[guardian-dev] forensic analysis of WeChat's use of SQLCipher on Android

Hans-Christoph Steiner hans at guardianproject.info
Thu Jan 22 08:58:12 EST 2015



Tom Ritter:
> On 14 January 2015 at 01:53, Hans-Christoph Steiner
> <hans at guardianproject.info> wrote:
>> As for techniques for better managing a password without having the user enter
>> one, that I haven't looked deep into because I believe it is ultimately
>> futile.  If the user does not need to enter the password to unlock something,
>> neither will anyone else.
>>
>> One minor improvement would be using a hardware security module (HSM) to
>> manage the password in this kind of setup.  As far as I understand how they
>> are implemented in smartphones, a forensic data acquisition would not be able
>> to get the keys out of the HSM.  So then the actual device would be required
>> in order to unlock the encryption.
> 
> 
> This line of research is very interesting to me.  I'm not 100% certain
> I know what you mean by using an HSM though.  I guess you mean similar
> to iPhone, where there is a Secure Element on the phone that performs
> crypto operations with a key, and therefore you must query that
> element then performing brute force attacks to decrypt data?
> 
> It's a step up, certainly, but ultimately the security relies on the
> password itself.  And for mobile phones I think we need to find a
> solution that gives adequate security when using 4 digit PINs and
> Swipes.  Anything else... it's tough to get people to adopt.
> 
> My main idea for this is use a SIM or other UUIC with a JavaCard
> applet.  You enter a 4-digit pin (so simple, so easy!) and if correct,
> the JavaCard applet releases a symmetric key (or key material or
> asymmetric private key or whatever) that the app uses and keeps in
> memory.  If you enter the wrong pin 5 times in a 5 minute window (or
> however you implement it) - the symmetric key is wiped.  This prevents
> fast brute forcing and instead resolves to very slow, careful brute
> forcing which you can mathematically choose to limit at your
> discretion - or really good guessing.
> 
> Requires: Ability to load a JavaCard applet to a UUIC, APIs in Android
> to do so, a SIM that lets you load stuff.  OpenCard is a new mechanism
> that, combined with SEEK for Android, might make this a possibility if
> you jump through hoops with your ROM.
> 
> This is a problem businesses grapple with too.  The right combination
> of players might be able to effect change here.
> 
> -tom

By HSM, I mean Hardware Security Module like a crypto smartcard module like in
the OpenPGP card, Yubikey, JavaCard, SIM, etc.  The kind that does not allow
for downloading the private key, only uploading or generating on the card.
This is really only particularly useful for public key crypto, since once
symmetric key is out, it is fully copiable and sharable.  I vaguely remember
some Android devices starting to ship with embedded HSMs.

If this could happen on the SIM, that would be extra awesome since they are so
widespread.

.hc


-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81


More information about the Guardian-dev mailing list