SlideShare a Scribd company logo

Implementing Trusted Endpoints in the Mobile World

LINE Corporation
LINE Corporation

LINE and intertrust security summit (c)LINE

Technology
1 of 32
Download to read offline
ImplementingTrusted Endpoints in the Mobile World Nikolay Elenkov LINE and Intertrust Security Summit May 2017,Tokyo
Agenda • Mobile endpoint security overview • Secure boot and OS integrity • Sandboxing • Monitoring and app vetting • Protecting secrets • Runtime protection • Security policy • Endpoint security needs at LINE 1
Traditional endpoint security • Antivirus • Personal Firewall • (maybe) AD group policy • (maybe) Smartcard/HW token login 2
Mobile endpoint security requirements • Trusted OS • App isolation and vetting • User data/secrets protection • (enterprise) Security policy enforcement 3
Secure boot • Secure boot chain • Root of trust in hardware • Asymmetric crypto – digital signatures • Validation at each stage • bootloader(s) • SEP/TEE • kernel (and modules) • main/rich OS 4
iOS secure boot chain Boot ROM iBoot LLB iOS kernel 1.verify 2.loa d https://www.apple.com/business/docs/iOS_Security_Guide.pdf SEP 3.verify 4.load 5.verify 6.load 5
Android Boot Process Boot ROM SBL Linux + initrd aboot Android fmwks verify TEE verify verify verify* 6 verify
iOS Code Signing • Chain of trust extends from OS to apps • All executable code signed w/ Apple-issued cert • Apple apps • third-party apps • Code signature check on all loaded dynamic libs • Code signature checks on all exec memory pages https://www.apple.com/business/docs/iOS_Security_Guide.pdf 7
Android code signing • System and third-party apps (APKs) are signed • Self-signed certificates • no PKI/hierarchy • Signing certificate + pkg name = package identity • Updates require same signing certificate • Some permissions controlled by signing cert • Native code not signed 8
dm-verity • Applied to read-only partitions like system and vendor • transparent integrity checking for block devices • Read error if block integrity check fails • Error correction in 7.0 (FEP) • Requires block-based OTA updates • Stateful in Android 6.0+ • Default is enforcing mode • Stops boot in Android > 7.0 9
Runtime kernel monitoring • iOS • Kernel Patch Protection (KPP) • iOS 9+, AArch64 • Android – Samsung KNOXTIMA • Periodic Kernel Measurement (PKM) • Realtime Kernel Protection (RKP) • Both make use of ARMTrustZone • SecureWorld monitors NormalWorld The ARMs race for kernel protection: https://www.slideshare.net/codeblue_jp/cb16-levin-en 10
Sandboxing • App-private data directory • App process isolation • Limited IPC • no direct IPC in iOS • Android has intents, Binder, Unix sockets • policy-driven MAC • SELinux/MACF • Can only use granted permissions/entitlements 11
SELinux 12
AppVetting • iOS allows only apps from Appstore • inhouse and MDM only exceptions • Apps need to be approved by Apple’s to go live • Android allows third-party (‘untrusted’) apps • Android allows sideloading • off by default • traditionally system-wide setting • per-app in Android ) • Play Store vetting is (mostly?) automated • ‘Bouncer’ • GMS-devices haveVerify Apps • install-time and periodic scanning iOS Android 13
Android app checks 14
User data encryption • Transparent data encryption • File-based Encryption (FBE) • more flexible • iOS and Android 7.0+ • Full Disk Encryption (FDE) • data agnostic • Android < 7.0 • Encryption mixes in device-specific key and user PIN/password • binds to device – harder to bruteforce off device • may use hardware module to manage keys 15
iOS FBE Source: https://www.apple.com/business/docs/iOS_Security_Guide.pdf 16
Android FDE 17
Secrets protection • Secrets • Cryptographic keys • Biometric templates • TouchID • Nexus/Pixel Imprint • Ideally protect even if OS is compromised • Unextractable • Device-bound 18
Traditional protection methods • Dedicated hardware • smart card/USB device, HSM,TPM • better isolation • slow • Hybrid methods • SIM card as secure element (SE) • Embedded SE (GoogleWallet gen1) • smartSD (smart card with SE) • centralized control -> hard to deploy/manage 19
iOS – Keychain and Secure Enclave (SEP) User space Secure EnclaveOS Application Security.framework SecItem() LocalAuthentication Keychain TouchID Credential Mgmt Key Mgmt Based on:WWDC14 -- Keychain andAuthentication withTouch ID 20
