Abstract
Google Android is an open source operating system that is available on a wide variety of smart phones from a variety of manufactures. While the core operating system uses encryption for phone calls, web browsing, and email, the local storage available on the phone is primarily unencrypted. Encryption can be deployed at the application level to protect data stored on the phone. On a typical device, the data for an application is stored on the onboard micro SD card which can easily be mounted on a computer. The files stored on the card can then be copied to another device for analysis. If an unauthorized party were to gain physical access to a phone, it would be possible to quickly create a copy of the onboard data, potentially without the phones owner even noticing. A simple notepad application that uses an encryption algorithm and user provided password can be used to read and write plain text securely to a file on the SD card. The security of the information stored using this approach will be analyzed and the method deployed will be documented.
Figure 1
The method employed for encryption and decryption is a two stage process as outlined in Figure 1. The text field that is provided to the user is editable in a String representation. This plain text string is encrypted using the specified cipher and password before being encoded as a Base64 2
string and written to a file. For decryption the process is reversed and the file is read and converted into the raw cipher text from the Base64 encoding and then decrypted using the specified cipher and password before being displayed to the user. The Base64 encoding is not required from a technical standpoint, but allows the encrypted text to be viewed in its encoding form using the same editor that was used to encrypt the text. An example of an encrypted string is shown in Table 1.
Plain Text String Password Encrypted AES String Encrypted DES String
Figure 2
Figure 3
Figure 4
The graphical elements for the interface are simple and provide the necessary functionality to encrypt simple notes. Figure 2 depicts the initial interface that allows for the creation of new files and displays all *.txt files that currently exist in the root directory. When a file is selected the next interface as seen in Figure 3 is displayed. This allows the user to select the encryption algorithm and input the password for the file. For new files, the encryption algorithm and password will be used when the formerly empty file is saved. The last interface, as seen in Figure 4, provides the means to view, edit, and save the text back to the file.
4. Analysis of Security
Software that uses encryption to store information must be carefully constructed so that it minimizes its surface for attack. Since it is necessary to decrypt the file on the device, it is unavoidable to have the decrypted text to be stored in RAM so the plain text can be viewed and manipulated.
The AESEncryptionProvider constructor takes a pass phrase and converts it to a secret key that can be used to encrypt or decrypt text using the appropriate methods. The primary responsibility of the constructor is to simply create the key; once the key is created, the encryption provide is able to function.
/** * Performs the encryption on a string of data * @param data The plain text to encrypt. * @return The encrypted text encoded as a Base64 string. */ public String encryptAsBase64(String data) throws EncryptionException{ byte[] encryptedData = encrypt(data.getBytes()); return Base64.encodeBytes(encryptedData); }
The public encryption method used to encrypt a string provides a simple mechanism that returns the encrypted cipher text as a string. To accomplish this the underlying encryption algorithm performs the manipulation on a byte array computed from the original plain text string. To convert this byte array back to a string after it is encrypted, it is encoded as a Base64 string using a freely available encryption library provided by http://iharder.net/base64.
/** * Performs the AES encryption on a byte array. * @param clearData The unencrypted byte array. * @return The encrypted byte array. * @throws EncryptionException */ private byte[] encrypt(byte[] clearData) throws EncryptionException { try { cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec); } catch (InvalidKeyException e) { Log.e(OpenNoteSecure.TAG, "Invalid key", e); throw new EncryptionException("AESEncrpyionProvider could not be created", e); } catch (InvalidAlgorithmParameterException e) { Log.e(OpenNoteSecure.TAG, "Invalid algorithm " + CIPHER_ALGORITHM, e); throw new EncryptionException("AESEncrpyionProvider could not be created", e); } byte[] encryptedData; try { encryptedData = cipher.doFinal(clearData); } catch (IllegalBlockSizeException e) { Log.e(OpenNoteSecure.TAG, "Illegal block size", e); throw new EncryptionException("AESEncrpyionProvider could not be created", e); } catch (BadPaddingException e) { Log.e(OpenNoteSecure.TAG, "Bad padding", e); throw new EncryptionException("AESEncrpyionProvider could not be created", e); } return encryptedData; }
The majority of the code surrounding the encryption and decryption routines is a try/catch block. The crypto routines are capable of throwing various exceptions in the case where the encryption or decryption fails. These routines catch these exceptions and then throw a new exception called EncryptionException. The EncryptionException is a new type of exception that simply indicates that the encryption or decryption routine was not able to be executed successfully. The main reason for throwing this exception is the instance where the wrong algorithms or password is used to attempt to decrypt a file. In this case the file is not decrypted and an error message is 5
displayed. The actual execution of the encryption is very simple to invoke and the complexity is masked by the underlying libraries.
5. Future Work
The initial release of OpenNoteSecure is capable of performing symmetric encryption. The ability to perform asymmetric encryption would be very useful for securely encrypting 6
information that would be transmitted from user to user. The difficulty in implementing a system for performing asymmetric encryption arises from the vulnerability of the key store. The private keys that would need to be stored on the mobile device would need to be protected, which could be accomplished with a symmetric cipher and a pass phrase.
6. Conclusion
The built in mechanisms for securing application data on the Android platform are currently limited, but the ability to secure information on an application by application basis has existing potential. The information stored on a mobile device depends on the security of the passphrase that is used to secure the information. The main issue is the compromise between security and convenience. In practice the convenience of easily accessible information wins over the ability to securely store this information. As a result, the main concern is using strong encryption keys that do not require memorization and manual entry from the user. OpenNoteSecure demonstrates that data security can be achieved, but still depends on memorization of keys by the user.
Resources
The source code for OpenNoteSecure is released under a General Public License Version 3. http://github.com/JaredHatfield/OpenNoteSecure OpenNoteSecure is available to download for free from the Android Market. com.jaredhatfield.opennotesecure
Works Cited
Google. (2010, June 23). Security and Permissions. Retrieved from Android Developers: http://developer.android.com/guide/topics/security/security.html