"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
ASFWS 2011 - Secure software development for mobile devices
1. DÉVELOPPEMENT D’APPLICATIONS
MOBILES SÉCURISÉES
Julien Probst
Cofondateur Sysmosoft SA
Application Security Forum
Western Switzerland
27 octobre 2011 - HEIGVD Yverdon-les-Bains
http://appsec-forum.ch
27.10.2011 Application Security Forum - Western Switzerland - 2011 1
2. Swiss based company
Specialized in Mobile Security
Spinoff of the University of Applied Sciences in Yverdon-les-Bains (HEIG-VD)
Mobility
Working since 2008 with private banks to create an adapted solution
In production since 2010
Security
Threat and vulnerability analysis linked to mobility
Agile & Security Development Lifecycle
2
3. Theft/Lost
Property of the
enterprise
Virus/Malwares
Unauthorized User’s personal
access phone
Outside Company Network
3
5. Purpose
‒ Install Free Apps from “Alternative Stores”
‒ Unlock some new device features
Security Issues
‒ All OS Security mechanisms are disabled…
‒ … So all data can potentially be accessed
‒ “Alternative stores” do not verify Apps
JailbreakMe
‒ Jailbreak your iPhone/iPad from a web page
‒ Uses a third party App Security Flaw
‒ Versions : v1 2007, v2 2010, v3 2011
Source : jailbreakme.com
5
6. Purpose
‒ To improve user’s experience, some data are shared between Apps
‒ “Official” APIs are usually provided by the OS
Security Issues
‒ Easy for Developers to access your shared data…
‒ …and do what they want with it
Wall Street Journal Analysis
‒ Over 100 analyzed legal applications
‒ 5 of them transmitted address book to outsiders
Source : Wall Street Journal, Your Apps Are Watching You, 17 Dec. 2010
6
7. PoC
How It Works
1. Get access to an iPhone
2. Execute a Jailbreak
3. Install and run the Fraunhofer’s script
4. Wait for the OS to decrypt the Keychain
— The PIN Code is not required
— Not all secrets are decrypted
5. Access user’s secrets in 6 minutes
Source : http://www.fraunhofer.de/ 7
8. Purpose
‒ Commercial and Free/Open Source solutions
‒ Access “all” data stored on a Smartphone
Grant Access to iOS 4.x
Physical imaging
Logical imaging
Passcode recovery
Keychain decryption
Disk decryption
Source : www.viaforensic.com & www.elcomsoft.com 8
9. Compromised data
Affected Shared Keychain Application Data Device
Attack
users Data Data Data Transport Specific.
Malicious legal
App.
JailBreak
(with malicious App.)
Fraunhofer’s PoC
Forensic Solution
9
11. Professional Configuration
Operating System
Device Security features Device Configuration
Applications Resources
11
12. Prof. Config. User Config.
Operating System
Device Security features Device Configuration
Applications
Secure Application
Resources
Security Business
12
14. Device OS User’s secrets
Interface
“Screenshots”
Keychain
Display Memory Application
Output Manag. Memory’s Data
Keyboard Data
Input Transport
Dictionary cache
OS App. Application’s State
Backup Manager
Storage
Device’s Data
Shared Data Application Data
14
15. OS Application : Secure Document Reader OS
Security Protection Business Prevention Features
Clean
Keyboard
Keychain Encrypt keyboard
Input
on exit
Clean
OS App.
Storage Encrypt state on
Manager
standby
Clean
Data Auth & Memory
mem. on
Transport Encrypt Manag.
standby
15
16. Cryptographic algorithms
Implements all cryptographic algorithms at the application level
Usually the strongest part of the application
Key Management
Manages all cryptographic keys at the application level
Usually a weak point of the application
16
17. View Mode – Best security
Do not store data on the device
Only use the established ephemeral session key to exchange the data
Cache Mode – Best compromise
Encrypt data on the device
Store and protect the key on the server only
Offline Mode – Less Secure
Encrypt data on the device
Store and protect the key on the device
17
18. Offline authentication limitation
‒ Device ID cannot be verified by the device itself
‒ Hardware Tokens ID are verified by a trusted server
‒ Only the user’s ID can be verified by the device
Potential attacks against offline authentication
‒ Social engineering to obtain user’s credentials
‒ Brute force attack against data encryption’s key
• Even if crypto algorithms (PBKDF2) are used
18
19. Check the operating system
Verify the version of the OS
Control the integrity of the OS (jailbreak, etc.)
Check for systems unsecure caches and features
Avoid/Clean caches (keyboard, pasteboard, screenshots, etc.)
Detect undesired features (multitasking manage., backup, etc.)
Apply device specific best practice
Security recommendations
Memory management, …
19
21. Comply with company security policies
Countermeasures are implemented according to the security needs
Use high level standards cryptographic algorithms
Crypto algorithms can be used without limitation or restrictions
Apply the same security mechanisms to each platform
Same mechanisms can be implemented and managed for each platform
21
22. The Application still relies on the operating system
Critical flaw in the OS can potentially lead to data breach
Some mechanisms remain out of the control of the application
OS Prevention/Control mechanisms must be developed (cache cleaning, etc.)
Offline Mode remains a potential issue
Trusted specific hardware can potentially be used
Implementing security inside Apps. requires experience and time
Integrating a Security Development Lifecycle (SDLC) is recommended
22
23. Mobile Devices are new threat vectors for companies’ data
Misconfigured devices are vulnerable to a multitude of new types of attacks
Conventional security solutions are not really adapted for mobility
Applying company security policies to personal mobile devices is not possible
Integrate security inside Apps and not rely only on OS or infrastructure
Sensitive data is protected by additional applicative security mechanisms
Isolate sensitive or corporate data from private data
End users keep their habits while companies apply specific rules to sensitive data
23
24. Contact
Rue Galilée 9
Sysmosoft SA
1400 Yverdon-les-Bains
+41 (0) 24 524 10 36
Julien Probst
Julien.probst@sysmosoft.com
24