Transcript PowerPoint Guideline

Beyond Kernel-level Integrity Measurement:
Enabling Remote Attestation for the Android
Mohammad Nauman, Sohail Khan, Xinwen Zhang, Jean-Pierre
Platform
Seifert
TU Berlin & Deutsche Telekom Laboratories, Berlin, Germany
[email protected]
Agenda

Android introduction

Problem motivation

Solution proposal

Evaluation / Measurement numbers

Q&A
Deutsche Telekom Laboratories
09.11.2009
2
Android introduction
Android Introduction

A framework for mobile devices
Deutsche Telekom Laboratories
09.11.2009
4
Android Introduction


A framework for mobile devices
Backed by many industry leaders
Deutsche Telekom Laboratories
09.11.2009
5
Significance of Android

“AdMob: Android Passes iPhone Web Traffic In U.S”
http://techcrunch.com/2010/04/27/admob-android-passes-iphone-web-traffic-in-u-s/
Deutsche Telekom Laboratories
09.11.2009
6
Android Architecture
Deutsche Telekom Laboratories
09.11.2009
7
Problem motivation
Problem motivation
Primary Use Case

Consider an organization that provides its employee, say Angela, with a G1 handset running several
applications that she might require for carrying out her job responsibilities.

The employer, being the owner of the device, allows Angela to install applications that she might
need for her daily use.

However, since the organization releases sensitive information to Angela's mobile, it is required
that the integrity of Angela´s Android is intact and that there is no malicious software or
application running on the mobile device.

Otherwise, sensitive information could be leaked, …
Let´s see a real life example!
Deutsche Telekom Laboratories
09.11.2009
9
proudly presents
Chancellor Angela Merkel
Deutsche Telekom Laboratories
09.11.2009
10
The problem
Deutsche Telekom Laboratories
09.11.2009
11
Android´s Dalvik Problem

Establish the trustworthiness of an Android-powered mobile device
 (Phone, tablet, netbook, …)

Traditional approach of signing applications doesn’t work
 “All applications are created equal”

Existing approaches towards remote attestation fail
 All application code is “dex” – invisible to the kernel

Dex code executed by the Dalvik VM
 Even if the VM is benign, the application running on top of it may be malicious
Deutsche Telekom Laboratories
09.11.2009
12
Solution proposal
Solution

Extend the chain-of-trust to within the VM
 (Just as IMA extended it from the pre-bootloader to within the OS)

Choices:
1.
Measure all loaded applications
2.
Measure all loaded classes
Deutsche Telekom Laboratories
09.11.2009
14
Attestation Architecture
Angela´s Employer
Deutsche Telekom Laboratories
09.11.2009
15
Basic requirements

Establishment of a chain-of-trust

Basic TPM/MTM replacement
 TPM implements basic functionality



Meant to serve as a placeholder
(earlier efforts at MTM/TPM implementation on mobiles …)
(Slightly) modified IMA code
 Communicate with TPM instead of non-existent TPM
Deutsche Telekom Laboratories
09.11.2009
16
Small IMA extensions

Beside the communication with our TPM , we have not modied any functionality of IMA.





This ensures that all the executables loaded outside the Dalvik virtual machine as well as the native code of
Dalvik itself gets measured and stored in the Stored Measurement Log (SML).
Similarly, the semantics of SML are also unmodied.



It measures all executables loaded on the Android platform by the Linux operating system.
This includes the Android VM as well as any libraries
(such as libdvm.so, libandroid-runtime.so and libandroid-system.so).
This is because we opted not to interleave the Linux executable hashes with the Dalvik executable hashes but keep
the two logs separate.
The aggregate up to the point of the Dalvik load is stored in the Android Measurement Log (AML).
Once the chain of trust up to the Dalvik virtual machine is established, we provide two alternatives for
measurement of code that is loaded on top of the Dalvik VM.
Deutsche Telekom Laboratories
09.11.2009
17
Application Level Attestation

Modify the Application Framework Layer to measure all loaded .apk files – packages

(Implementation details in the paper)

Incomplete!

