Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14 Presented by: Mike Hendrick VP Product Dev @ Sequitur Labs.

Slides:

Advertisements

Similar presentations

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Advertisements

McAfee One Time Password

Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.

Internet of Things Security Architecture

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Dongyan Wang GlobalPlatform Technical Program Manager

Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.

KTC, November On services and apps in IoT Mobile apps – the key interface for IoT solutions The value of IoT devices increase with the functionality.

SODA Archiving October 2013

Protecting Data on Smartphones and Tablets from Memory Attacks

Paul Stich CEO Mobile App Risk Management – Over 5 million mobile apps – Small customer – 300 employees = 13,800 apps – Enterprise customer – 100K employees.

Wireless and Mobile Security

2015 NetSymm Overview NETSYMM OVERVIEW December

Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.

IT Pro Day MDMC Daniel von Büren V-TSP / Senior Consultant / CTO, redtoo ag Modern Device Management through the Cloud.

TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.

Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.

The VERSO Product Returns Portal Incorporates Office 365 Outlook and Excel Add-Ins to Create Seamless Workflow for All Participating Users OFFICE 365 APP.

Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

With Office 365, Collaborative Solution by Qorus Streamlines Document Assembly and Enhances Productivity for Any Business-Critical Documents OFFICE 365.

Tago Tago IoT DAY GRAIN BIN LEVEL? The epicenter of middleware

The Device Networking Company

The time to address enterprise mobility is now

Device Maintenance and Management, Parental Control, and Theft Protection for Home Users Made Easy with Remo MORE and Power of Azure MICROSOFT AZURE APP.

MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE

WorkDiff Mobile, Scenario-Based Collaboration Solution WorkDiff Allows Users to Work Differently While Using Familiar Functions of Microsoft Office 365.

LAS16-203: Platform Security Architecture for embedded devices

REST API for Mobile Devices

SAP Authentication 365 Run Simpler with SAP Digital Interconnect

Development of an Embedded Platform for Secure CPS Services

Cloud adoption NECOOST Advisory | June 2017.

Webparts360: A Low-Code App Development Tool That Enables Non-Programmers to Build Business Solutions for Microsoft Office 365 Quickly, Easily OFFICE 365.

Free Cloud Management Portal for Microsoft Azure Empowers Enterprise Users to Govern Their Cloud Spending and Optimize Cloud Usage and Planning MICROSOFT.

Gather Valuable Customer Data

Keyhub Identity and Access Management App is Powered by Azure and Offers Customers Easy Authentication, Authorization for Mobile Devices MICROSOFT AZURE.

SMS+ on Microsoft Azure Provides Enhanced and Secure Text Messaging, with Audit Trail, Scalability, End-to-End Encryption, and Special Certifications MICROSOFT.

Wonderware Online Cost-Effective SaaS Solution Powered by the Microsoft Azure Cloud Platform Delivers Industrial Insights to Users and OEMs MICROSOFT AZURE.

Booklet365 Office 365 Outlook Add-In Makes Easy Work of Managing Schedules for Fitness Gyms, Sports Associations, Trainers, and Their Customers Partner.

Make Your Management and Board Meetings More Effective and Paperless with Microsoft Office 365, SharePoint, and the Pervasent Board Papers App Partner.

Power BI Security Best Practices

practice-questions.html If you Are Thinking about your dumps? Introduction:

Company Overview & Strategy

Running on the Powerful Microsoft Azure Platform,

It’s About Time – ScheduleMe Outlook Add-In for Office 365 Enables Users to Schedule Meetings Easily with People Outside of Your Organization Partner Logo.

With IvSign, Office 365 Users Can Digitally Sign Word Documents in the Cloud from Any Device Without Having to Install Any Digital Certificates OFFICE.

Scalable SoftNAS Cloud Protects Customers’ Mission-Critical Data in the Cloud with a Highly Available, Flexible Solution for Microsoft Azure MICROSOFT.

File Manager for Microsoft Office 365, SharePoint, and OneDrive: Extensible Via Custom Connectors in Enterprise Deployments, Ideal for End Users OFFICE.

On-Premises, or Deployed in a Hybrid Environment

Auth0 Is Identity Made Simple for Developers, Built by Developers and Supported by the High Availability and Performance of Microsoft Azure MICROSOFT AZURE.

DeFacto Planning on the Powerful Microsoft Azure Platform Puts the Power of Intelligent and Timely Planning at Any Business Manager’s Fingertips Partner.

Data Security for Microsoft Azure

Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.

Dell Data Protection | Rapid Recovery: Simple, Quick, Configurable, and Affordable Cloud-Based Backup, Retention, and Archiving Powered by Microsoft Azure.

BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.

Media365 Portal by Ctrl365 is Powered by Azure and Enables Easy and Seamless Dissemination of Video for Enhanced B2C and B2B Communication MICROSOFT AZURE.

