Top Banner
A Fortress for your Android Application Jian Wang Head of Technology, certgate
23
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Certgate

A Fortress for your Android Application

Jian Wang Head of Technology, certgate

Page 2: Certgate

Slide 3

Agenda

Business and the Mobile World

About certgate

Mobile Security Solutions

Android Security Concept

certgate Mobile Application Protection Layer

[Live Demonstration]

Q & A

Page 3: Certgate

Slide 4

About certgate

Business and the Mobile World

Mobile IT security innovator

Founded in 2008, located in Nuremberg, Germany

certgate is mastering the secure mobile IT device from hardware to application level

Created the first microSD memory card with full smartcard capabilities, bringing hardware-based crypto functions to smartphones and tablets (Patent protected)

Page 4: Certgate

Slide 5

certgate Smartcard microSD

Business and the Mobile World

Page 5: Certgate

Slide 6

The Challenge

Business and the Mobile World

Most businesses and administrations today

• Either deploy smartphones and tablets to their employees

• Or accept their employees to use their own devices for business purposes

Those who don‘t do either have a reason:

• They don‘t feel safe doing it

• They would love to introduce new business models and applications like mobile e-D, payment, physical access and much, much more if only they COULD feel safe

Page 6: Certgate

Slide 7

There Are Solutions on the Market

Business and the Mobile World

Digital signing and encryption of emails with S/MIME

Certificates stored in a fully-fledged (yet small-in-format) smartcard

VPN Client requiring digital user authentication

Banking client requiring digital user authentication and digital signature

VoIP client creating session keys on the smartcard sitting inside the device

Page 7: Certgate

Version 11-05 Slide 9

Secfone – Voice Encryption for Android

certgate – Use Cases

• Tap-proof worldwide voice communication

• Latest Android smartphones supported

• End-to-end encryption with hardware protected keys

• Authenticates user by a privately or publicly owned server – no data pass through the server

• Directly integrates in fixed-line enterprise communication

Page 8: Certgate

Version 11-05 Slide 10

TouchDown – Exchange Integration for Android

certgate – Use Cases

• Secure Exchange synchronization for Android smartphones

• Consistent PKI integration of mobile devices

• Authentication and secure data transfer based on hardware certificates

• S/MIME protection for your confidential data: messages, contacts, appointments

Page 9: Certgate

Slide 11

Here Is A New One

certgate MAPL™ for Android

Page 10: Certgate

Slide 12

Why Did We Do This In the First Place

certgate MAPL™ for Android

Protect confidential data on the device

Protect an application against unauthorized users

Provide security with minimal integration effort

Qualify the device to fit the BYOD concept

Enable surplus security functions by the same hardware token, e.g. S/MIME encryption and secure VoIP

Page 11: Certgate

Slide 13

Android Security Overview

certgate MAPL™ for Android

The Application Sandbox

• Each application is assigned with a UID

• Each application is running as a user in a separate process

• IPC through Binder, Intents, Services, and Content Provider

The Android Permission Model

• Permissions are GIDs

• Declared in the app’s Android manifest

• Need to be explicitly confirmed by the user

Page 12: Certgate

Slide 14

Which Concerns Are Being Addressed?

certgate MAPL™ for Android

Extension of rights by „rooting“ the device: Allows free access to all system resources

Shortcomings in platform specific knowledge: Process boundaries can be violated e.g. by Intents

Limitations in cryptographical comprehension: Sub-optimal choice of algorithms and cipher modes and less than perfect implementation of same

Page 13: Certgate

Slide 15

certgate MAPL™ for Android

Picture: Larry Ewing

Original

Encrypted using CBC mode

Encrypted using ECB mode

Different Cipher Modes

Page 14: Certgate

Slide 16

The Solution

certgate MAPL™ for Android

Mobile Application Protection Layer (MAPL)

• No app execution without correct user PIN

• Standard Android API

• Transparent Encryption of Files and Database

• Android SharedPreferences encryption

• Tamper-proof key storage on cgCard™

Page 15: Certgate

Slide 17

Solution Architecture

certgate MAPL™ for Android

Android Framework

Database / File Access

Crypto Service

Application

JCE Provider certgate MAPLTM

Page 16: Certgate

Slide 18

Live Demo

certgate MAPL™ for Android

Howto: User Login

Howto: Encrypt InternalStorage

Howto: Encrypt SharedPreferences

Howto: Encrypt Datenbank

Page 17: Certgate

Slide 19

Add MAPL library into your project

certgate MAPL™ for Android

Page 18: Certgate

Slide 20

An example Android-Manifest

certgate MAPL™ for Android

Page 19: Certgate

Slide 21

Modification of your Android manifest file

certgate MAPLTM for Android

Using MAPL applikation class

Set MAPL activity as your entry activity

Declare your application entry activity

Page 20: Certgate

Slide 22

A MAPL ready Android manifest

certgate MAPLTM for Android

Page 21: Certgate

Slide 24

MAPL Effects

certgate MAPL™ for Android

Login:

Before:

After:

Page 22: Certgate

Slide 25

What‘s In It For You?

certgate MAPL™ for Android

certgate MAPL™ can be integrated into virtually every app

Secure hardware element beats every software approach by attack resistance level

Powerful tool to really become security policy compliant

Enables company-wide BYOD practice

Page 23: Certgate

Slide 27

Get MAPL now!

Thank you

mapl.certgate.com

https://mapl.certgate.com/