Analysing Android’s Full Disk Encryption Feature(分析Android的全磁盘加密功能)
Analysing Android’s Full Disk Encryption Feature
¨ ¨
Johannes Gotzfried and Tilo Muller
Friedrich-Alexander-Universitat
¨
Erlangen-Nurnberg, Germany
¨
johannes.goetzfried, tilo.mueller @cs.fau.de
Abstract
Since Android 4.0, which was released in October 2011, users of Android smartphones are pro-
vided with a built-in encryption feature to protect their home partitions. In the work at hand, we
give a structured analysis of this software-based encryption solution. For example, software-based
encryption always requires at least a small part of the disk to remain unencrypted; in Android this
is the entire system partition. Unencrypted parts of a disk can be read out and are open to system
manipulations. We present a tool named EvilDroid to show that with physical access to an encrypted
smartphone only (i.e., without user level privileges), the Android system partition can be subverted
with keylogging. Additionally, as it was exemplary shown by attacks against Galaxy Nexus devices
in 2012, Android-driven ARM devices are vulnerable to cold boot attacks. Data recovery tools like
FROST exploit the remanence effect of RAM to recover data from encrypted smartphones, at worst
the disk encryption key. With a Linux kernel module named Armored, we demonstrate that Android’s
software encryption can be improved to withstand cold boot attacks by performing AES entirely on
the CPU without RAM. As a consequence, cold
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