Chain of trust breaks as the application framework layer itself isn’t measured/stored in the PCR

More is required!
Deutsche Telekom Laboratories
09.11.2009
18
Class level attestation

Measure all loaded classes


Different from IMA because:



Classes can come from arbitrary sources
 Internet, local streams, files …
Same class files can reside in multiple jars (dex in case of Android)
For example, an application may write a class loader that reads from a byte stream to load a class.
 This is substantially unlike the Linux/IMA scenario in which all executables are loaded from the lesystem.



It is therefore possible in Linux to measure an executable before it is loaded.
In case of Dalvik (or any Java-based VM), this is not always possible due to the fact of arbitrary class loaders.
It is for this reason that the semantics of our binary attestation are:
 we measure a class after it is loaded but before it can be executed!
Deutsche Telekom Laboratories
09.11.2009
19
Class level attestation

VM level implementation

Selected Hash computed over the complicated class structure:
Deutsche Telekom Laboratories
09.11.2009
20
Android Measurement Log:
capturing the hash of the class and its descriptor
133A57C0CB942D5F74376BD6A89A3DD98EAB4886 vmaggregate
…
4FC88626E94A631D9FF4BD7C39C57F6EA8847C3F
FC060385A2B800175CE68D96AFC4A49E965A8E8F
8863C28E92E47E3B38BAAD68BA489C893D24912D
B1DBC173355024025D79614CA72A4E6A6DA7DD3A
23B710A1C427555733403F095C20865554B7CB85
22A21B6943A575D4A47499EAEA60B9E6970A06C8
A12A6EFC33FB485769ED9914428DF19DEC67F4B5
59517950D7280DC0CB4517B40E812D9E2B1BAFB2
A4A5A5D0D44B5D3AF19427D5F7B09D43CDD7F4A1
665C10F925950A4E9F65EBBF26D629453DD5D4B2
69CEB9E9ED1398EFFF0C2C0705C7D45506481BA1
457F0C258A8B76B4C03C3A89B1B7BAC8E306ECA1
8E84D83A9BFE50BDC7F41714769AB48CE55E208D
AE8BB8B2E8585395EB697DC8403C3EC1E2BFF7ED
5CB11877BF82DA663722AFBF19CB3DE2DBC03F3B
AE1700E2564503F96ED5D277B2E5D886A12E68EA
Landroid/widget/AbsListView;
Landroid/widget/AbsListView\$CheckForLongPress;
Landroid/widget/AbsListView\$CheckForTap;
Landroid/widget/AbsListView\$LayoutParams;
Landroid/widget/AbsListView\$PerformClick;
Landroid/widget/AbsListView\$RecycleBin;
Landroid/widget/AbsListView\$SavedState;
Landroid/widget/AbsListView\$SavedState\$1;
Landroid/widget/AbsSeekBar;
Landroid/widget/AbsSpinner;
Landroid/widget/AbsoluteLayout;
Landroid/widget/AbsoluteLayout\$LayoutParams;
Landroid/widget/AdapterView;
Lcom/android/internal/telephony/Phone;
Lcom/android/internal/telephony/Phone\$State;
Lcom/android/internal/telephony/PhoneBase;
…
Deutsche Telekom Laboratories
09.11.2009
21
Evaluation / Measurement numbers
Evaluation for Android cupcake

Application-level results:

Caching is helping here to mediate that time overhead!
Faster hw hashing would be helpful – instead of JAVA!
Power consumption, …


Deutsche Telekom Laboratories
09.11.2009
23
Evaluation for Android cupcake

Class-level results:

Caching is helping here to mediate that time overhead!
Faster hw hashing would be helpful – instead of JAVA!
Power consumption, …


Deutsche Telekom Laboratories
09.11.2009
24
Other points to note

TPM is just a placeholder.
 We’re waiting for an MTM implementation

Bootloader needs modification for a full the chain-of-trust.

The new Android Scripting Support isn’t supported yet.
 Another reason why IMA can’t work … but our architecture fails here too

Time of measurement, time of use race condition was a major concern in the original IMA technique.
 The issue is that when reading from a filesystem, the file may change after it is measured but before it
gets loaded for execution.
 Since we measure classes or applications only after they are loaded and not from the filesystem, our
architecture does not suffer from this drawback.
Deutsche Telekom Laboratories
09.11.2009
25
Thank you for your attention!
Questions?
Deutsche Telekom Laboratories
09.11.2009
26