a comparison of android and ios security models
DESCRIPTION
A Comparison of Android and iOS Security Models. Trevor L. Buttrey. vs. Reasons for Concern. Smartphones are advancing technologically Have become popular People are growing more dependant upon them Size makes them easy to lose - PowerPoint PPT PresentationTRANSCRIPT
Computer and Information Sciences
A Comparison ofAndroid and iOS Security
ModelsTrevor L. Buttrey
Computer and Information Sciences
vs.
3
Reasons for Concern
• Smartphones are advancing technologically
• Have become popular
• People are growing more dependant upon
them
• Size makes them easy to lose• Security problems are becoming more of an
issue as users store more and more personal information on them
Computer and Information Sciences
4
Unsecure Devices Allow
• Access to emails and social networking accounts
• Access to personal messages
• Access to phone book
• Access to phone accounts
• Access to personal and confidential information
Computer and Information Sciences
5
Unsecure Devices Allow
• Access to bank accounts
• Access to mobile payments
• Access to web accounts
• Access to passwords
• Knowledge of location
Computer and Information Sciences
6
The 5 Security Pillars
Computer and Information Sciences
Traditional Access
Controls
Permissions -based Access Control
Application ProvenanceEncryption Isolation
7
Traditional Access Controls
Computer and Information Sciences
8
Traditional Access Control
iOS• Password and passcode locking mechanisms
• Touch ID
• Device self-wipe capabilities
• Lockout of internal memory if not unlocked
• Memory is soldered to PCB
Computer and Information Sciences
9
Traditional Access Control
Android• Starting with 2.x, password, passcode, and
pattern locking mechanism, • 4.0 introduced facial recognition
• Other locking methods include fingerprint readers and pictures.
• Lockout of internal memory if not unlocked
• SD card removable
Computer and Information Sciences
10
Data Encryption
Computer and Information Sciences
12
Data Encryption
iOS• Hierarchy of encryption keys:• Passcode Key• Hardware Keys: Unique ID (UID) and device group ID (GID)
– AES 256-bit keys– Built Into Hardware and not directly accessible
• File System Key– Generated Randomly and stored in Flash Memory– Used to encrypt File Metadata
• Per File Key– Encrypted by Class Key for file’s encryption class– Encrypts contents of files on disk
Computer and Information Sciences
13
Data Encryption
iOS• Encryption Classes
– Complete Protection• Only Decryptable when unlocked, unusable
when locked– Protected Unless Open
• Uses Asymmetric Elliptic Curves (it’s complicated)
– Protected Until First User Authentication• Similar to FDE
– No Protection• Only protected by UIDComputer and Information
Sciences
14
Data Encryption
iOS• Effaceable Storage
– Low Level access to storage for secure wiping
– Used to erase File System Key
Computer and Information Sciences
15
Data Encryption
iOS• Secure enclave
– Securely process fingerprints– Is given the key to decrypt the complete
protection data class when locked.– Separate and directly inaccessible to OS
Computer and Information Sciences
16
Data Encryption
Android• Some data encryption present• Android 3.x “Honeycomb” and above
support full filesystem encryption (AES128 CBC & ESSIV:SHA256)
• SD card encryption is not supported on any version in AOSP
• Device Manufacturers Can implement this themselves
Computer and Information Sciences
17
Data Encryption
Android• Samsung Knox:
– Brings android closer to iOS– Supports AES-256 encryption of internal
storage and SD cards
Computer and Information Sciences
18
Permissions-based Access Control
Computer and Information Sciences
Computer and Information Sciences
19
Permissions-based Access Control
• After an app is installed, it has access to all permitted resources of that device
• It can perform any kind of malicious operation using the permissions provided
20
Permissions-based Access Control
iOS• Each app is given only certain permissions by
iOS
• Once installed, user has granted app access to any of the devices resources
• Apps can use most resources without additional permission
• May access things they don’t need
• Does not require permission of the userComputer and Information Sciences
21
Permissions-based Access Control
Android• Follows Capability-Based Security Model
• App must request specific permissions from OS before access
• User sees what is being requested and must grant permission before app is installed
• Once app is granted permission, it could perform malicious activity using those permissions
Computer and Information Sciences
22
Permissions-based Access Control
Android vs. iOS
• Android allows more access to the system than iOS does
• Android only gives explicit permissions to apps while apps installed on iOS can perform any operation as defined by the OS
Computer and Information Sciences
23
Default App Permissions: Android vs. iOS
Computer and Information Sciences
Internet
Address Book
iOS
Calendar
Device UID
Read SD Card
Android
Phone Number
Music/Video Files
Safari Search History
Auto-Complete
YouTube History
WiFi Connection Logs
Mic and Video Camera
List of Installed Apps
Launch An Installed App
24
Requestable App Permissions: Android vs. iOS
Computer and Information Sciences
Location (GPS)
Push Notifications
iOS
Make Phone Call
Send SMS/MMS
Fine Location (GPS)
Android
Coarse Location (Network) Internet
SMS/MMS Send/Receive Calendar Address Book
Music/Video/Picture
SD Read/Write
Make and Terminate Calls
Access Device Logs
Obtain Task List
Make Bluetooth Connections
Prevent Phone From Sleeping
Record Audio
Manage Accounts
Control NFC
25
Which is Legitimate?
