openkeychain: an architecture for cryptography with smart ... · cryptography with smart cards and...
TRANSCRIPT
Operating System
Crypto Provider Email
IM
access controlper client
Other Clientsaccess controlby PIN
key managementsecret key creationPIN/password cachingNFC dispatcher
API:high-level crypto operationsPIN/password inputcommon user interactions
Security Tokenoperating system withcryptography applet holds secret key
API: low-level operations
binds to API
binds to API
potentiallyuntrusted
operationsrestricted toselected keys
OpenKeychain: An Architecture forCryptography with Smart Cards and NFC Ringson AndroidDominik Schürmann, Sergej Dechand, Lars Wolf, 2017-09-14
Institute of Operating Systemsand Computer Networks
Working Title: “One Ring to Sign Them All”
Dominik Schürmann, Sergej Dechand, Lars Wolf, 2017-09-14
Institute of Operating Systemsand Computer Networks
Introduction Architecture User Study Conclusion
End-to-End EncryptionBut let’s start from the beginning...
End-to-End Encryption on AndroidMessaging: Signal, WhatsApp, LINE, …Cloud Storage: SpiderOak, Boxcryptor, …Email: ?
IssuesSecret Key is stored on the deviceAndroid updates rolled out slowlyMalwareBring Your Own Device (BYOD) Policies
2017-09-14 Dominik Schürmann Page 3 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
End-to-End EncryptionBut let’s start from the beginning...
End-to-End Encryption on AndroidMessaging: Signal, WhatsApp, LINE, …Cloud Storage: SpiderOak, Boxcryptor, …Email: ?
IssuesSecret Key is stored on the deviceAndroid updates rolled out slowlyMalwareBring Your Own Device (BYOD) Policies
2017-09-14 Dominik Schürmann Page 3 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
End-to-End EncryptionBut let’s start from the beginning...
End-to-End Encryption on AndroidMessaging: Signal, WhatsApp, LINE, …Cloud Storage: SpiderOak, Boxcryptor, …Email: ?
IssuesSecret Key is stored on the deviceAndroid updates rolled out slowlyMalwareBring Your Own Device (BYOD) Policies
2017-09-14 Dominik Schürmann Page 3 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Goals
Architecture for End-to-End EncryptionEasy API (no knowledge of public key crypto required)Support for secret keys on external NFC tokensInclude UI components
Research GoalsAPI DesignComparison with existing APIsTry out new form factors (NFC Ring!)User study of UI components
2017-09-14 Dominik Schürmann Page 4 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Goals
Architecture for End-to-End EncryptionEasy API (no knowledge of public key crypto required)Support for secret keys on external NFC tokensInclude UI components
Research GoalsAPI DesignComparison with existing APIsTry out new form factors (NFC Ring!)User study of UI components
2017-09-14 Dominik Schürmann Page 4 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Existing Work
Crypto API MisuseEgele et al.: “An Empirical Study of Cryptographic Misuse in AndroidApplications.” (ACM CCS’11)Fahl et al.: “Why Eve and Mallory Love Android: An Analysis ofAndroid SSL (in) Security” (ACM CCS’12)
Usability of Two Factor Authentication on Desktop SystemsStrouble et al.: “Productivity and Usability Effects of Using aTwo-Factor Security System” (SAIS’09)Lang et al. (Google): “Security Keys: Practical Cryptographic SecondFactors for the Modern Web” (Financial Crypto’16)
2017-09-14 Dominik Schürmann Page 5 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Existing Work
ConclusionNo App/Library/Architecture on Android for NFC Security Tokens forEnd-to-End EncryptionStudies only about Authentication, not EncryptionNo studies on NFC Rings for Crypto
2017-09-14 Dominik Schürmann Page 6 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Architecture
Operating System
Crypto Provider Email
IM
access controlper client
Other Clientsaccess controlby PIN
key managementsecret key creationPIN/password cachingNFC dispatcher
API:high-level crypto operationsPIN/password inputcommon user interactions
Security Tokenoperating system withcryptography applet holds secret key
API: low-level operations
binds to API
binds to API
potentiallyuntrusted
operationsrestricted toselected keys
2017-09-14 Dominik Schürmann Page 7 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
API Specificiation (Simple Version)
Action Req. Extras Description
SIGN_AND_ENCRYPT USER_IDS Encrypt to email addresses and generate signatureDECRYPT_VERIFY - Decrypt and verify signature
Typically, APIs only provide low level methodsIn our case it also provides UI componentsIncludes secure password/PIN caching
2017-09-14 Dominik Schürmann Page 8 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Demo Videos
2017-09-14 Dominik Schürmann Page 9 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
User Interface Engineering
2017-09-14 Dominik Schürmann Page 10 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
NFC Performance
Table: Mean durations (w/ standard deviation) ofcryptographic operations (10 experiments per operation).