Trusted Execution Environments • Minimal trusted OS, isolated from main OS • could be part of TCB • Usually implemented using ARM TrustZone • Memory isolation, but runs on same HW • Not accessible from user mode • Can run ‘trusted apps’ • TEE implementations • Google Trusty • Qualcomm QSEE • Trustonic TAP • hybrid • OpenTEE (emulation) 21 TrustyTEE: https://source.android.com/security/trusty/
Android – gatekeeper and keystore Source: https://source.android.com/security/authentication/ 22
Android – key attestation • Certifies keys generated by keystore • Issues attestation certificate for each key • Additional info about device/HW • OS version and patch level • keymaster version • security level (SW orTEE) • root of trust / verified boot state • key purpose/authn required • Not working yet.. • as of Android O preview1 KeyDescription ::= SEQUENCE { attestationVersion INTEGER, attestationSecurityLevel SecurityLevel, keymasterVersion INTEGER, keymasterSecurityLevel SecurityLevel, … softwareEnforced AuthorizationList, teeEnforced AuthorizationList, } AuthorizationList ::= SEQUENCE { purpose [1] EXPLICIT SET OF INTEGER OPTIONAL, algorithm [2] EXPLICIT INTEGER OPTIONAL, userAuthType [504] EXPLICIT INTEGER OPTIONAL, rootOfTrust [704] EXPLICIT RootOfTrust OPTIONAL, osVersion [705] EXPLICIT INTEGER OPTIONAL, osPatchLevel [706] EXPLICIT INTEGER OPTIONAL, attestationChallenge [708] EXPLICIT INTEGER OPTIONAL, attestationApplicationId [709] EXPLICIT OCTET_STRING OPTIONAL, … } SecurityLevel ::= ENUMERATED { Software (0), TrustedEnvironment (1), } RootOfTrust ::= SEQUENCE { verifiedBootKey OCTET_STRING, deviceLocked BOOLEAN, verifiedBootState VerifiedBootState, } 23
Runtime protection -- SafetyNet • Android device risk management/attestation • CTS compatibility check • unknown CA certificates in trust store • dm-verity/SELinux disabled • core system properties modified • debugging settings • SSL downgrade • su/setuid files check • Ensures that OS is trustworthy • "ctsProfileMatch": true • "basicIntegrity": true More info: https://koz.io/inside-safetynet/ 24 https://developer.android.com/training/safetynet/attestation.html
Device security policy • Android device administrators/owners • iOS configuration profiles • MDM • policy installed at login/activation time • managed devices • Policies mandate • password complexity • device encryption • VPNs • trusted certificates 25
The Android problem • New Android versions propagate slowly • security features not always available • Not all devices receive security updates • lower-end devices esp. problematic • Cannot always trust the OS • Fairly diverse hardware • lower-end devices may lackTEE • fingerprint reader not mandatory in CDD (SHOULD) https://source.android.com/compatibility/cdd https://developer.android.com/about/dashboards 26
AndroidTreble – a new hope? • Separate vendor implementation from Android framework • Introduces newVendor Interface • Validated byVendorTest Suite (VTS) • Allows framework updates without changing vendor interface • Starting with devices shipping with O? 27 https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html
LINE apps and services 28
LINE endpoint security needs • Large user base in multiple countries • > 200 million MAU • multiple carriers • data-only SIMs (no SMS) • Diverse device base • Android prevalent outside Japan • older/cheaper devices in certain markets • Services need to work on non-mobile • Web • traditional desktop OSes • Protect LINE auth and encryption keys • Protect local chat history • Protect chat history in cloud backups • Protect content • music/stickers/video streams (DRM-like) • games • Protect payment/financial transaction data • Detect fraudulent clients • app/device tampering Userbase characteristics Security needs 29
Security technologies we are evaluating • TEE and hybrid trusted applications • could potentially provide same interface on iOS and Android • not very stable ATM • TEE not available on all devices • Whitebox cryptography • runs on all hardware/OSes • memory analysis and/or side-channel attacks possible • fairly young tech, no well established evaluation criteria • Biometrics • OS-provided fingerprint authentication • various FIDO authenticators 30
Conclusion • Modern mobile OSes are designed with security in mind • iOS and Android provide both OS integrity and app isolation • User data is encrypted and secrets protected • FDE not always default • protection level differs by OS version/device model • fingeprint authentication fairly mainstream • Android fragmentation and slow updates still a problem • Security technologies that augment OS security worth considering 31

