Suche senden
Hochladen
Securing User Data with SQLCipher
•
6 gefällt mir
•
8,103 views
C
CommonsWare
Folgen
from AnDevCon IV conference
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 62
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Efficient DBA: Gain Time by Reducing Command-Line Keystrokes
Efficient DBA: Gain Time by Reducing Command-Line Keystrokes
Seth Miller
Oracle RAC, Oracle Data Guard, and Pluggable Databases: When MAA Meets Oracle...
Oracle RAC, Oracle Data Guard, and Pluggable Databases: When MAA Meets Oracle...
Ludovico Caldara
SpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSA
Oracle Korea
DBA 3 year Interview Questions
DBA 3 year Interview Questions
Naveen P
DOAG - Oracle Database Locking Mechanism Demystified
DOAG - Oracle Database Locking Mechanism Demystified
Pini Dibask
Oracle db performance tuning
Oracle db performance tuning
Simon Huang
AWR Sample Report
AWR Sample Report
Devendra Singh
Troubleshooting Complex Oracle Performance Problems with Tanel Poder
Troubleshooting Complex Oracle Performance Problems with Tanel Poder
Tanel Poder
Empfohlen
Efficient DBA: Gain Time by Reducing Command-Line Keystrokes
Efficient DBA: Gain Time by Reducing Command-Line Keystrokes
Seth Miller
Oracle RAC, Oracle Data Guard, and Pluggable Databases: When MAA Meets Oracle...
Oracle RAC, Oracle Data Guard, and Pluggable Databases: When MAA Meets Oracle...
Ludovico Caldara
SpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSA
Oracle Korea
DBA 3 year Interview Questions
DBA 3 year Interview Questions
Naveen P
DOAG - Oracle Database Locking Mechanism Demystified
DOAG - Oracle Database Locking Mechanism Demystified
Pini Dibask
Oracle db performance tuning
Oracle db performance tuning
Simon Huang
AWR Sample Report
AWR Sample Report
Devendra Singh
Troubleshooting Complex Oracle Performance Problems with Tanel Poder
Troubleshooting Complex Oracle Performance Problems with Tanel Poder
Tanel Poder
How to become a software developer
How to become a software developer
Eyob Lube
Presentacion de Microsoft SQL Server.
Presentacion de Microsoft SQL Server.
Alexander Mañan Tavarez
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Docker, Inc.
It technical support resume
It technical support resume
Michael Murillo
All Oracle-dba-interview-questions
All Oracle-dba-interview-questions
Naveen P
Whitepaper: Mining the AWR repository for Capacity Planning and Visualization
Whitepaper: Mining the AWR repository for Capacity Planning and Visualization
Kristofferson A
PostgreSQL Database Slides
PostgreSQL Database Slides
metsarin
Linq
Linq
blo85
Deep review of LMS process
Deep review of LMS process
Riyaj Shamsudeen
Synchronizing parallel delivery flows in jenkins using groovy, build flow and...
Synchronizing parallel delivery flows in jenkins using groovy, build flow and...
Andrey Devyatkin
PostgreSQL Replication High Availability Methods
PostgreSQL Replication High Availability Methods
Mydbops
SQL Server Tuning to Improve Database Performance
SQL Server Tuning to Improve Database Performance
Mark Ginnebaugh
My SYSAUX tablespace is full - please help
My SYSAUX tablespace is full - please help
Markus Flechtner
SSIS Connection managers and data sources
SSIS Connection managers and data sources
Slava Kokaev
Introduction to PostgreSQL
Introduction to PostgreSQL
Jim Mlodgenski
Postgresql tutorial
Postgresql tutorial
Ashoka Vanjare
AWR & ASH Analysis
AWR & ASH Analysis
aioughydchapter
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
Hamid J. Fard
Oracle Audit vault
Oracle Audit vault
uzzal basak
End-to-end Troubleshooting Checklist for Microsoft SQL Server
End-to-end Troubleshooting Checklist for Microsoft SQL Server
Kevin Kline
Android Security: Defending Your Users
Android Security: Defending Your Users
CommonsWare
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and Tactics
CommonsWare
Weitere ähnliche Inhalte
Was ist angesagt?
