591 likes | 1k Views
A Comparison of Android and iOS Security Models. Trevor L. Buttrey. vs. Reasons for Concern. Smartphones are advancing technologically Have become popular People are growing more dependant upon them Size makes them easy to lose
E N D
A Comparison ofAndroid and iOS Security Models Trevor L. Buttrey Computer and Information Sciences
vs. Computer and Information Sciences
Reasons for Concern • Smartphones are advancing technologically • Have become popular • People are growing more dependant upon them • Size makes them easy to lose • Security problems are becoming more of an issue as users store more and more personal information on them Computer and Information Sciences
Unsecure Devices Allow • Access to emails and social networking accounts • Access to personal messages • Access to phone book • Access to phone accounts • Access to personal and confidential information Computer and Information Sciences
Unsecure Devices Allow • Access to bank accounts • Access to mobile payments • Access to web accounts • Access to passwords • Knowledge of location Computer and Information Sciences
The 5 Security Pillars Traditional Access Controls Permissions -based Access Control Encryption Application Provenance Isolation Computer and Information Sciences
Traditional Access Controls Computer and Information Sciences
Traditional Access Control iOS • Password and passcode locking mechanisms • Touch ID • Device self-wipe capabilities • Lockout of internal memory if not unlocked • Memory is soldered to PCB Computer and Information Sciences
Traditional Access Control Android • Starting with 2.x, password, passcode, and pattern locking mechanism, • 4.0 introduced facial recognition • Other locking methods include fingerprint readers and pictures. • Lockout of internal memory if not unlocked • SD card removable Computer and Information Sciences
Data Encryption Computer and Information Sciences
Data Encryption iOS • Hierarchy of encryption keys: • Passcode Key • Hardware Keys: Unique ID (UID) and device group ID (GID) • AES 256-bit keys • Built Into Hardware and not directly accessible • File System Key • Generated Randomly and stored in Flash Memory • Used to encrypt File Metadata • Per File Key • Encrypted by Class Key for file’s encryption class • Encrypts contents of files on disk Computer and Information Sciences
Data Encryption iOS • Encryption Classes • Complete Protection • Only Decryptablewhen unlocked, unusable when locked • Protected Unless Open • Uses Asymmetric Elliptic Curves (it’s complicated) • Protected Until First User Authentication • Similar to FDE • No Protection • Only protected by UID Computer and Information Sciences
Data Encryption iOS • Effaceable Storage • Low Level access to storage for secure wiping • Used to erase File System Key Computer and Information Sciences
Data Encryption iOS • Secure enclave • Securely process fingerprints • Is given the key to decrypt the complete protection data class when locked. • Separate and directly inaccessible to OS Computer and Information Sciences
Data Encryption Android • Some data encryption present • Android 3.x “Honeycomb” and above support full filesystem encryption (AES128 CBC & ESSIV:SHA256) • SD card encryption is not supported on any version in AOSP • Device Manufacturers Can implement this themselves Computer and Information Sciences
Data Encryption Android • Samsung Knox: • Brings android closer to iOS • Supports AES-256 encryption of internal storage and SD cards Computer and Information Sciences
Permissions-based Access Control Computer and Information Sciences
Permissions-based Access Control • After an app is installed, it has access to all permitted resources of that device • It can perform any kind of malicious operation using the permissions provided Computer and Information Sciences
Permissions-based Access Control iOS • Each app is given only certain permissions by iOS • Once installed, user has granted app access to any of the devices resources • Apps can use most resources without additional permission • May access things they don’t need • Does not require permission of the user Computer and Information Sciences
Permissions-based Access Control Android • Follows Capability-Based Security Model • App must request specific permissions from OS before access • User sees what is being requested and must grant permission before app is installed • Once app is granted permission, it could perform malicious activity using those permissions Computer and Information Sciences