Recommended

How to install computer hardware 10 steps (with pictures)
How to install computer hardware 10 steps (with pictures)How to install computer hardware 10 steps (with pictures)
How to install computer hardware 10 steps (with pictures)
Perla Pelicano Corpez
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
Gaurav Marwaha
 
Cmos
CmosCmos
Cmos
mohan p
 
COMPUTER VIRUS
COMPUTER VIRUSCOMPUTER VIRUS
COMPUTER VIRUS
Arnab Singha
 
Comparative study of different mobile operating system- Modern Operation Syst...
Comparative study of different mobile operating system- Modern Operation Syst...Comparative study of different mobile operating system- Modern Operation Syst...
Comparative study of different mobile operating system- Modern Operation Syst...
Neha Jella
 
Application Virtualization presentation
Application Virtualization presentationApplication Virtualization presentation
Application Virtualization presentation
ATWIINE Simon Alex
 
Paravirtualization
ParavirtualizationParavirtualization
Paravirtualization
Shahbaz Sidhu
 
Bios
Bios Bios
Bios
Vishal Gohel
 

Recommended

How to install computer hardware 10 steps (with pictures)
How to install computer hardware 10 steps (with pictures)How to install computer hardware 10 steps (with pictures)
How to install computer hardware 10 steps (with pictures)
Perla Pelicano Corpez
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
Gaurav Marwaha
 
Cmos
CmosCmos
Cmos
mohan p
 
COMPUTER VIRUS
COMPUTER VIRUSCOMPUTER VIRUS
COMPUTER VIRUS
Arnab Singha
 
Comparative study of different mobile operating system- Modern Operation Syst...
Comparative study of different mobile operating system- Modern Operation Syst...Comparative study of different mobile operating system- Modern Operation Syst...
Comparative study of different mobile operating system- Modern Operation Syst...
Neha Jella
 
Application Virtualization presentation
Application Virtualization presentationApplication Virtualization presentation
Application Virtualization presentation
ATWIINE Simon Alex
 
Paravirtualization
ParavirtualizationParavirtualization
Paravirtualization
Shahbaz Sidhu
 
Bios
Bios Bios
Bios
Vishal Gohel
 
Bios
BiosBios
Bios
Evans Lampi
 
Mobile operating system (os)
Mobile operating system (os)Mobile operating system (os)
Mobile operating system (os)
AMIT GUPTA
 
Android seminar-report-body.doc
Android seminar-report-body.docAndroid seminar-report-body.doc
Android seminar-report-body.doc
Deepak Yadav
 
Assembling the computer
Assembling the computerAssembling the computer
Assembling the computer
Santosh Kulkarni
 
