University of Piraeus Department of Digital Systems Postgraduate Programme “Techno-economic Management & Security of Digital Systems” Master’s Thesis SECURITY EVALUATION OF ANDROID KEYSTORE Georgios Kasagiannis MTE/1515, [email protected] Under the supervision of: Dr Christoforos Dadoyan, [email protected] Piraeus 26/2/2018 Georgios Kasagiannis I would like to thank the Professors of this MSc because I learned a great deal about all forms of security and how wide an attack-surface can be, but also how human factor and human nature can be of use or can be exploited. Maybe the biggest lesson I’ve learned is that any system that is based on humans can be exploited even with not much effort if you really want it. I would like to thank Vicky & Stathis for all the kinds of help they gave me for this thesis, Geralt, and also my academic friends that helped me through the semesters. Last but foremost, I would like to thank the fellow students who not only did not help my team through the projects, but they “took care only of them”... Maybe they taught and trained me the most! The more I learn, the less I know... ii Security Evaluation of Android Keystore Table of Contents Table of Contents ........................................................................................................ iii Table of Figures ........................................................................................................... iv Table of Tables .............................................................................................................. v Abstract ........................................................................................................................ vi 1. Introduction .............................................................................................................. 1 1.1 Foreword .............................................................................................................. 1 1.1.1 What is Android (1)? ..................................................................................... 1 1.1.2 What is computer security and how important is it in the 21th century? ..... 1 1.1.3 Mobile Platform Security .............................................................................. 2 1.2 Subject of Thesis .................................................................................................. 3 1.3 Chapter Reference ................................................................................................ 5 2. Background .............................................................................................................. 6 2.1 Cryptography ....................................................................................................... 6 2.1.1 Symmetric Cryptography .............................................................................. 7 2.1.2 Asymmetric Cryptography ............................................................................ 7 2.2 Trusted Execution Environment .......................................................................... 9 2.2.1 ARM TrustZone® ........................................................................................ 11 2.3 Android .............................................................................................................. 18 3. Android Keystore ................................................................................................... 21 3.1 APIs for Key storage .......................................................................................... 21 3.2 Methodology ...................................................................................................... 23 3.2.1 Criteria ........................................................................................................ 23 3.2.2 Evaluation ................................................................................................... 25 4. Experiment ............................................................................................................. 29 4.1 Android KeyStore test using TEE on Qualcomm devices ................................. 30 4.1.1 Evaluation in Android 5.0 ........................................................................... 32 4.1.2 Evaluation in Android 6.0.1 ........................................................................ 34 4.1.3 Evaluation in Android 7.1.2 ........................................................................ 36 4.2 Android KeyStore using software-based Keymaster ......................................... 38 4.2.1 Evaluation in Android 5.0 ........................................................................... 40 4.2.2 Evaluation in Android 6.0 ........................................................................... 42 4.2.3 Evaluation in Android 7.0 ........................................................................... 44 5. Future Work & Conclusions ................................................................................. 46 References ................................................................................................................... 47 Appendix A - Acronyms ............................................................................................. 49 Appendix B – Source Code ........................................................................................ 50 Appendix C - Thesis presentation ................................. Error! Bookmark not defined. iii Georgios Kasagiannis Table of Figures Figure 1: AXI-bus diagram .......................................................................................... 13 Figure 2: NS Bit functionality normal world ............................................................... 14 Figure 3: NS Bit functionality secure world ................................................................ 14 Figure 4: Arm Trusted Firmware ................................................................................. 15 Figure 5: ARM Trusted Firmware Architecture ........................................................... 16 Figure 6: TrustZone boot procedure ............................................................................ 17 Figure 7: The separation of the hardware by TrustZone in two worlds. ...................... 17 Figure 8: Schematic overview of the attacker models ................................................. 25 Figure 9: Per use key authentication ............................................................................ 28 Figure 10: Legit app and Rogue app installed ............................................................. 29 Figure 11: Forcibly inserting bouncycastle library to keystore-decryptor ................... 30 Figure 12: Copying key files with other UID .............................................................. 31 Figure 13: 5HW key generation and validation of signature ....................................... 32 Figure 14: 5HW Finding UID of rogue and legit apps ................................................ 33 Figure 15: 5HW Copy key files and change ownership .............................................. 33 Figure 16: 5HW rogue app parsing key of legit app .................................................... 34 Figure 17: 5HW using keystore-decryptor .................................................................. 34 Figure 18: 6HW key generation and validation of signature ....................................... 35 Figure 19: 6HW Copy key files and change ownership .............................................. 35 Figure 20: 6HW rogue app parsing key of legit app .................................................... 36 Figure 21: 7HW key generation and validation of signature ....................................... 36 Figure 22: 7HW Copy key files and change ownership .............................................. 37 Figure 23: 7HW rogue app parsing key of legit app .................................................... 37 Figure 24: Android Studio downloading SDKs ........................................................... 39 Figure 25: Creating the AVDs ...................................................................................... 40 Figure 26: 5SW Copy key files and change ownership ............................................... 41 Figure 27: 5SW rogue app parsing key of legit app .................................................... 41 Figure 28: 5SW using keystore-decryptor ................................................................... 42 Figure 29: 6SW key generation and validation of signature ........................................ 42 Figure 30: 6SW Copy key files and change ownership ............................................... 43 Figure 31: 6SW rogue app parsing key of legit app .................................................... 43 Figure 32: 7SW key generation and validation of signature ........................................ 44 Figure 33: 7SW Copy key files and change ownership ............................................... 44 Figure 34: 6SW rogue app parsing key of legit app .................................................... 45 iv Security Evaluation of Android Keystore Table of Tables Table 1: Chapter reference ............................................................................................. 5 Table 2: Generating an RSA key pair .......................................................................... 26 Table 3: Symmetric Key generation ............................................................................ 27 v Georgios Kasagiannis Abstract This