1. PORSCHA PORSCHA : POLICY ORIENTED SECURE CONTENT HANDLING IN ANDROID Machigar Ongtang, Kevin Butler, Patrick McDaniel Dhurakij Pundit University, University of Oregon, Pennsylvania State University ACSAC(2010)

2. Agenda  Introduction  Content on Smart Phone  About Android  Architecture  Evaluation  Discussion  Conclusion

3.  Android provide few direct protections for the content placed on the phone  DRM(Digital Right Management) DRM(Digital Right Management)  Porscha:  content should only be accessible by explicitly authorized phones  content should only be accessed by provider endorsed applications  content should be subject to contextual constraints  Two phases of Porscha:  in transit  on platform Introduction

4. Content on Smart Phone  Personal and Business Documents  Service-specific data  spy camera  Mydroid  Financial Information

5. Content on Smart Phone  DRM Policy Requirements  Binding content to the phone  Binding content to endorsed applications  Constraining continuing use of the content

6. About Android  Four types of components  Two groups of applications  Documents in transit & on-platform access

7. About Android  On-platform access  Initial Document Recipients  Documents at Rest  Document Sharing

8. Architecture  Constraints on Devices － binding to specific devices identified by the users' International Mobile Subscriber Identity (IMSI) or WAP Identify Module (WIM).International Mobile Subscriber Identity (IMSI)  Constraints on Applications － be restricted to applications with a given code fingerprint (hash of the application image)  Constraints on Use － support not only the regulation of simple accesses, but also differentiation of simple access from read, modify and delete rights

9. Architecture － in transit  Identity-Based Encryption (IBE):enables the senders to construct the public keys of the recipients from known identities, and contains a trusted Private Key Generator(PKG).  Encryption : inputting the message (data), public key string, and cryptosystem parameters  Decryption : inputting the ciphertext and private key to the decryption algorithm

10. Architecture － in transit  sender(content source) : S  receiver(phone) : R  identity for participant s : I s  public/private key of a : K a + /K a -  content : m  police for m : p m  ------------------------------------------  Delivery of SMS/MMS:

11. Architecture － in transit  Delivery of email:  one-time 128-bit AES symmetric key : k e

12. Architecture － on platform  Policy Enforcement on Initial Recipients

13. Architecture － on platform  Email traffic is opaque to Android  Use the Apache Mime4j library to parse the e-mail message streams in plain RFC-882 and MIME formatsApache Mime4j

14. Architecture － on platform  Policy Enforcement on Documents at Rest  add an extra policy field to the structure of each Content Provider record  The Porscha mediator inserts the policy into this field

15. Architecture － on platform  Enforcement on Indirect Receivers

16. EVALUATION

17. Discussion  Recipients Without Porscha  store all modifications such as decrypted emails and those with information removed, locally on the phone, and only reflect back to the IMAP server the original email  Application and Platform Trust  Alternative Application Enforcement Infrastructures  Digital Rights Management  Porscha is lightweight and designed with mobile solutions in mind; by contrast, many advanced DRM protocols are heavyweight and not transparent to applications.

18. Conclusion  Porscha can protect SMS, MMS, Email document.  Porscha secures content delivery using identity- based encryption and mediates on-platform content handling to ensure conformance with content policy

19.  Thank you for listening