“secure password managers” and “military-grade encryption” on smartphones: oh, really?

Download “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really?

Post on 06-May-2015

2.504 views

Category:

Technology

4 download

Embed Size (px)

TRANSCRIPT

  • 1.Secure Password Managers and Military-Grade Encryption on Smartphones: Oh, Really?Andrey Belenko and Dmitry SklyarovElcomsoft Co. Ltd.{a.belenko, d.sklyarov}@elcomsoft.comFriday, 16 March 121

2. Agenda Authentication: PC vs. Smartphone Threat Model BlackBerry Password Managers iOS Password Managers Free Paid Summary & ConclusionsFriday, 16 March 12 2 3. Authentication: PC Trusted Platform Module Biometrics SmartCard + PIN Password/PassphraseFriday, 16 March 12 3 4. Authentication: Smartphone Trusted Platform Module Biometrics SmartCard + PIN Password/PassphraseFriday, 16 March 124 5. Authentication: SmartphonePassword is the only optionon the smartphones Lock patterns are essentially numeric passcodesFriday, 16 March 125 6. Password Typing PC: Full-sized keyboard, motor memory Long and complex passwords are easySmartphone: Touch keyboard Long and complexpasswords are hardFriday, 16 March 12 6 7. Password TypingIt is fair to assume that passwords on the smartphones are shorter than their PCcounterpartsFriday, 16 March 127 8. Password Cracking Smartphone: Relatively slow CPU Complex password- to-key transforms will impact usabilityPC: Fast CPU Can do complexpassword-to-keytransformsFriday, 16 March 12 8 9. Password Handling Password Cracking Offline attacks can utilize GPUs for attackers advantageFriday, 16 March 129 10. Authentication Wrap Up PCSmartphonePassword entered not Password entered everytoo often (usually justtime you need accessafter unlocking console) data (after switching applications or after short time-out)Handling passwords on smartphone is more difficult than on PCSmartphone requires stronger password protection than PC but provides less capabilities for doing so!Friday, 16 March 12 10 11. Agenda Authentication: PC vs. Smartphone Threat Model BlackBerry Password Managers iOS Password Managers Free Paid Summary & ConclusionsFriday, 16 March 12 11 12. Threat ModelAssumptions:1. Attacker has: Physical access to the device, or Backup of the device, or Access to password manager database file2. Attacker wants to: Recover master password for password manager(s) on the mobile device Extract passwords stored by those managersAre those assumptions fair at all?Friday, 16 March 1212 13. Physical AccessComputers are relativelybig. Thus, hard to stealor lose. You know where it is(well, most of the time). Lots of phones go in wrong hands every year. Many areleft in the bars.Do you really know whereexactly your phone is rightnow?Friday, 16 March 12 13 14. Someones justgot physical access to the deviceFriday, 16 March 12 14 15. Device BackupApple iOS: Need device passcode or iTunes pairing Optional encryption (enforced by device) PBKDF2-SHA1 with 10000 iterationsBlackBerry: Need device password Optional encryption (not enforced) PBKDF2-SHA1 with 20000 iterationsFriday, 16 March 12 15 16. Database FilesApple iOS: Via afc (need passcode or iTunes pairing) Via SSH (jailbroken devices) Via physical imaging (up to iPhone 4)BlackBerry: Need device passwordFriday, 16 March 1216 17. Agenda Authentication: PC vs. Smartphone Threat Model BlackBerry Password Managers iOS Password Managers Free Paid Summary & ConclusionsFriday, 16 March 12 17 18. BlackBerry Applications BlackBerry Password Keeper Included with OS 5 BlackBerry Wallet Version 1.0 (for OS 5)Friday, 16 March 12 18 19. BlackBerry Password Keeper Key is calculated by PBKDF2-SHA1 with 3 iterations Encrypted payload is PKCS7-padded Allows to quickly reject wrong keys (p 2-8) Survived keys are checked by verifying SHA-1Encrypted payload Data SHA1 (Data) Password verification is fast 3 x PBKDF2-SHA1 + 1 x AES-256 ~5M passwords/sec on a CPU, ~20M with GPUFriday, 16 March 1219 20. PKCS7 PaddingPlaintext padded to completely fill last block Done even if block size divides plaintext length Padding value == number of bytes appendedPKCS7 padding bytes7 7 7 7 7 7 7 3 3 36 6 6 6 6 6 2 2 5 5 5 5 51 4 4 4 4D a t a B y t e 8 8 8 8 8 8 8 8 Block size PKCS7 padding