INTERNET • CAMERA+ SEND_SMS + INTERNET • CHANGE_WIFI_STATE + READ_CONTACTS + INTERNET

  39. Policy Rules (Contd.) • WRITE_SETTINGS + READ_PHONE_STATE + GET_ACCOUNTS + INTERNET • CHANGE_CONFIGURATION + MODE_WORLD_WRITABLE + CALL_PHONE_INTERNET • READ_LOGS + ACCESS_WIFI_STATE + INTERNET • READ_PHONE_STATE + ACCESS_WIFI_STATE + INTERNET • READ_PHONE_STATE + ACCESS_COARSE_LOCATION + INTERNET • RECEIVE_BOOT_COMPLETE + ACCESS_COARSE_LOCATION + INTERNET • RECEIVE_BOOT_COMPLETE + ACCESS_FINE_LOCATION + INTERNET

  40. Results of Investigating popular apps against our rules

  41. Results of Investigating popular apps against our rules

  42. Results of Investigating popular apps against our rules

  43. Results of Investigating popular apps against our rules

  44. Screenshot of the output

  45. Screenshot of the output

  46. IMPLEMENTATION • Dual-Mode Profile • Application Permission Viewer  GPS Scanner  SMS Scanner • Application Malware Scanner • Dual-Mode Profile

  47. Dual Mode Profile Features: • Encrypted data and cache. • Encryption done using AES-CBC • Implemented the Linux Unified Key System (LUKS) • Crypt setup was used to create an encrypted file system • Crypt setup is implemented as a device mapper target, thus enabling the encryption of block devices and files • Key Storage • Mount encrypted data and cache into /data and /cache on profile switch.

  48. Keyterms  Zygote  Loop back Filesystem  Block device  Encryption-AES-CBC

  49. Steps to perform Encryption • Configure the kernel to support encryption. • Create an empty file, secureMode. • Mknod • Losetup • Encrypt the blocks • Format the new encrypted filesystem- mkfs or mke2fs. • Copy contents of current /data and /cache folder into a mount point. • Stop Zygote. • Unencrypt the encrypted block. • Mount this into the /data and /cache . • Restart Zygote. • After use Encrypt and umount this, and mount original /data and /cache back. Why?

  50. Screenshot of the output

More Related