Antivirus
AntivirusAntivirus
Antivirus
Meti Liona
 
Connectors and plugs
Connectors and plugsConnectors and plugs
Connectors and plugs
BESOR ACADEMY
 
Presentación de antivirus
Presentación de antivirusPresentación de antivirus
Presentación de antivirus
Veronica Quezada
 
Mobile Development Overview
Mobile Development OverviewMobile Development Overview
Mobile Development Overview
Shawn Grimes
 
Report on e-Notice App (An Android Application)
Report on e-Notice App (An Android Application)Report on e-Notice App (An Android Application)
Report on e-Notice App (An Android Application)
Priyanka Kapoor
 
Cloud Computing ppt
Cloud Computing pptCloud Computing ppt
Cloud Computing ppt
OECLIB Odisha Electronics Control Library
 
Mobile operating systems
Mobile operating systemsMobile operating systems
Mobile operating systems
Sriram PV
 
Lec post , bios , cmos
Lec post , bios , cmosLec post , bios , cmos
Lec post , bios , cmos
samiradj
 
Basic components of a computer network
Basic components of a computer network Basic components of a computer network
Basic components of a computer network
Edison Francis
 
Defragmentation
DefragmentationDefragmentation
Defragmentation
Rohit Rajput
 
Android vs iOS
Android vs iOSAndroid vs iOS
Android vs iOS
IyeTech - Pakistan
 
Disk Management.pdf
Disk Management.pdfDisk Management.pdf
Disk Management.pdf
RandyGaray
 
i Operating system
i Operating systemi Operating system
i Operating system
Akhil Kumar
 
Software As A Service (SaaS)
Software As A Service (SaaS)Software As A Service (SaaS)
Software As A Service (SaaS)
Sharvan Salooja
 
Day 3 motherboard of a pc
Day 3 motherboard of a pcDay 3 motherboard of a pc
Day 3 motherboard of a pc
Saket Rai
 
Composants d'une carte mère
Composants d'une carte mèreComposants d'une carte mère
Composants d'une carte mère
Nabil Ben Abdallah
 
FRONTIERS IN CRYPTOGRAPHY
FRONTIERS IN CRYPTOGRAPHYFRONTIERS IN CRYPTOGRAPHY
FRONTIERS IN CRYPTOGRAPHY
LINE Corporation
 
Application security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust modelApplication security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust model
LINE Corporation
 

More Related Content

What's hot

Report on e-Notice App (An Android Application)
Report on e-Notice App (An Android Application)Report on e-Notice App (An Android Application)
Report on e-Notice App (An Android Application)
Priyanka Kapoor
 
Lec post , bios , cmos
Lec post , bios , cmosLec post , bios , cmos
Lec post , bios , cmos
samiradj
 
i Operating system
i Operating systemi Operating system
i Operating system
Akhil Kumar
 
Day 3 motherboard of a pc
Day 3 motherboard of a pcDay 3 motherboard of a pc
Day 3 motherboard of a pc
Saket Rai
 

What's hot (20)

Bios
BiosBios
Bios
 
Mobile operating system (os)
Mobile operating system (os)Mobile operating system (os)
Mobile operating system (os)
 
Android seminar-report-body.doc
Android seminar-report-body.docAndroid seminar-report-body.doc
Android seminar-report-body.doc
 
Assembling the computer
Assembling the computerAssembling the computer
Assembling the computer
 
Antivirus
AntivirusAntivirus
Antivirus
 
Connectors and plugs
Connectors and plugsConnectors and plugs
Connectors and plugs
 
Presentación de antivirus
Presentación de antivirusPresentación de antivirus
Presentación de antivirus
 
Mobile Development Overview
Mobile Development OverviewMobile Development Overview
Mobile Development Overview
 
Report on e-Notice App (An Android Application)
Report on e-Notice App (An Android Application)Report on e-Notice App (An Android Application)
Report on e-Notice App (An Android Application)
 