How to become a software developer
How to become a software developer
Eyob Lube
Presentacion de Microsoft SQL Server.
Presentacion de Microsoft SQL Server.
Alexander Mañan Tavarez
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Docker, Inc.
It technical support resume
It technical support resume
Michael Murillo
All Oracle-dba-interview-questions
All Oracle-dba-interview-questions
Naveen P
Whitepaper: Mining the AWR repository for Capacity Planning and Visualization
Whitepaper: Mining the AWR repository for Capacity Planning and Visualization
Kristofferson A
PostgreSQL Database Slides
PostgreSQL Database Slides
metsarin
Linq
Linq
blo85
Deep review of LMS process
Deep review of LMS process
Riyaj Shamsudeen
Synchronizing parallel delivery flows in jenkins using groovy, build flow and...
Synchronizing parallel delivery flows in jenkins using groovy, build flow and...
Andrey Devyatkin
PostgreSQL Replication High Availability Methods
PostgreSQL Replication High Availability Methods
Mydbops
SQL Server Tuning to Improve Database Performance
SQL Server Tuning to Improve Database Performance
Mark Ginnebaugh
My SYSAUX tablespace is full - please help
My SYSAUX tablespace is full - please help
Markus Flechtner
SSIS Connection managers and data sources
SSIS Connection managers and data sources
Slava Kokaev
Introduction to PostgreSQL
Introduction to PostgreSQL
Jim Mlodgenski
Postgresql tutorial
Postgresql tutorial
Ashoka Vanjare
AWR & ASH Analysis
AWR & ASH Analysis
aioughydchapter
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
Hamid J. Fard
Oracle Audit vault
Oracle Audit vault
uzzal basak
End-to-end Troubleshooting Checklist for Microsoft SQL Server
End-to-end Troubleshooting Checklist for Microsoft SQL Server
Kevin Kline
Was ist angesagt?
(20)
How to become a software developer
How to become a software developer
Presentacion de Microsoft SQL Server.
Presentacion de Microsoft SQL Server.
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
It technical support resume
It technical support resume
All Oracle-dba-interview-questions
All Oracle-dba-interview-questions
Whitepaper: Mining the AWR repository for Capacity Planning and Visualization
Whitepaper: Mining the AWR repository for Capacity Planning and Visualization
PostgreSQL Database Slides
PostgreSQL Database Slides
Linq
Linq
Deep review of LMS process
Deep review of LMS process
Synchronizing parallel delivery flows in jenkins using groovy, build flow and...
Synchronizing parallel delivery flows in jenkins using groovy, build flow and...
PostgreSQL Replication High Availability Methods
PostgreSQL Replication High Availability Methods
SQL Server Tuning to Improve Database Performance
SQL Server Tuning to Improve Database Performance
My SYSAUX tablespace is full - please help
My SYSAUX tablespace is full - please help
SSIS Connection managers and data sources
SSIS Connection managers and data sources
Introduction to PostgreSQL
Introduction to PostgreSQL
Postgresql tutorial
Postgresql tutorial
AWR & ASH Analysis
AWR & ASH Analysis
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
Oracle Audit vault
Oracle Audit vault
End-to-end Troubleshooting Checklist for Microsoft SQL Server
End-to-end Troubleshooting Checklist for Microsoft SQL Server
Ähnlich wie Securing User Data with SQLCipher
Android Security: Defending Your Users
Android Security: Defending Your Users
CommonsWare
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and Tactics
CommonsWare
App Integration (Revised and Updated)
App Integration (Revised and Updated)
CommonsWare
iOS application (in)security
iOS application (in)security
iphonepentest
What's New in Jelly Bean
What's New in Jelly Bean
CommonsWare
App integration: Strategies and Tactics
App integration: Strategies and Tactics
CommonsWare
X Means Y
X Means Y
CommonsWare
Android Attacks
Android Attacks
Michael Scovetta
Evaluating iOS Applications
Evaluating iOS Applications
iphonepentest
Android Security Humla Part 1
Android Security Humla Part 1
Nikhil Kulkarni
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
Sebastián Guerrero Selma
Mobile Application Security Code Reviews
Mobile Application Security Code Reviews
Denim Group
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
viaForensics
Smart Phones Dumb Apps
Smart Phones Dumb Apps
Denim Group
ABS 2012 - Android Device Porting Walkthrough
ABS 2012 - Android Device Porting Walkthrough
Benjamin Zores
SmartTV Security
SmartTV Security
Ulisses Albuquerque
JVM Multitenancy (JavaOne 2012)
JVM Multitenancy (JavaOne 2012)
Graeme_IBM
Is Android the New King of Embedded OSes at Embedded World 2014
Is Android the New King of Embedded OSes at Embedded World 2014
Opersys inc.
