kerberos android - wolfssl · • 100 million activated android devices (now 400,000 / day) •...
TRANSCRIPT
Kerberos + Android A Tale of Opportunity
© Copyright 2012 yaSSL Slide 1 / 39
Platform Decisions
The Statistics
© Copyright 2012 yaSSL Slide 2 / 39
Why Go Mobile?
80% of the world's population now has a mobile phone.
© Copyright 2012 yaSSL Slide 3 / 39
( 5 Billion Phones )
Why Go Mobile?
Of those 80%,
are smartphones.
© Copyright 2012 yaSSL
1.08 Billion
21.6%
Slide 4 / 39
Why Go Mobile?
In the US: the ratio is even higher, with smartphones making up 40% of all mobile phones.
60% 40%
© Copyright 2012 yaSSL Slide 5 / 39
OK, well why Android?
© Copyright 2012 yaSSL Slide 6 / 39
Android?
U.S. Smartphones (40%)
© Copyright 2012 yaSSL
Android 40%
iPhone 28%
Blackberry 19%
Windows Mobile, 7%
Other, 5% Windows Phone 7, 1%
==
Slide 7 / 39
Reason 1: US Market Dominance
Android? Reason 2: Consumer Popularity
© Copyright 2012 yaSSL
• 100 million activated Android devices (now 400,000 / day) • 200,000 apps in Android Market (4.5 billion activations to date)
• 310 devices available to consumers (112 countries)
Slide 8 / 39
Android? Reason 3: Developer Popularity
© Copyright 2012 yaSSL
• 450,000 developers building for the platform!
Slide 9 / 39
Android. Meaning?
© Copyright 2012 yaSSL
• Opportunity for increased Kerberos visibility • Useful for Android and Kerberos developers
• Fun to see where the community takes it
Slide 10 / 39
Our Plan
What we wanted to do.
© Copyright 2012 yaSSL Slide 11 / 39
Goals We wanted to fill a missing gap.
© Copyright 2012 yaSSL
1. Port Kerberos libraries to Android 2. Port some C-based Kerberos client apps to Android
kinit
klist
kvno
kdestroy
Slide 12 / 39
Goals We wanted to spark community involvement.
© Copyright 2012 yaSSL
3. Build a sample Android NDK App (with a simple GUI) 4. Give changes back to community
Slide 13 / 39
Action!
What we did.
© Copyright 2012 yaSSL Slide 14 / 39
1. Crypto Implementation
© Copyright 2012 yaSSL Slide 15 / 39
Crypto Added new CyaSSL crypto implementation
© Copyright 2012 yaSSL Slide 16 / 39
• Kerberos crypto options: CyaSSL, OpenSSL, NSS, built-in
Crypto Added new CyaSSL crypto implementation
© Copyright 2012 yaSSL Slide 17 / 39
• CyaSSL is very portable
2. Porting
© Copyright 2012 yaSSL Slide 18 / 39
Android Port Kerberos Libraries + CyaSSL Android.
© Copyright 2012 yaSSL Slide 19 / 39
• Cross-compiled libraries for Android • Created shell script for easy reproduction by developers
3. Android Application
© Copyright 2012 yaSSL Slide 20 / 39
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 21 / 39
Home Screen • Single screen • Uses JNI • Wrapper around native
client apps
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 22 / 39
kinit • Gets a ticket using
specified principal
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 23 / 39
klist • Lists our tickets
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 24 / 39
kvno • Gets a service ticket for
the entered principal
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 25 / 39
klist after kvno • Verify that we got a
ticket
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 26 / 39
kdestroy • Clear our ticket cache
Notes • Uses a keytab instead of passwords
• Storage locations have been chosen for convenience
Android App
© Copyright 2012 yaSSL Slide 27 / 39
Can be easily modified to what the developer needs Currently at /data/local/kerberos
License Type • Application code will remain under the MIT license
Android App
© Copyright 2012 yaSSL Slide 28 / 39
4. GSS-API Wrapper
© Copyright 2012 yaSSL Slide 29 / 39
GSS-API Java Wrapper
© Copyright 2012 yaSSL Slide 30 / 39
• Provide Java bindings for developers to use • Uses framework
• Wrapper around native Kerberos GSS-API library
(Contains functionality found in gssapi.h)
GSS-API Java Wrapper
© Copyright 2012 yaSSL Slide 31 / 39
2 example clients: • Android client functionality
• Stand-alone Java app for desktop use
GSS-API Integrated into sample app.
© Copyright 2012 yaSSL Slide 32 / 39
Example Client • Est. context with example server
• Send wrapped message, verify
returned sig. block (gss_wrap, gss_verify_mic)
• Repeat #2, but with gss_seal,
gss_verify • Misc. API tests and exit.
GSS-API Integrated into sample app.
© Copyright 2012 yaSSL Slide 33 / 39
Example Server • Est. context with client
• Receive and unwrap a message from the client
• Generate & send signature block for received message
The Future
What's happening next?
© Copyright 2012 yaSSL Slide 34 / 39
The Future Look to the Community.
© Copyright 2012 yaSSL Slide 35 / 39
Availability • Code will be linked from both MIT and yaSSL websites
The Future Look to the Community.
© Copyright 2012 yaSSL Slide 36 / 39
PR Activity / Visibility • Blog posts • Forum posts • Press releases • GitHub • Mailing lists • etc...
The Future
© Copyright 2012 yaSSL Slide 37 / 39
Other ideas or thoughts?
References
© Copyright 2012 yaSSL Slide 38 / 39
Statistics • http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/ • http://www.go-gulf.com/blog/smartphone • http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40-
percent-are-android/ • Google I/O 2011: http://www.google.com/events/io/2011
Project Locations Kerberos: http://web.mit.edu/kerberos/ CyaSSL: http://www.yassl.com/
• Android NDK App: https://github.com/cconlon/kerberos-android-ndk • GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapi
Thanks!
© Copyright 2012 yaSSL Slide 39 / 39
www.yassl.com