Cloud Computing ppt
Cloud Computing pptCloud Computing ppt
Cloud Computing ppt
 
Mobile operating systems
Mobile operating systemsMobile operating systems
Mobile operating systems
 
Lec post , bios , cmos
Lec post , bios , cmosLec post , bios , cmos
Lec post , bios , cmos
 
Basic components of a computer network
Basic components of a computer network Basic components of a computer network
Basic components of a computer network
 
Defragmentation
DefragmentationDefragmentation
Defragmentation
 
Android vs iOS
Android vs iOSAndroid vs iOS
Android vs iOS
 
Disk Management.pdf
Disk Management.pdfDisk Management.pdf
Disk Management.pdf
 
i Operating system
i Operating systemi Operating system
i Operating system
 
Software As A Service (SaaS)
Software As A Service (SaaS)Software As A Service (SaaS)
Software As A Service (SaaS)
 
Day 3 motherboard of a pc
Day 3 motherboard of a pcDay 3 motherboard of a pc
Day 3 motherboard of a pc
 
Composants d'une carte mère
Composants d'une carte mèreComposants d'une carte mère
Composants d'une carte mère
 

Viewers also liked

Viewers also liked (11)

FRONTIERS IN CRYPTOGRAPHY
FRONTIERS IN CRYPTOGRAPHYFRONTIERS IN CRYPTOGRAPHY
FRONTIERS IN CRYPTOGRAPHY
 
Application security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust modelApplication security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust model
 
FIDO認証で「あんしんをもっと便利に」
FIDO認証で「あんしんをもっと便利に」FIDO認証で「あんしんをもっと便利に」
FIDO認証で「あんしんをもっと便利に」
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
Drawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, EverywhereDrawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, Everywhere
 
Prometheus casual talk1
Prometheus casual talk1Prometheus casual talk1
Prometheus casual talk1
 
Prometheus on AWS
Prometheus on AWSPrometheus on AWS
Prometheus on AWS
 
promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus c...
promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus c...promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus c...
promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus c...
 
ゲーム開発を加速させる クライアントセキュリティ
ゲーム開発を加速させる クライアントセキュリティゲーム開発を加速させる クライアントセキュリティ
ゲーム開発を加速させる クライアントセキュリティ
 
Monitoring Kafka w/ Prometheus
Monitoring Kafka w/ PrometheusMonitoring Kafka w/ Prometheus
Monitoring Kafka w/ Prometheus
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 

Similar to Implementing Trusted Endpoints in the Mobile World

How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
Arash Ramez
 
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
EmbeddedFest
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
hakersinfo
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 

Similar to Implementing Trusted Endpoints in the Mobile World (20)

Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
 
Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013
 
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
Lick my Lollipop
Lick my LollipopLick my Lollipop
Lick my Lollipop
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
 
6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 

More from LINE Corporation

More from LINE Corporation (20)

JJUG CCC 2018 Fall 懇親会LT
JJUG CCC 2018 Fall 懇親会LTJJUG CCC 2018 Fall 懇親会LT
JJUG CCC 2018 Fall 懇親会LT
 
Reduce dependency on Rx with Kotlin Coroutines
Reduce dependency on Rx with Kotlin CoroutinesReduce dependency on Rx with Kotlin Coroutines
Reduce dependency on Rx with Kotlin Coroutines
 
Kotlin/NativeでAndroidのNativeメソッドを実装してみた
Kotlin/NativeでAndroidのNativeメソッドを実装してみたKotlin/NativeでAndroidのNativeメソッドを実装してみた
Kotlin/NativeでAndroidのNativeメソッドを実装してみた
 
Use Kotlin scripts and Clova SDK to build your Clova extension
Use Kotlin scripts and Clova SDK to build your Clova extensionUse Kotlin scripts and Clova SDK to build your Clova extension
Use Kotlin scripts and Clova SDK to build your Clova extension
 