Introduction to android
Introduction to android
krishnastudent88
Android Development Tutorial V3
Android Development Tutorial V3
Diego Torres Milano
Ähnlich wie Securing User Data with SQLCipher
(20)
Android Security: Defending Your Users
Android Security: Defending Your Users
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and Tactics
App Integration (Revised and Updated)
App Integration (Revised and Updated)
iOS application (in)security
iOS application (in)security
What's New in Jelly Bean
What's New in Jelly Bean
App integration: Strategies and Tactics
App integration: Strategies and Tactics
X Means Y
X Means Y
Android Attacks
Android Attacks
Evaluating iOS Applications
Evaluating iOS Applications
Android Security Humla Part 1
Android Security Humla Part 1
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
Mobile Application Security Code Reviews
Mobile Application Security Code Reviews
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
Smart Phones Dumb Apps
Smart Phones Dumb Apps
ABS 2012 - Android Device Porting Walkthrough
ABS 2012 - Android Device Porting Walkthrough
SmartTV Security
SmartTV Security
JVM Multitenancy (JavaOne 2012)
JVM Multitenancy (JavaOne 2012)
Is Android the New King of Embedded OSes at Embedded World 2014
Is Android the New King of Embedded OSes at Embedded World 2014
Introduction to android
Introduction to android
Android Development Tutorial V3
Android Development Tutorial V3
Mehr von CommonsWare
Gradle and Your Android Wearable Projects
Gradle and Your Android Wearable Projects
CommonsWare
Getting Android Developers for Your Wearables
Getting Android Developers for Your Wearables
CommonsWare
When Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable Apps
CommonsWare
The Action Bar: Front to Back
The Action Bar: Front to Back
CommonsWare
Secondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManager
CommonsWare
Mastering the Master Detail Pattern
Mastering the Master Detail Pattern
CommonsWare
Not Quite As Painful Threading
Not Quite As Painful Threading
CommonsWare
Android Development: The 20,000-Foot View
Android Development: The 20,000-Foot View
CommonsWare
Maps V2... And You!
Maps V2... And You!
CommonsWare
A Deep Dive Into ViewPager
A Deep Dive Into ViewPager
CommonsWare
Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2
CommonsWare
Integrate Android Apps and Web Apps
Integrate Android Apps and Web Apps
CommonsWare
From Android to the Mobile Web
From Android to the Mobile Web
CommonsWare
The Wonderful World of Wearables
The Wonderful World of Wearables
CommonsWare
Beaming Data to Devices with NFC
Beaming Data to Devices with NFC
CommonsWare
Making Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business Models
CommonsWare
AppsWorld Keynote
AppsWorld Keynote
CommonsWare
Rich Text Editing and Beyond
Rich Text Editing and Beyond
CommonsWare
Android Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... Odd
CommonsWare
Google TV For Fun
Google TV For Fun
CommonsWare
Mehr von CommonsWare
(20)
Gradle and Your Android Wearable Projects
Gradle and Your Android Wearable Projects
Getting Android Developers for Your Wearables
Getting Android Developers for Your Wearables
When Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable Apps
The Action Bar: Front to Back
The Action Bar: Front to Back
Secondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManager
Mastering the Master Detail Pattern
Mastering the Master Detail Pattern
Not Quite As Painful Threading
Not Quite As Painful Threading
Android Development: The 20,000-Foot View
Android Development: The 20,000-Foot View
Maps V2... And You!
Maps V2... And You!
