PORSCHA PORSCHA : POLICY ORIENTED SECURE CONTENT HANDLING IN ANDROID Machigar Ongtang, Kevin Butler, Patrick McDaniel Dhurakij Pundit University, University of Oregon, Pennsylvania State University ACSAC(2010)

Agenda  Introduction  Content on Smart Phone  About Android  Architecture  Evaluation  Discussion  Conclusion

 Android provide few direct protections for the content placed on the phone  DRM(Digital Right Management) DRM(Digital Right Management)  Porscha:  content should only be accessible by explicitly authorized phones  content should only be accessed by provider endorsed applications  content should be subject to contextual constraints  Two phases of Porscha:  in transit  on platform Introduction

Content on Smart Phone  Personal and Business Documents  Service-specific data  spy camera  Mydroid  Financial Information

Content on Smart Phone  DRM Policy Requirements  Binding content to the phone  Binding content to endorsed applications  Constraining continuing use of the content

About Android  Four types of components  Two groups of applications  Documents in transit & on-platform access

About Android  On-platform access  Initial Document Recipients  Documents at Rest  Document Sharing

Architecture  Constraints on Devices － binding to specific devices identified by the users' International Mobile Subscriber Identity (IMSI) or WAP Identify Module (WIM).International Mobile Subscriber Identity (IMSI)  Constraints on Applications － be restricted to applications with a given code fingerprint (hash of the application image)  Constraints on Use － support not only the regulation of simple accesses, but also differentiation of simple access from read, modify and delete rights

Architecture － in transit  Identity-Based Encryption (IBE):enables the senders to construct the public keys of the recipients from known identities, and contains a trusted Private Key Generator(PKG).  Encryption : inputting the message (data), public key string, and cryptosystem parameters  Decryption : inputting the ciphertext and private key to the decryption algorithm

Architecture － in transit  sender(content source) : S  receiver(phone) : R  identity for participant s : I s  public/private key of a : K a + /K a -  content : m  police for m : p m   Delivery of SMS/MMS:

Architecture － in transit  Delivery of  one-time 128-bit AES symmetric key : k e

Architecture － on platform  Policy Enforcement on Initial Recipients

Architecture － on platform  traffic is opaque to Android  Use the Apache Mime4j library to parse the message streams in plain RFC-882 and MIME formatsApache Mime4j

Architecture － on platform  Policy Enforcement on Documents at Rest  add an extra policy field to the structure of each Content Provider record  The Porscha mediator inserts the policy into this field

Architecture － on platform  Enforcement on Indirect Receivers

EVALUATION

Discussion  Recipients Without Porscha  store all modifications such as decrypted s and those with information removed, locally on the phone, and only reflect back to the IMAP server the original  Application and Platform Trust  Alternative Application Enforcement Infrastructures  Digital Rights Management  Porscha is lightweight and designed with mobile solutions in mind; by contrast, many advanced DRM protocols are heavyweight and not transparent to applications.

Conclusion  Porscha can protect SMS, MMS, document.  Porscha secures content delivery using identity- based encryption and mediates on-platform content handling to ensure conformance with content policy

 Thank you for listening