The Magic of LINE 購物 Testing
The Magic of LINE 購物 TestingThe Magic of LINE 購物 Testing
The Magic of LINE 購物 Testing
 
GA Test Automation
GA Test AutomationGA Test Automation
GA Test Automation
 
UI Automation Test with JUnit5
UI Automation Test with JUnit5UI Automation Test with JUnit5
UI Automation Test with JUnit5
 
Feature Detection for UI Testing
Feature Detection for UI TestingFeature Detection for UI Testing
Feature Detection for UI Testing
 
LINE 新星計劃介紹與新創團隊分享
LINE 新星計劃介紹與新創團隊分享LINE 新星計劃介紹與新創團隊分享
LINE 新星計劃介紹與新創團隊分享
 
​LINE 技術合作夥伴與應用分享
​LINE 技術合作夥伴與應用分享​LINE 技術合作夥伴與應用分享
​LINE 技術合作夥伴與應用分享
 
LINE 開發者社群經營與技術推廣
LINE 開發者社群經營與技術推廣LINE 開發者社群經營與技術推廣
LINE 開發者社群經營與技術推廣
 
日本開發者大會短講分享
日本開發者大會短講分享日本開發者大會短講分享
日本開發者大會短講分享
 
LINE Chatbot - 活動報名報到設計分享
LINE Chatbot - 活動報名報到設計分享LINE Chatbot - 活動報名報到設計分享
LINE Chatbot - 活動報名報到設計分享
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes
 
LINE TODAY高效率的敏捷測試開發技巧
LINE TODAY高效率的敏捷測試開發技巧LINE TODAY高效率的敏捷測試開發技巧
LINE TODAY高效率的敏捷測試開發技巧
 
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
 
LINE Things - LINE IoT平台新技術分享
LINE Things - LINE IoT平台新技術分享LINE Things - LINE IoT平台新技術分享
LINE Things - LINE IoT平台新技術分享
 
LINE Pay - 一卡通支付新體驗
LINE Pay - 一卡通支付新體驗LINE Pay - 一卡通支付新體驗
LINE Pay - 一卡通支付新體驗
 
LINE Platform API Update - 打造一個更好的Chatbot服務
LINE Platform API Update - 打造一個更好的Chatbot服務LINE Platform API Update - 打造一個更好的Chatbot服務
LINE Platform API Update - 打造一個更好的Chatbot服務
 
Keynote - ​LINE 的技術策略佈局與跨國產品開發
Keynote - ​LINE 的技術策略佈局與跨國產品開發Keynote - ​LINE 的技術策略佈局與跨國產品開發
Keynote - ​LINE 的技術策略佈局與跨國產品開發
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Implementing Trusted Endpoints in the Mobile World