Operation Duration σ
Signature calculation 787.9 ms 3.18Decrypt session key 830.9 ms 55.86Transfer existing secret key 711.9 ms 32.66Generate secret key on-tokena 9476.2 ms 2297.71
a Roughly, only every third key generation succeeded
2017-09-14 Dominik Schürmann Page 11 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
User Study
Try new form factor in comparison to smart cardsForge the One Ring in the fires of Mount Doom.
(a) IC extractedfrom NXPJ3D081.
(b) Circular coilas new NFCantenna.
(c) 3D printedring prototype.
2017-09-14 Dominik Schürmann Page 12 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
User Study
Try new form factor in comparison to smart cardsForge the One Ring in the fires of Mount Doom.
(a) IC extractedfrom NXPJ3D081.
(b) Circular coilas new NFCantenna.
(c) 3D printedring prototype.
2017-09-14 Dominik Schürmann Page 12 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
User Study
Study40 participants from a large company in GermanyPassword vs NFC card vs NFC ring
2017-09-14 Dominik Schürmann Page 13 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
User Study
Design1. Lab experiment observing setup time, decryption time2. User survey for analyzing perception
Within-group designNo comparison with biometric features
2017-09-14 Dominik Schürmann Page 14 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Performance
Ring Card Password0
50
100
150
200
250
(a) Setup time.Ring Card Password0
10
20
30
40
50
60
70
(b) Decryption time.
Figure: Time measurements (in seconds, no outliers, lower is better).
2017-09-14 Dominik Schürmann Page 15 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
User Perception
10%15%75%
60%35%5%Password
CardRing
100 50 0 50 100Percentage
Response 3 (Worst) 2 1 (Best)
Figure: Aggregated user perception showing the ranking choices in theinterview.
2017-09-14 Dominik Schürmann Page 16 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Interview
favor of cards: “easily stored in the wallet”“rings are more secure than cards because they are more difficult tosteal than wallets”“security purpose is not immediately obvious to an outsider”“rings can easily be forgotten on a bedside cabinet while not worn atnight”“cards are easily misplaced as they are not constantly worn on thebody”
2017-09-14 Dominik Schürmann Page 17 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Conclusion
SummaryFirst architecture for end-to-end encryption with NFC tokensStudy showing the advantage of NFC in comparison to passwordsDeployed to over 100,000 users on Google PlaySufficiently Secure Newsletter: https://www.sufficientlysecure.com
Hands-On DemoGet a smart card and install OpenKeychain and K-9 Mail from PlayYesterday during demo receptionCome to me after this talk to try out the ring
Any questions?Twitter: @domschuermann
2017-09-14 Dominik Schürmann Page 18 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Introduction Architecture User Study Conclusion
Conclusion
SummaryFirst architecture for end-to-end encryption with NFC tokensStudy showing the advantage of NFC in comparison to passwordsDeployed to over 100,000 users on Google PlaySufficiently Secure Newsletter: https://www.sufficientlysecure.com
Hands-On DemoGet a smart card and install OpenKeychain and K-9 Mail from PlayYesterday during demo receptionCome to me after this talk to try out the ring
Any questions?Twitter: @domschuermann
2017-09-14 Dominik Schürmann Page 18 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
Backup Slides
2017-09-14 Dominik Schürmann Page 19 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
(a) Access control perapp via user decision.
(b) Missing public key. (c) Restriction ofallowed keys per app.
2017-09-14 Dominik Schürmann Page 20 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
(a) Password input forpassword-protectedkeys.
(b) PIN selection duringkey creation.
2017-09-14 Dominik Schürmann Page 21 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks
High-Leve
l API w/ Sec
ureDefa
ults
Supp
orts Sec
urityTok
ens
Standard
ized Fo
rmats
Cross-P
latfor
m
PIN/Pa
ssword
Cache
KeyMan
agemen
t
GUI
Low-Level APIslibcrypto # # # # #
Bouncy Castle # # # # #OpenSC # G# # # #
High-Level APIs NaCl/libsodium # # # # #Keyczar # # # G# #
Fully Integrated Systems
GnuPG # G# #GNU Privacy Assistant (GPA)a # G#
Kleopatraa # G# GNOME Keyringa # #
Our work #
a uses GnuPG as its backend
2017-09-14 Dominik Schürmann Page 22 of 18OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems
and Computer Networks