Permissions-based Access Control Android vs. iOS • Android allows more access to the system than iOS does • Android only gives explicit permissions to apps while apps installed on iOS can perform any operation as defined by the OS Computer and Information Sciences
Default App Permissions: Android vs. iOS iOS Android Internet YouTube History Phone Number Read SD Card WiFi Connection Logs List of Installed Apps Address Book Music/Video Files Calendar Safari Search History Mic and Video Camera Launch An Installed App Device UID Auto-Complete Computer and Information Sciences
Requestable App Permissions: Android vs. iOS iOS Android Location (GPS) Prevent Phone From Sleeping Internet Fine Location (GPS) Coarse Location (Network) Record Audio SMS/MMS Send/Receive Calendar Address Book Push Notifications Manage Accounts Make Phone Call Music/Video/Picture SD Read/Write Make and Terminate Calls Control NFC Send SMS/MMS Access Device Logs Obtain Task List Make Bluetooth Connections Computer and Information Sciences
Which is Legitimate? AndroidOS.FakePlayer Legit Video Player Computer and Information Sciences
Application Provenance Computer and Information Sciences
Application Provenance iOS • Robust signing system • Apple provides digital certificate only to those who register • $100 per year • Thorough analysis of apps, takes weeks Computer and Information Sciences
Application Provenance Android • Not a robust signing system • Anonymous signing certificates can be made without oversight from Google • Allows legitimate applications to be repackaged after adding malware • Although not signed with the same signature, they will be signed, and can be distributed on the web. Computer and Information Sciences
Isolation Computer and Information Sciences
Programming iOS: • All apps are Objective-C or Swift Android: • Apps run in Dalvik JVM • Android does not use that as main form of isolation as not all code run in the VM • Most web browsers use significant amounts of native code Computer and Information Sciences
Isolation iOS • Sandboxed • Own home directory • Must use APIs to access or modify system settings • Cannot communicate with other apps directly • Nothing runs as root except kernel Computer and Information Sciences
Isolation iOS • Declared Entitlements • Digitally signed • Allow extra permissions • Alternative to running as root Computer and Information Sciences
Isolation Android • Sandboxing • Uses native Linux user-based permissions model • Each app is it’s own user • Secured by the Linux kernel itself Computer and Information Sciences
Isolation Android • Samsung Knox: • Further separates applications • Prevents access to Android APIs • Reduces API set allows data in, but not out Computer and Information Sciences
Jailbreaking, Rooting, and Exploits Computer and Information Sciences
Jailbreaking, Rooting, and Exploits iOS • Jailbreaking: Uses exploits (buffer overflows among other things) to allow unsigned code to run Android • Rooting: Uses exploits (usually buffer overflows) to load a su binary (usually harder than it sounds) to allow apps to run with elevated privileges Computer and Information Sciences
Jailbreaking, Rooting, and Exploits The Point: Although the uses for the exploits are usually beneficial for the user, their existence represents flaws in OS’s that can be leveraged by malicious apps. Computer and Information Sciences
Jailbreaking and Rooting Advantages: • The (hacking) community can push out patches for other exploits faster than the manufactures (iOS PDF) • Finer control over the system Computer and Information Sciences
Jailbreakingand Rooting Disadvantages: • May cause security vulnerabilities • May “brick” the device • May void the warranty Computer and Information Sciences
After running the exploits, the device may become vulnerable in other ways (iPhone.Ikee) Computer and Information Sciences
Summary • Both have Strong Isolation • iOS’s Permission system is static, but due to vetting process harder for apps to abuse them. • Android’s Permission system is flexible, but requires user vigilance. • Both have Strong Traditional access controls • Both have encryption on recent versions, however android 2.x versions don’t have any and 3.x+ encryption pales compared to iOS • Apple has a stronger vetting process, but also takes longer for app updates • Android has weaker vetting process, but updates get pushed out almost immediately Computer and Information Sciences
xkcd,com Computer and Information Sciences