1. A Fortress for your Android Application
Jian Wang
Head of Technology, certgate
2. Business and the Mobile World
Agenda
ď§ About certgate
ď§ Mobile Security Solutions
ď§ Android Security Concept
ď§ certgate Mobile Application Protection Layer
ď§ [Live Demonstration]
ď§ Q&A
Slide 3
3. Business and the Mobile World
About certgate
ď§ Mobile IT security innovator
ď§ Founded in 2008, located in Nuremberg, Germany
ď§ certgate is mastering the secure mobile IT device from
hardware to application level
ď§ Created the first microSD memory card with full
smartcard capabilities, bringing hardware-based crypto
functions to smartphones and tablets (Patent
protected)
Slide 4
5. Business and the Mobile World
The Challenge
ď§ Most businesses and administrations today
⢠Either deploy smartphones and tablets to their employees
⢠Or accept their employees to use their own devices for business
purposes
ď§ Those who donât do either have a reason:
⢠They donât feel safe doing it
⢠They would love to introduce new business models and
applications like mobile e-D, payment, physical access and
much, much more if only they COULD feel safe
Slide 6
6. Business and the Mobile World
There Are Solutions on the Market
ď§ Digital signing and encryption of emails with S/MIME
ď§ Certificates stored in a fully-fledged (yet small-in-format) smartcard
ď§ VPN Client requiring digital user authentication
ď§ Banking client requiring digital user authentication and digital signature
ď§ VoIP client creating session keys on the smartcard sitting inside the device
Slide 7
7. certgate â Use Cases
Secfone â Voice Encryption for Android
⢠Tap-proof worldwide voice communication
⢠Latest Android smartphones supported
⢠End-to-end encryption with hardware
protected keys
⢠Authenticates user by a privately or publicly
owned server â no data pass through the
server
⢠Directly integrates in fixed-line enterprise
communication
Slide 9 Version 11-05
8. certgate â Use Cases
TouchDown â Exchange Integration for Android
⢠Secure Exchange synchronization for Android
smartphones
⢠Consistent PKI integration of mobile devices
⢠Authentication and secure data transfer based
on hardware certificates
⢠S/MIME protection for your confidential data:
messages, contacts, appointments
Slide 10 Version 11-05
10. certgate MAPL⢠for Android
Why Did We Do This In the First Place
ď§ Protect confidential data on the device
ď§ Protect an application against unauthorized users
ď§ Provide security with minimal integration effort
ď§ Qualify the device to fit the BYOD concept
ď§ Enable surplus security functions by the same
hardware token, e.g. S/MIME encryption and
secure VoIP
Slide 12
11. certgate MAPL⢠for Android
Android Security Overview
ď§ The Application Sandbox
⢠Each application is assigned with a UID
⢠Each application is running as a user in a separate process
⢠IPC through Binder, Intents, Services, and Content Provider
ď§ The Android Permission Model
⢠Permissions are GIDs
⢠Declared in the appâs Android manifest
⢠Need to be explicitly confirmed by the user
Slide 13
12. certgate MAPL⢠for Android
Which Concerns Are Being Addressed?
ď§ Extension of rights by ârootingâ the device:
Allows free access to all system resources
ď§ Shortcomings in platform specific knowledge:
Process boundaries can be violated e.g. by Intents
ď§ Limitations in cryptographical comprehension:
Sub-optimal choice of algorithms and cipher modes and
less than perfect implementation of same
Slide 14
13. certgate MAPL⢠for Android
Different Cipher Modes
Original Encrypted Encrypted
using CBC mode using ECB mode
Picture: Larry Ewing Slide 15
14. certgate MAPL⢠for Android
The Solution
ď§ Mobile Application Protection Layer (MAPL)
⢠No app execution without correct user PIN
⢠Standard Android API
⢠Transparent Encryption of Files and Database
⢠Android SharedPreferences encryption
⢠Tamper-proof key storage on cgCardâ˘
Slide 16
19. certgate MAPLTM for Android
Modification of your Android manifest file
ď§ Using MAPL applikation class
ď§ Set MAPL activity as your entry activity
ď§ Declare your application entry activity
Slide 21
22. certgate MAPL⢠for Android
Whatâs In It For You?
ď§ certgate MAPL⢠can be integrated
into virtually every app
ď§ Secure hardware element beats
every software approach by attack
resistance level
ď§ Powerful tool to really become
security policy compliant
ď§ Enables company-wide BYOD
practice
Slide 25