A Deep Dive Into ViewPager
A Deep Dive Into ViewPager
Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2
Integrate Android Apps and Web Apps
Integrate Android Apps and Web Apps
From Android to the Mobile Web
From Android to the Mobile Web
The Wonderful World of Wearables
The Wonderful World of Wearables
Beaming Data to Devices with NFC
Beaming Data to Devices with NFC
Making Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business Models
AppsWorld Keynote
AppsWorld Keynote
Rich Text Editing and Beyond
Rich Text Editing and Beyond
Android Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... Odd
Google TV For Fun
Google TV For Fun
Kürzlich hochgeladen
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Kürzlich hochgeladen
(20)
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Slack Application Development 101 Slides
Slack Application Development 101 Slides
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Securing User Data with SQLCipher
1.
AnDevCon IV Securing User
Data with SQLCipher Copyright © 2012 CommonsWare, LLC
2.
Workshop Overview ●
Who Is At Risk? ● Offense and Defense ● SQLCipher Integration ● SQLCipher: Hands On! ● Encrypting SharedPreferences & Files ● Passphrases ● Encrypted Communications Copyright © 2012 CommonsWare, LLC
3.
Who Is At
Risk? ● The Clumsy – Leaving phones lie around – Some percentage get personal data lifted ● The Traveler – Spear-fishing attack on a specific business – Corporate espionage or just garden-variety theft Copyright © 2012 CommonsWare, LLC
4.
Who Is At
Risk? ● The Freedom Fighter – Devices used for communication, coordination – Devices confiscated upon arrest ● The Terrorist – Devices used for communication, coordination – Devices confiscated upon arrest Copyright © 2012 CommonsWare, LLC
5.
Who Is At
Risk? ● The Citizen (of Repressive Regimes) – Arrests ranging from freedom of expression (protest rallies) to “just because” (race, religion, etc.) ● The User – May fall into any of the above categories – Even for apps not normally thought of as requiring such security Copyright © 2012 CommonsWare, LLC
6.
Who Is At
Risk? ● The Developer – Press reports of “plaintext” stuff on internal storage – Negative publicity leads to negative reputation Copyright © 2012 CommonsWare, LLC
7.
Offense and Defense ●
Defense: Lock Screen Security – Swipe: um, not really – Face: well, better than nothing – PIN: we're getting somewhere – Password: secure! ● Right? Copyright © 2012 CommonsWare, LLC
8.
Offense and Defense ●
Offense: Exploits – Example: USB Debugging ● Create app that dismisses keyguard ● Run via USB cable and adb shell am ● Net: bypass lock screen regardless of security settings ● (according to Google: not a bug) Copyright © 2012 CommonsWare, LLC
9.
Offense and Defense ●
Defense: Internal Storage – Read-write for app, deny-all for everyone else – User has no direct access via USB cable – Net: only way to get at the data is via the app! ● Right? Copyright © 2012 CommonsWare, LLC
10.
Offense and Defense ●
Offense: Rooting – Most devices can be rooted – Can run apps as root, with access to all parts of internal storage – Run a file manager, copy off whatever is desired ● Or write an app that bulk-copies entire internal storage for later analysis Copyright © 2012 CommonsWare, LLC
11.
Offense and Defense ●
Defense: Full-Disk Encryption – Entire internal storage bulk encrypted – Reboot locks down device, requiring manual entry of password – Many root attacks require a reboot – Net: only way to get at data is via encryption password! ● Right? Copyright © 2012 CommonsWare, LLC
12.
Offense and Defense ●
Offense: Exploits – Ineffective against many temporary root attacks – Weak full-disk encryption passwords ● Same as lock screen for most devices ● Can be brute-forced – Assumes users know of, apply full-disk encryption ● Not offered during initial setup Copyright © 2012 CommonsWare, LLC
13.
Offense and Defense ●
Defense: Cloud – Keep data off the device – Many Web sites and apps have decent defenses against brute-forcing attacks – So long as user is willing to enter password every time, the data is secure! ● Right? Copyright © 2012 CommonsWare, LLC
14.
Offense and Defense
xkcd comics reproduced under CC license from Randall Munroe, despite Hat Guy's best efforts. Copyright © 2012 CommonsWare, LLC
15.
