Slides from Chris Conlon's presentation about yaSSL's work porting the CyaSSL embedded SSL library, the MIT Kerberos library, and the Kerberos GSS-API to the Android platform. To learn more, visit www.yassl.com.

1. Kerberos + Android
A Tale of Opportunity
Slide 1 / 39 © Copyright 2012 yaSSL

2. Platform Decisions
The Statistics
Slide 2 / 39 © Copyright 2012 yaSSL

3. Why Go Mobile?
80%
of the world's population now has a
mobile phone.
( 5 Billion Phones )
Slide 3 / 39 © Copyright 2012 yaSSL

4. Why Go Mobile?
21.6%
Of those 80%,
1.08 Billion
are smartphones.
Slide 4 / 39 © Copyright 2012 yaSSL

5. Why Go Mobile?
In the US:
60% 40% the ratio is even higher, with
smartphones making up 40% of all
mobile phones.
Slide 5 / 39 © Copyright 2012 yaSSL

6. OK, well why Android?
Slide 6 / 39 © Copyright 2012 yaSSL

7. Android?
Reason 1: US Market Dominance
iPhone
28%
U.S. Android
Smartphones == 40%
(40%)
Blackberry
19%
Windows Mobile, 7%
Windows Phone 7, 1%
Other, 5%
Slide 7 / 39 © Copyright 2012 yaSSL

8. Android?
Reason 2: Consumer Popularity
• 100 million activated Android devices (now 400,000 / day)
• 200,000 apps in Android Market (4.5 billion activations to date)
• 310 devices available to consumers (112 countries)
Slide 8 / 39 © Copyright 2012 yaSSL

9. Android?
Reason 3: Developer Popularity
• 450,000 developers
building for the platform!
Slide 9 / 39 © Copyright 2012 yaSSL

10. Android.
Meaning?
• Opportunity for increased Kerberos visibility
• Useful for Android and Kerberos developers
• Fun to see where the community takes it
Slide 10 / 39 © Copyright 2012 yaSSL

11. Our Plan
What we wanted to do.
Slide 11 / 39 © Copyright 2012 yaSSL

12. Goals
We wanted to fill a missing gap.
1. Port Kerberos libraries to Android
2. Port some C-based Kerberos client apps to Android
kinit
klist
kvno
kdestroy
Slide 12 / 39 © Copyright 2012 yaSSL

13. Goals
We wanted to spark community involvement.
3. Build a sample Android NDK App (with a simple GUI)
4. Give changes back to community
Slide 13 / 39 © Copyright 2012 yaSSL

14. Action!
What we did.
Slide 14 / 39 © Copyright 2012 yaSSL

15. 1. Crypto Implementation
Slide 15 / 39 © Copyright 2012 yaSSL

16. Crypto
Added new CyaSSL crypto implementation
• Kerberos crypto options:
CyaSSL, OpenSSL, NSS, built-in
Slide 16 / 39 © Copyright 2012 yaSSL

17. Crypto
Added new CyaSSL crypto implementation
• CyaSSL is very portable
Slide 17 / 39 © Copyright 2012 yaSSL

18. 2. Porting
Slide 18 / 39 © Copyright 2012 yaSSL

19. Android Port
Kerberos Libraries + CyaSSL Android.
• Cross-compiled libraries for Android
• Created shell script for easy reproduction by developers
Slide 19 / 39 © Copyright 2012 yaSSL

20. 3. Android Application
Slide 20 / 39 © Copyright 2012 yaSSL

21. Android App
Simple sample NDK project
Home Screen
• Single screen
• Uses JNI
• Wrapper around native
client apps
Slide 21 / 39 © Copyright 2012 yaSSL

22. Android App
Simple sample NDK project
kinit
• Gets a ticket using
specified principal
Slide 22 / 39 © Copyright 2012 yaSSL

23. Android App
Simple sample NDK project
klist
• Lists our tickets
Slide 23 / 39 © Copyright 2012 yaSSL

24. Android App
Simple sample NDK project
kvno
• Gets a service ticket for
the entered principal
Slide 24 / 39 © Copyright 2012 yaSSL

25. Android App
Simple sample NDK project
klist after kvno
• Verify that we got a
ticket
Slide 25 / 39 © Copyright 2012 yaSSL

26. Android App
Simple sample NDK project
kdestroy
• Clear our ticket cache
Slide 26 / 39 © Copyright 2012 yaSSL

27. Android App
Notes
• Uses a keytab instead of passwords
• Storage locations have been chosen for convenience
Can be easily modified to what the developer needs
Currently at /data/local/kerberos
Slide 27 / 39 © Copyright 2012 yaSSL

28. Android App
License Type
• Application code will remain under the MIT license
Slide 28 / 39 © Copyright 2012 yaSSL

29. 4. GSS-API Wrapper
Slide 29 / 39 © Copyright 2012 yaSSL

30. GSS-API
Java Wrapper
• Provide Java bindings for developers to use
• Uses framework
• Wrapper around native Kerberos GSS-API library
(Contains functionality found in gssapi.h)
Slide 30 / 39 © Copyright 2012 yaSSL

31. GSS-API
Java Wrapper
2 example clients:
• Android client functionality
• Stand-alone Java app for desktop use
Slide 31 / 39 © Copyright 2012 yaSSL

32. GSS-API
Integrated into sample app.
Example Client
• Est. context with example server
• Send wrapped message, verify
returned sig. block (gss_wrap,
gss_verify_mic)
• Repeat #2, but with gss_seal,
gss_verify
• Misc. API tests and exit.
Slide 32 / 39 © Copyright 2012 yaSSL

33. GSS-API
Integrated into sample app.
Example Server
• Est. context with client
• Receive and unwrap a message from the client
• Generate & send signature block for received message
Slide 33 / 39 © Copyright 2012 yaSSL

34. The Future
What's happening next?
Slide 34 / 39 © Copyright 2012 yaSSL

35. The Future
Look to the Community.
Availability
• Code will be linked from both MIT and yaSSL websites
Slide 35 / 39 © Copyright 2012 yaSSL

36. The Future
Look to the Community.
PR Activity / Visibility
• Blog posts
• Forum posts
• Press releases
• GitHub
• Mailing lists
• etc...
Slide 36 / 39 © Copyright 2012 yaSSL

37. The Future
Other ideas or thoughts?
Slide 37 / 39 © Copyright 2012 yaSSL

38. References
Statistics
• http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/
• http://www.go-gulf.com/blog/smartphone
• http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40-
percent-are-android/
• Google I/O 2011: http://www.google.com/events/io/2011
Project Locations
Kerberos: http://web.mit.edu/kerberos/
CyaSSL: http://www.yassl.com/
• Android NDK App: https://github.com/cconlon/kerberos-android-ndk
• GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapi
Slide 38 / 39 © Copyright 2012 yaSSL

39. Thanks!
www.yassl.com
Slide 39 / 39 © Copyright 2012 yaSSL