  • 1. ImplementingTrusted Endpoints in the Mobile World Nikolay Elenkov LINE and Intertrust Security Summit May 2017,Tokyo
  • 2. Agenda • Mobile endpoint security overview • Secure boot and OS integrity • Sandboxing • Monitoring and app vetting • Protecting secrets • Runtime protection • Security policy • Endpoint security needs at LINE 1
  • 3. Traditional endpoint security • Antivirus • Personal Firewall • (maybe) AD group policy • (maybe) Smartcard/HW token login 2
  • 4. Mobile endpoint security requirements • Trusted OS • App isolation and vetting • User data/secrets protection • (enterprise) Security policy enforcement 3
  • 5. Secure boot • Secure boot chain • Root of trust in hardware • Asymmetric crypto – digital signatures • Validation at each stage • bootloader(s) • SEP/TEE • kernel (and modules) • main/rich OS 4
  • 6. iOS secure boot chain Boot ROM iBoot LLB iOS kernel 1.verify 2.loa d https://www.apple.com/business/docs/iOS_Security_Guide.pdf SEP 3.verify 4.load 5.verify 6.load 5
  • 7. Android Boot Process Boot ROM SBL Linux + initrd aboot Android fmwks verify TEE verify verify verify* 6 verify
  • 8. iOS Code Signing • Chain of trust extends from OS to apps • All executable code signed w/ Apple-issued cert • Apple apps • third-party apps • Code signature check on all loaded dynamic libs • Code signature checks on all exec memory pages https://www.apple.com/business/docs/iOS_Security_Guide.pdf 7
  • 9. Android code signing • System and third-party apps (APKs) are signed • Self-signed certificates • no PKI/hierarchy • Signing certificate + pkg name = package identity • Updates require same signing certificate • Some permissions controlled by signing cert • Native code not signed 8
  • 10. dm-verity • Applied to read-only partitions like system and vendor • transparent integrity checking for block devices • Read error if block integrity check fails • Error correction in 7.0 (FEP) • Requires block-based OTA updates • Stateful in Android 6.0+ • Default is enforcing mode • Stops boot in Android > 7.0 9
  • 11. Runtime kernel monitoring • iOS • Kernel Patch Protection (KPP) • iOS 9+, AArch64 • Android – Samsung KNOXTIMA • Periodic Kernel Measurement (PKM) • Realtime Kernel Protection (RKP) • Both make use of ARMTrustZone • SecureWorld monitors NormalWorld The ARMs race for kernel protection: https://www.slideshare.net/codeblue_jp/cb16-levin-en 10
  • 12. Sandboxing • App-private data directory • App process isolation • Limited IPC • no direct IPC in iOS • Android has intents, Binder, Unix sockets • policy-driven MAC • SELinux/MACF • Can only use granted permissions/entitlements 11
  • 14. AppVetting • iOS allows only apps from Appstore • inhouse and MDM only exceptions • Apps need to be approved by Apple’s to go live • Android allows third-party (‘untrusted’) apps • Android allows sideloading • off by default • traditionally system-wide setting • per-app in Android ) • Play Store vetting is (mostly?) automated • ‘Bouncer’ • GMS-devices haveVerify Apps • install-time and periodic scanning iOS Android 13
  • 16. User data encryption • Transparent data encryption • File-based Encryption (FBE) • more flexible • iOS and Android 7.0+ • Full Disk Encryption (FDE) • data agnostic • Android < 7.0 • Encryption mixes in device-specific key and user PIN/password • binds to device – harder to bruteforce off device • may use hardware module to manage keys 15
  • 19. Secrets protection • Secrets • Cryptographic keys • Biometric templates • TouchID • Nexus/Pixel Imprint • Ideally protect even if OS is compromised • Unextractable • Device-bound 18
  • 20. Traditional protection methods • Dedicated hardware • smart card/USB device, HSM,TPM • better isolation • slow • Hybrid methods • SIM card as secure element (SE) • Embedded SE (GoogleWallet gen1) • smartSD (smart card with SE) • centralized control -> hard to deploy/manage 19
  • 21. iOS – Keychain and Secure Enclave (SEP) User space Secure EnclaveOS Application Security.framework SecItem() LocalAuthentication Keychain TouchID Credential Mgmt Key Mgmt Based on:WWDC14 -- Keychain andAuthentication withTouch ID 20
  • 22. Trusted Execution Environments • Minimal trusted OS, isolated from main OS • could be part of TCB • Usually implemented using ARM TrustZone • Memory isolation, but runs on same HW • Not accessible from user mode • Can run ‘trusted apps’ • TEE implementations • Google Trusty • Qualcomm QSEE • Trustonic TAP • hybrid • OpenTEE (emulation) 21 TrustyTEE: https://source.android.com/security/trusty/