General Strategy ●
Use Base Defenses – Lockscreen – Internal Storage – Full-Disk Encryption Copyright © 2012 CommonsWare, LLC
16.
General Strategy ●
Per-App Crypto – More flexible authentication models ● Help to mitigate “always entering password” problem – Containers with better brute-force resistance – Storage Models ● Database ● SharedPreferences ● General files Copyright © 2012 CommonsWare, LLC
17.
Introducing SQLCipher ●
SQLCipher – Modified version of SQLite – AES-256 encryption by default, of all data – Relatively low overhead – Cross-platform – BSD license Copyright © 2012 CommonsWare, LLC
18.
Introducing SQLCipher ●
SQLCipher Security – Customizable encryption algorithm ● Based on OpenSSL libcrypto – Individual pages encrypted, with own initialization vector – Message authentication code (MAC) per page, to detect tampering – Hashed passphrase (PBKDF2) for key Xkcd comics reproduced under CC license from Randall Munroe. Hat guy is not impressed. Copyright © 2012 CommonsWare, LLC
19.
Introducing SQLCipher ●
SQLCipher for Android – NDK-compiled binaries – Drop-in replacement classes for Android's SQLite classes ● SQLiteDatabase ● SQLiteOpenHelper ● Etc. Copyright © 2012 CommonsWare, LLC
20.
Introducing SQLCipher ●
SQLCipher for Android Limitations – Adds ~3MB to APK size per CPU architecture – x86 binaries not available for public download right now ● Must build them yourself, versus downloading ARM binaries ● Available for this workshop! Copyright © 2012 CommonsWare, LLC
21.
Introducing SQLCipher ●
SQLCipher and Third Party Code – Typically should work for open source via fork ● Replace their references to SQLite classes the same way you would replace your references ● Find way to pass in passphrase ● Either package as separate JAR or blend their source into your project as needed ● Examples: ORMLite, SQLiteAssetHelper Copyright © 2012 CommonsWare, LLC
22.
Integrating SQLCipher ●
Step #1: Add to Project – Download ZIP file from: https://github.com/sqlcipher/android-database-sqlcipher – Copy ZIP's assets/ into project's assets/ – Copy ZIP's libs/ into project's libs/ Copyright © 2012 CommonsWare, LLC
23.
Integrating SQLCipher ●
Step #2: Replace Import Statements – Eclipse ● Delete all android.database.* and android.database.sqlite.* imports ● Use Ctrl-Shift-O and choose the net.sqlcipher equivalents Copyright © 2012 CommonsWare, LLC
24.
Integrating SQLCipher ●
Step #2: Replace Import Statements – Outside of Eclipse ● Replace all occurrences of android.database with net.sqlcipher, revert back as needed ● Replace all occurrences of android.database.sqlite with net.sqlcipher.database Copyright © 2012 CommonsWare, LLC
25.
Integrating SQLCipher ●
Step #3: Supply Passphrases – SQLiteDatabase openOrCreateDatabase(), etc. – SQLiteOpenHelper getReadableDatabase() and getWritableDatabase() – Collect passphrase from user via your own UI Copyright © 2012 CommonsWare, LLC
26.
Integrating SQLCipher ●
Step #4: Testing – Tests should work when starting with a clean install ● No existing unencrypted database ● Step #5: Beer! – Hooray, beer! Copyright © 2012 CommonsWare, LLC
27.
Integrating SQLCipher ●
Upgrading to Encryption – Open unencrypted original – Create and ATTACH new encrypted database – sqlcipher_export() – Save schema version from old database – DETACH and close databases – Open encrypted database and set schema version Copyright © 2012 CommonsWare, LLC
28.
SQLCipher: Hands On! ●
Option #1: Tutorial – Materials on USB thumb drive – Step-by-step instructions (PDF) – Live walkthrough of all steps ● Designed to supplement instructions – Goal: add SQLCipher to an existing Android app, including handling the database upgrade Copyright © 2012 CommonsWare, LLC
29.