Computer and Information Sciences
AndroidOS.FakePlayer
Legit Video Player
26
Application Provenance
Computer and Information Sciences
27
Application Provenance
iOS• Robust signing system
• Apple provides digital certificate only to those who register
• $100 per year
• Thorough analysis of apps, takes weeks
Computer and Information Sciences
28
Application Provenance
Android• Not a robust signing system
• Anonymous signing certificates can be made without oversight from Google
• Allows legitimate applications to be repackaged after adding malware
• Although not signed with the same signature, they will be signed, and can be distributed on the web.
Computer and Information Sciences
29
Isolation
Computer and Information Sciences
30
ProgrammingiOS: • All apps are Objective-C or Swift
Android: • Apps run in Dalvik JVM
• Android does not use that as main form of isolation as not all code run in the VM
• Most web browsers use significant amounts of native code
Computer and Information Sciences
31
Isolation
iOS• Sandboxed
– Own home directory– Must use APIs to access or modify system
settings– Cannot communicate with other apps
directly– Nothing runs as root except kernel
Computer and Information Sciences
32
Isolation
iOS• Declared Entitlements
– Digitally signed– Allow extra permissions– Alternative to running as root
Computer and Information Sciences
33
Isolation
Android• Sandboxing
– Uses native Linux user-based permissions model
– Each app is it’s own user– Secured by the Linux kernel itself
Computer and Information Sciences
34
Isolation
Android• Samsung Knox:
– Further separates applications– Prevents access to Android APIs– Reduces API set allows data in, but not
out
Computer and Information Sciences
35
Jailbreaking, Rooting, and Exploits
Computer and Information Sciences
36
Jailbreaking, Rooting, and Exploits
iOS• Jailbreaking: Uses exploits (buffer overflows
among other things) to allow unsigned code to run
Android• Rooting: Uses exploits (usually buffer
overflows) to load a su binary (usually harder than it sounds) to allow apps to run with elevated privileges
Computer and Information Sciences
37
Jailbreaking, Rooting, and Exploits
The Point: Although the uses for the exploits are usually beneficial for the user, their existence represents flaws in OS’s that can be leveraged by malicious apps.
Computer and Information Sciences
38
Jailbreaking and Rooting
Advantages:• The (hacking) community can push out
patches for other exploits faster than the manufactures (iOS PDF)
• Finer control over the system
Computer and Information Sciences
39
Jailbreaking and Rooting
Disadvantages:
• May cause security vulnerabilities
• May “brick” the device
• May void the warranty
Computer and Information Sciences
40
After running the exploits, the device may become vulnerable in other ways
(iPhone.Ikee)
Computer and Information Sciences
41
Summary
• Both have Strong Isolation• iOS’s Permission system is static, but due to vetting process
harder for apps to abuse them.• Android’s Permission system is flexible, but requires user
vigilance.• Both have Strong Traditional access controls• Both have encryption on recent versions, however android
2.x versions don’t have any and 3.x+ encryption pales compared to iOS
• Apple has a stronger vetting process, but also takes longer for app updates
• Android has weaker vetting process, but updates get pushed out almost immediately Computer and Information
Sciences
42Computer and Information
Sciences
xkcd,com