Mobile Services and Cloud Scalability Enable Connections Between Brands and Customers MINI-CASE STUDY “It became clear that Microsoft Azure was the way.

Increase and Improve your PC management with Windows Intune

We secure the communication

Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow

School Districts Can Analyze and Report on Data Across Multiple Systems with EdWire, a Powerful Integration Solution that Utilizes Microsoft Azure MICROSOFT.

Presentation transcript:

Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14 Presented by: Mike Hendrick VP Product Dev @ Sequitur Labs

Company Background Founding Team Experience Customers and Partners Incorporated in 2010 Prior decade of work on mobile platforms Domain expertise in authorization/authentication Large enterprise policy frameworks Phil Attfield – CEO, (Founder Signal9, acquired by McAfee) Paul Chenard - CTO Mark Reed – COO Abhijeet Rane – VP Marketing Mike Hendrick – VP Product Dev Customers and Partners Deep Experience in Network security Embedded systems / mobile Massive scale telecom systems Boeing, T-Mobile, Qualcomm, HP AT&T Trustonic ARM (working relationship) Atmel (working relationship)

Overview Our Vision Develop enabling technologies and solutions to better secure and manage connected devices of today and the future. PCs Servers Tablets Smartphones IoT

Why does it matter? everyone is at risk. Business enablers: Mobile + Devices + Cloud New devices and use cases Changing IT and information consumption environment for end users and enterprises Changing and diverse security and manageability requirements Traditional IT perimeter has vanished The promise of mobility can only be realized if TRUST exists between users, services and devices $5.5 million U.S. average cost of data breach.

TrustZone and the TEE ARM provides the reference design for the TrustZone to be incorporated by SoC manufacturers Device OEMs Trustonic provides a Trusted Execution Environment (TEE) Protects against software attack from open/Rich OS Provides scalable and secure environment for apps like user auth, anti-malware, transactions Two separate domains, normal and secure Extends across entire system Secure Processing path On/off-chip memory I/O and display Increasingly available on devices Trustonic TEE Trustonic Trustonic Microkernel Trustonic Driver Kernel Module API Trustonic Driver Kernel Module Trustonic Driver API

A healthy eco-system is forming around the TEE Trustonic TEE Eco-system

DeadBolt™ – streamlining access to the tee Android Application Sequitur DeadBolt™ Java Library Secure Storage TEE-SSL Authentication +++ Sequitur Trusted Applications Secure Storage TEE-SSL Authentication +++ Trustonic Trusted Execution Environment TrustZone enabled SoC

DeadBolt Encrypt DeadBolt Encrypt – provides data at rest encrypted storage 256 AES CBC cypher Encrypt an OutputStream Decrypt an InputStream DBCryptParams – specifies crypto parameters APK_BOUND KEY_BOUND DEV_BOUND CUSTOM_BOUND NOT_BOUND Errors Exception Version

DeadBolt Encrypt – Difference from Standard Android Using FileOutputStream: FileOutputStream fos = new FileOutputStream(pictureFile); Using DBEncryptFileOutputStream: DBEncryptFileOutputStream fos = new DBEncryptFileOutputStream(picturefile, MainActivity.main_activity, new DBCryptParams(MainActivity.CryptoParamMask, MainActivity.CryptoPassword));

DeadBolt SSL Preform SSL encryption in the TEE Only call is to initialize the connection DBSSL.Init(context); DBSSLSocketFactory.InitHttpsDefault(); Or Socket sock=DBSSLSocketFactory.createSocket(host,port);

DeadBolt Authorization (Future) Local Authorization via Trusted User Interface Number PIN Code AlphaNumeric Passcode One Time Password – HOTP based on RFC 4226 Remote Authorization Key Pair Generation Secure delivery of Key to Server Message Signing and Encryption Message Validation and Decryption

Developing TEE secured apps with DeadBolt™ Sequitur simplifies the development and commercial activation of a TEE secured app Start developing app Download and include DeadBolt™ in your app (development license) Complete app development and testing Get activation license for commercial distribution Publish app on public or private app store Sequitur Developer Portal $$ Does not require developers with systems level development experience Does not require learning new platform primitives Significantly lower cost of initial and ongoing investment Rapid time to market

DeadBolt™ - Key benefits Enterprise Developers Enterprise ISVs/SIs/ Consultants Device OEMs Reduce time to market and cost Easily leverage hardware based security Deliver new value to customers Deliver secure application platforms

Sequitur Labs Inc. Contact Abhijeet Rane, VP Marketing, Abhijeet.rane@seqlabs.com Jennifer Multari, MarCom Manager, Jennifer.Multari@seqlabs.com Mike Hendrick, VP Product Development, Mike.Hendrick@seqlabs.com www.seqlabs.com