SQLCipher: Hands On! ●
Option #2: Upgrade Your Own App – Use instructions, walkthrough as guide for applying similar changes to your own code ● Warning: tutorial probably smaller than your app! ● Support – Ask questions of presenter, who will be up front or wandering around aimlessly between walkthrough sections Copyright © 2012 CommonsWare, LLC
30.
SQLCipher: Hands On! ●
Option #3: Return at 11:25am for more exciting slides! – ...though we will all miss you... Copyright © 2012 CommonsWare, LLC
31.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
32.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
33.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
34.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
35.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
36.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
37.
SQLCipher: Hands On! ●
Step #1: Getting Your Starting Point ● Step #2: Adding SQLCipher for Android ● Step #3: Adding a New Launcher Activity ● Step #4: Collect Passphrase For New Encryption ● Step #5: Create or Encrypt the Database ● Step #6: Collect Passphrase For Decryption Copyright © 2012 CommonsWare, LLC
38.
Encrypted SharedPreferences ●
How They Are Normally Stored – Unencrypted XML files – Internal storage in shared_prefs/ directory ● Peer to your databases/, files/ directories ● Precise root path may vary, especially on Android 4.2 with multiple accounts Copyright © 2012 CommonsWare, LLC
39.
Encrypted SharedPreferences ●
Introducing CWSharedPreferences – Strategy-based pluggable storage model ● SQLite ● SQLCipher ● Others as you wish via interfaces – Implements SharedPreferences ● Manual preference-using code requires no changes once you have your SharedPreferences object Copyright © 2012 CommonsWare, LLC
40.
Encrypted SharedPreferences ●
Creating a SQLCipherStrategy – Supply name of preferences, passphrase, LoadPolicy ● LoadPolicy.SYNC: loads on main application thread ● LoadPolicy.ASYNC_BLOCK: loads in background thread, blocks if you try using them before loaded ● LoadPolicy.ASYNC_EXCEPTION: loads in background thread, raises exception if you try using them before loaded ● Test Case Walkthrough Copyright © 2012 CommonsWare, LLC
41.
Encrypted SharedPreferences ●
Limitation: No PreferenceActivity – Hard-wired to use stock SharedPreferences ● Alternative: Encrypt at GUI Level – Custom Preference classes with encryption, decryption logic, also available for use outside of preference UI – Requires more manual fussing with encryption – Encrypts values, perhaps not keys Copyright © 2012 CommonsWare, LLC
42.
Encrypted Files ●
Option #1: javax.crypto – Standard solution for Java for years – Plenty of online recipes – Search StackOverflow for Android-specific idiosyncrasies Copyright © 2012 CommonsWare, LLC
43.
Encrypted Files ●
Option #2: SpongyCastle – Refactored version of BouncyCastle, to avoid VM collisions ● Android's javax.crypto based on BouncyCastle, but with somewhat hacked version – Fairly popular, probably less likely to run into Android-specific headaches Copyright © 2012 CommonsWare, LLC
44.
Encrypted Files ●
Future Option: IOCipher – Uses SQLCipher as a backing store for virtual filesystem ● You work with drop-in replacement File class that stores, reads “files” as BLOBs from database – Benefits: less work, benefits of SQLCipher container – Pre-alpha Copyright © 2012 CommonsWare, LLC
45.
Passphrases ●
Passphrase Entry Pain – Users do not like typing long passwords – Result = weaker quality – Option: “diceware” ● Choose ~5 words from stock list ● Can offer scrolling lists, auto-complete to help speed data entry ● Downside: more annoying for accessibility Copyright © 2012 CommonsWare, LLC
46.
Passphrases xkcd comics reproduced
under CC license from Randall Munroe, even though Hat Guy owns a $5 wrench Copyright © 2012 CommonsWare, LLC
47.
Passphrases xkcd comics reproduced
under CC license from Randall Munroe, but BYO talking horse Copyright © 2012 CommonsWare, LLC
48.
Passphrases ●
Multi-Factor Authentication – Passphrase generated in code from user- supplied pieces – Organization options ● Simple concatenation ● Concatenation with factor prefix, un-typeable divider characters Copyright © 2012 CommonsWare, LLC
49.