  • 23. Android – gatekeeper and keystore Source: https://source.android.com/security/authentication/ 22
  • 24. Android – key attestation • Certifies keys generated by keystore • Issues attestation certificate for each key • Additional info about device/HW • OS version and patch level • keymaster version • security level (SW orTEE) • root of trust / verified boot state • key purpose/authn required • Not working yet.. • as of Android O preview1 KeyDescription ::= SEQUENCE { attestationVersion INTEGER, attestationSecurityLevel SecurityLevel, keymasterVersion INTEGER, keymasterSecurityLevel SecurityLevel, … softwareEnforced AuthorizationList, teeEnforced AuthorizationList, } AuthorizationList ::= SEQUENCE { purpose [1] EXPLICIT SET OF INTEGER OPTIONAL, algorithm [2] EXPLICIT INTEGER OPTIONAL, userAuthType [504] EXPLICIT INTEGER OPTIONAL, rootOfTrust [704] EXPLICIT RootOfTrust OPTIONAL, osVersion [705] EXPLICIT INTEGER OPTIONAL, osPatchLevel [706] EXPLICIT INTEGER OPTIONAL, attestationChallenge [708] EXPLICIT INTEGER OPTIONAL, attestationApplicationId [709] EXPLICIT OCTET_STRING OPTIONAL, … } SecurityLevel ::= ENUMERATED { Software (0), TrustedEnvironment (1), } RootOfTrust ::= SEQUENCE { verifiedBootKey OCTET_STRING, deviceLocked BOOLEAN, verifiedBootState VerifiedBootState, } 23
  • 25. Runtime protection -- SafetyNet • Android device risk management/attestation • CTS compatibility check • unknown CA certificates in trust store • dm-verity/SELinux disabled • core system properties modified • debugging settings • SSL downgrade • su/setuid files check • Ensures that OS is trustworthy • "ctsProfileMatch": true • "basicIntegrity": true More info: https://koz.io/inside-safetynet/ 24 https://developer.android.com/training/safetynet/attestation.html
  • 26. Device security policy • Android device administrators/owners • iOS configuration profiles • MDM • policy installed at login/activation time • managed devices • Policies mandate • password complexity • device encryption • VPNs • trusted certificates 25
  • 27. The Android problem • New Android versions propagate slowly • security features not always available • Not all devices receive security updates • lower-end devices esp. problematic • Cannot always trust the OS • Fairly diverse hardware • lower-end devices may lackTEE • fingerprint reader not mandatory in CDD (SHOULD) https://source.android.com/compatibility/cdd https://developer.android.com/about/dashboards 26
  • 28. AndroidTreble – a new hope? • Separate vendor implementation from Android framework • Introduces newVendor Interface • Validated byVendorTest Suite (VTS) • Allows framework updates without changing vendor interface • Starting with devices shipping with O? 27 https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html
  • 29. LINE apps and services 28
  • 30. LINE endpoint security needs • Large user base in multiple countries • > 200 million MAU • multiple carriers • data-only SIMs (no SMS) • Diverse device base • Android prevalent outside Japan • older/cheaper devices in certain markets • Services need to work on non-mobile • Web • traditional desktop OSes • Protect LINE auth and encryption keys • Protect local chat history • Protect chat history in cloud backups • Protect content • music/stickers/video streams (DRM-like) • games • Protect payment/financial transaction data • Detect fraudulent clients • app/device tampering Userbase characteristics Security needs 29
  • 31. Security technologies we are evaluating • TEE and hybrid trusted applications • could potentially provide same interface on iOS and Android • not very stable ATM • TEE not available on all devices • Whitebox cryptography • runs on all hardware/OSes • memory analysis and/or side-channel attacks possible • fairly young tech, no well established evaluation criteria • Biometrics • OS-provided fingerprint authentication • various FIDO authenticators 30
  • 32. Conclusion • Modern mobile OSes are designed with security in mind • iOS and Android provide both OS integrity and app isolation • User data is encrypted and secrets protected • FDE not always default • protection level differs by OS version/device model • fingeprint authentication fairly mainstream • Android fragmentation and slow updates still a problem • Security technologies that augment OS security worth considering 31