Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure File System - Final Meeting Industrial Project (234313) Prof. Michael Elad Students Noam Hershtig Yuri Bronshtein 04.02.13 Supervisors Boris Dolgunov.

Published byNoel Dixon Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure File System - Final Meeting Industrial Project (234313) Prof. Michael Elad Students Noam Hershtig Yuri Bronshtein 04.02.13 Supervisors Boris Dolgunov."— Presentation transcript:

1 Secure File System - Final Meeting Industrial Project (234313) Prof. Michael Elad Students Noam Hershtig Yuri Bronshtein 04.02.13 Supervisors Boris Dolgunov Constantine Elster

2 Agenda  Goals  Problem Description  High Level solution  Demo  Methodology  Technical  Team Work  Protocol  Conclusions

3 Motivation

4 Motivation (cont.)  Defcon 20 (July 2012): “Into The Droid” by Thomas Cannon  Shows how easy is to crack the Android Encryption “Into The Droid” DEFCON20 Slides from: https://viaforensics.com/mobile-security/droid-gaining-access-android-user-data.html

5 Goal: Prevent Brute Forcing Encryption Key  Solution: 2 Stage Authentication  Store Key in TrustZone™ (KeyDB)  KeyDB Throttles key retrieval attempts  Key management is transparent to user & applications.

6 Solution Components OS kernelTrustZone dm-crypt- skm KeyDB Key Manager SFS Kernel Modules (skm, skm-udp) User mode Screen lock application SFS configuration application dm-crypt Unmodified Optional Changes Original

7 Demo

8 Our Process  Study Android & Linux Encryption mechanisms:  Device-mapper, dm-crypt  LUKS (key management alternative)  Create “proof of concept” encryption key manager  Create modular design  Define protocol  Implement Separate components:  Divide labor by platform: Android Apps / Linux Kernel  Use TDD principles:  Unit Tests before code (where applicable)  Use “simulation” (python test scripts) to test interfaces in early stages.  Integration  Verify separate modules work as expected together

9 Key Management  Runs in TrustZone  Login Attempt Throttling:  Different Locking Schemes available  Long Term Locking  “Burst Mode”  User Management:  Multiple PIN/Key pairs  Useful for Tablets  Administrative Rights  Recovery Options

10 Kernel Modules  Implemented as part of the device-mapper framework  /drivers/md  dm-crypt-skm:  device-mapper target.  Wraps dm-crypt, the original crypto device service.  skm (secure key management)  Implements the protocol generically.  Uses “pluggable” modules for communication with KeyDB in TrustZone.  Managed from usermode via ioctls. Creates “/dev/skm” device.  skm-udp  Uses netpoll API to communicate with KeyDB via UDP packets. TrustZone (KeyDB)skm-udpskm /dev/skmUser: Settingsdm-cryptdm-crypt-skmdm (dmsetup)User: Lock Screen

11 Development Platform and Languages  Android TrustZone Simulator  Java + Android SDK (Eclipse)  Testing: jUnit for Android, python for network simulation  Linux kernel modules (dm-crypt-skm, skm, skm-udp)  ANSI C  Run on GNU/Debian as vmware guest  Tested on 2.6.32 kernel, compatible with 3.3 kernel API.  Testing: python for network simulation  Configuration Application  ANSI C  Lock Screen Demo  Python and wxPython  Source Control  git (assembla private repository)

12 Kernel  TrustZone Protocol  Key Retrieval  getKey  getStatus  loadKey  unloadKey  Misc.  getVersion (For backward compatibility)  User Management  addID  removeID  changePIN  setParams  getParams  unlockID HW Support

13 Challenges  Minimal Architectural Changes  An early goal was to minimize changes to Android OS & Apps.  After studying the linux crypto services, dm-crypt was chosen as the best subsystem to modify  Kernel  Usermode Communications  Unorthodox model (simulate ‘CPU mode’ as usermode process)  Usually communication is initiated from usermode  Options which were considered:  polling (easy to implement, breaks design for actual ARM chips)  sysfs/proc (not secure enough)  sockets (incompatible with dm)  netpoll (modern API in kernel, used primarily for low level debugging)

14 Conclusions  Design  Good design simplifies code stage  Allows modularization  Modularization  Very important for team based coding  Allows easy testing & relatively smooth integration  Helps minimizing changes in porting to another platform  Minimizing Kernel Code  Debugging kernel code is non-trivial and time consuming  Linux APIs are changing all the time:  No current documentation available  Version dependent code  Automatic testing is nearly impossible  Early Testing (Test Driven Development)  Quick development  Easy regression testing

15 Thank You!

Download ppt "Secure File System - Final Meeting Industrial Project (234313) Prof. Michael Elad Students Noam Hershtig Yuri Bronshtein 04.02.13 Supervisors Boris Dolgunov."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Eclipse, M2M and the Internet of Things

Eclipse, M2M and the Internet of Things
Cross Platform UI testing using Sikuli

Cross Platform UI testing using Sikuli
INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.

INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.
October 20-24. Dyalog File Server Version 2.0 Morten Kromberg CTO, Dyalog LTD Dyalog’13.

October Dyalog File Server Version 2.0 Morten Kromberg CTO, Dyalog LTD Dyalog’13.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
PROJECT IN DISTRIBUTED SYSTEMS IPERF FOR ANDROID Developers: Shir Degani, Yuval Degani Supervisors: Prof. Roy Friedman, Alex Kogan.

PROJECT IN DISTRIBUTED SYSTEMS IPERF FOR ANDROID Developers: Shir Degani, Yuval Degani Supervisors: Prof. Roy Friedman, Alex Kogan.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Android: Hello World Frank Xu Gannon University. Steps Configuration ▫Android SDK ▫Android Development Tools (ADT)  Eclipse plug-in ▫Android SDK and.

Android: Hello World Frank Xu Gannon University. Steps Configuration ▫Android SDK ▫Android Development Tools (ADT)  Eclipse plug-in ▫Android SDK and.
D-OSDi + Android Progress Presentation Xinyi Dong Long Qiu.

D-OSDi + Android Progress Presentation Xinyi Dong Long Qiu.
Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.

Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 2: Operating-System Structures.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 2: Operating-System Structures.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.

Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
INTERNATIONAL SUMMER ACADEMIC COURSE UNIVESITY OF NIS ISAC – Android programming.

INTERNATIONAL SUMMER ACADEMIC COURSE UNIVESITY OF NIS ISAC – Android programming.

Similar presentations

Ads by Google