Secure File System -Final Meeting

Industrial Project (234313)

Prof. Michael Elad

StudentsNoam HershtigYuri Bronshtein

04.02.13

SupervisorsBoris Dolgunov

Constantine Elster

Agenda

Goals Problem Description

High Level solution

Demo

Methodology Technical

Team Work

Protocol

Conclusions

Motivation

Motivation (cont.)

Defcon 20 (July 2012): “Into The Droid” by Thomas Cannon

Shows how easy is to crack the Android Encryption

“Into The Droid” DEFCON20 Slides from:https://viaforensics.com/mobile-security/droid-gaining-access-android-user-data.html

Goal: Prevent Brute Forcing Encryption Key Solution: 2 Stage Authentication

Store Key in TrustZone™ (KeyDB)

KeyDB Throttles key retrieval attempts

Key management is transparent to user & applications.

Solution Components

OS kernel TrustZone

dm-crypt-skm

KeyDBKey

Manager

SFS Kernel Modules

(skm, skm-udp)

User mode

Screen lock application

SFS configuratio

n application

dm-crypt Unmodified

Optional Changes

Original

Demo

Our Process

Study Android & Linux Encryption mechanisms: Device-mapper, dm-crypt

LUKS (key management alternative)

Create “proof of concept” encryption key manager

Create modular design

Define protocol

Implement Separate components: Divide labor by platform: Android Apps / Linux Kernel

Use TDD principles: Unit Tests before code (where applicable)

Use “simulation” (python test scripts) to test interfaces in early stages.

Integration Verify separate modules work as expected together

Key Management

Runs in TrustZone

Login Attempt Throttling: Different Locking Schemes available

Long Term Locking

“Burst Mode”

User Management: Multiple PIN/Key pairs

Useful for Tablets

Administrative Rights

Recovery Options

Kernel Modules

Implemented as part of the device-mapper framework <kernel>/drivers/md

dm-crypt-skm: device-mapper target.

Wraps dm-crypt, the original crypto device service.

skm (secure key management) Implements the protocol generically.

Uses “pluggable” modules for communication with KeyDB in TrustZone.

Managed from usermode via ioctls. Creates “/dev/skm” device.

skm-udp Uses netpoll API to communicate with KeyDB via UDP packets.

TrustZone (KeyDB)

skm-udp

skm

/dev/skm

User: Settings

dm-crypt

dm-crypt-skm

dm (dmsetup)

User: Lock Screen

Development Platform and Languages Android TrustZone Simulator

Java + Android SDK (Eclipse)

Testing: jUnit for Android, python for network simulation

Linux kernel modules (dm-crypt-skm, skm, skm-udp) ANSI C

Run on GNU/Debian as vmware guest

Tested on 2.6.32 kernel, compatible with 3.3 kernel API.

Testing: python for network simulation

Configuration Application ANSI C

Lock Screen Demo Python and wxPython

Source Control git (assembla private repository)

Kernel TrustZone Protocol

Key Retrieval getKey

getStatus

loadKey

unloadKey

Misc. getVersion (For backward

compatibility)

User Management addID

removeID

changePIN

setParams

getParams

unlockID

HW Support

Challenges

Minimal Architectural Changes An early goal was to minimize changes to Android OS & Apps.

After studying the linux crypto services, dm-crypt was chosen as the best subsystem to modify

Kernel Usermode Communications Unorthodox model (simulate ‘CPU mode’ as usermode process)

Usually communication is initiated from usermode

Options which were considered: polling (easy to implement, breaks design for actual ARM chips)

sysfs/proc (not secure enough)

sockets (incompatible with dm)

netpoll (modern API in kernel, used primarily for low level debugging)

Conclusions

Design Good design simplifies code stage

Allows modularization

Modularization Very important for team based coding

Allows easy testing & relatively smooth integration

Helps minimizing changes in porting to another platform

Minimizing Kernel Code Debugging kernel code is non-trivial and

time consuming

Linux APIs are changing all the time: No current documentation available

Version dependent code

Automatic testing is nearly impossible

Early Testing (Test Driven Development) Quick development

Easy regression testing

Thank You!