Passphrases ●
Multi-Factor Authentication Objectives – Longer passphrase without as much user input – Help defeat casual attacks ● Need all factors to access via your UI ● Otherwise, need to brute-force Copyright © 2012 CommonsWare, LLC
50.
Passphrases xkcd comics reproduced
under CC license from Randall Munroe. Hat Guy is not amused. Copyright © 2012 CommonsWare, LLC
51.
Passphrases ●
Multi-Factor Authentication Sources – NFC tag – QR code – Paired Bluetooth device – Wearable app – Gesture (e.g., pattern lock) – Biometrics (e.g., fingerprint scanner) Copyright © 2012 CommonsWare, LLC
52.
Passphrases ●
Password Managers – Some offer APIs (e.g., OI Password Safe) – Benefit ● Easier: user does not have to remember as many passphrases – Downside ● Reliant upon third-party app and its security Copyright © 2012 CommonsWare, LLC
53.
Passphrases ●
Changing SQLCipher Password – PRAGMA rekey = 'new passphrase'; – Requires access to database with existing key – Execution time proportional to database size ● Background thread, please! Copyright © 2012 CommonsWare, LLC
54.
Encrypted Communications ●
BackupManager – No control over exactly where this data is sent ● Could be replaced by device manufacturers, carriers – Ideally, all data backed up should be encrypted with user passphrase ● Either because that data is always encrypted, or encrypt especially for backup/restore ● No sense in using static passphrase, as can be reverse-engineered Copyright © 2012 CommonsWare, LLC
55.
Encrypted Communications ●
GCM and C2DM – Data is encrypted during transmission – Data is not encrypted at Google's servers – Options ● Encrypt the message payloads ● Message payloads are pointers to encrypted data held elsewhere Copyright © 2012 CommonsWare, LLC
56.
Encrypted Communications ●
SSL: Basics – Use https:// URLs with URL or HttpClient – Use normally – Pray that your certificates are installed ● Self-signed certs ● Unusual certificate authorities ● Varying certificate authorities – http://goo.gl/8anF9 Copyright © 2012 CommonsWare, LLC
57.
Encrypted Communications ●
SSL Attack: Hack the CA – Comodo, DigiNotar, etc. – Forged certificates claiming to be Google, Mozilla, Microsoft, etc. – “When an attacker obtains a fraudulent certificate, he can use it to eavesdrop on the traffic between a user and a website even while the user believes that the connection is secure.” Copyright © 2012 CommonsWare, LLC
58.
Encrypted Communications ●
SSL Defense #1: Avoid CAs – CAs are needed for general-purpose clients (e.g., Web browsers) – If you control front end (app) and back end (Web service), use private SSL certificates that can be verified by the app itself – Moxie Marlinspike Implementation ● http://goo.gl/DYTrb ● See Option 1 Copyright © 2012 CommonsWare, LLC
59.
Encrypted Communications ●
SSL Defense #2: Pinning – Assumes that you need to use a CA for some reason (e.g., Web site + Web service) – Validates issuing CA ● Rather than the certificate itself ● Limits attacks to ones where your CA gets hacked – Moxie Marlinspike Implementation ● http://goo.gl/DYTrb ● See Option 2 Copyright © 2012 CommonsWare, LLC
60.
Encrypted Communications ●
SSL Defense #3: User Validation – Assume that attacks are infrequent – Alert user when you see a different certificate than used before ● May indicate a MITM attack – https://github.com/ge0rg/MemorizingTrustManager/wiki ● Implementation of trust store and UI Copyright © 2012 CommonsWare, LLC
61.
Encrypted Communications ●
OnionKit – StrongTrustManager ● Customized set of CAs based on Debian cacerts file ● Full chain verification ● Limited pinning – Proxying through Orbot ● Tor implementation for Android – https://github.com/guardianproject/OnionKit Copyright © 2012 CommonsWare, LLC
62.
Summary ●
Consider Encryption – ...even if you don't think you need it ● SQLCipher: Easiest Option for Encrypted Database – ...if you can live with the APK footprint ● Think About Encrypting Other Data Stores, Means of Collecting Passphrases ● Q&A Copyright © 2012 CommonsWare, LLC
Jetzt herunterladen