bytes After decryption padding verified and removed Decryption with random key produces valid padding with p 2-8 (0.4%)Friday, 16 March 12 20 21. BlackBerry WalletDesigned for BlackBerry smartphones,BlackBerry Wallet helps make mobile,online purchasing faster and easierVersion 1.0 Stores SHA-256 (SHA-256 (Password)) Password verification requires 2 x SHA-256 Very fast: ~6M on CPU, ~300M on GPU No salt: Rainbow Tables may be builtFriday, 16 March 12 21 22. BlackBerry WalletDesigned for BlackBerry smartphones,BlackBerry Wallet helps make mobile,online purchasing faster and easierVersion 1.2 Similar to BB Password Keeper, but... Password initially hashed with SHA-512 PBKDF2-SHA1 uses random number (50..100)of iterations Password verification requires 1xSHA-512 +100xPBKDF2-SHA1 + 1xAES-256 Est. 200K p/s on CPU, 3200M on GPUFriday, 16 March 12 22 23. Agenda Authentication: PC vs. Smartphone Threat Model BlackBerry Password Managers iOS Password Managers Free Paid Summary & ConclusionsFriday, 16 March 12 23 24. iOS Free Apps Search App Store for Password Keeper and pick a few from top 20 free apps Safe Password (x3) iSecure Lite Secret Folder Lite Ultimate Password Manager Free My Eyes Only - Secure Password Manager Keeper Password & Data Vault Password Safe iPassSafe free version Strip Lite - Password ManagerFriday, 16 March 12 24 25. [un]Safe TripletsFINALLY! THE SAFEST APP TO PROTECTYOUR ALL PASSWORDS, BANK ACCOUNT,CREDIT CARD, WEB LOGINS AND ETC.Safe Passwordby The Best Free, Lite and Pro EditionAwesome Password Liteby Easy To Use ProductsPassword Lock Liteby chen kaiqianFriday, 16 March 12 25 26. [un]Safe Triplets All three are identical (except for names and background images) Store data in SQLite database at Documents/Password_Keeper.sqlite Master password is always 4 digits No data encryption is involved at all Master password is stored in plaintextSELECT ZPASSWORD FROM ZDBCONFIG;Friday, 16 March 1226 27. iSecure Lite - PasswordManager You data is extremely secure, even you have lost your device or stolen by Roland Yau Stores data in SQLite database at Documents/app_creator.sqlite Master Password of any length/chars No data encryption is involved at all Master Password is stored in plaintextSELECT passcode FROM preference;Friday, 16 March 12 27 28. Secret Folder Lite The BEST AND MOST ADVANCED PHOTO & VIDEO PRIVACY APP in the by chen kaiqianApp Store today Password-protect access to media files Stores data in SQLite database at Documents/privatephototwo.sqlite No data encryption is involved at all All passwords are stored in plaintextSELECT ZDISPLAYNAME,ZPASSWORD FROM ZDBFILE;Friday, 16 March 1228 29. Ultimate Password ManagerFree The free version has the following limitations over the paid version:by Jean-Francois Martin - no data encryption Stores data in binary Property List atLibrary/Preferences/com.tinysofty.upmfree.plist Master password is stored in plaintextAre you interested in password managerintentionally designed to be insecure,even if its free?Friday, 16 March 12 29 30. My Eyes Only - Secure Password Manager...allows personal information to bestored on iPhones, iPods and iPads without the threat of unauthorizedby Software Ops LLCaccess if lost or stolen Stores data in NSKeyArchiver files at Documents/*.archive, encrypted with RSA Master password, public and private RSA keys are stored in keychain with attribute kSecAttrAccessibleWhenUnlockedWow, RSA looks impressive for a password keeper, isnt it?Friday, 16 March 12 30 31. My Eyes Only - Secure Password Manager 512-bit RSA modulus: factorization is easy Documents/MEO.archive holds RSA-encrypted master password RSA private key is stored in the same file Yes, RSA private key is stored along withencrypted data Master password and everything else can beinstantly decrypted Whitfield Diffie wouldnt probably like that )Friday, 16 March 1231 32. Keeper Password & DataVault With Keepers military-grade encryption, you can trust that no one else will haveby Callpod Inc access to your most important information Stores data in SQLite database atDocuments/keeper.sql MD5 of master password is stored in database SHA1 of master password is used as AES key Very fast password verification: 1 x MD5 ~60M p/s on CPU, 6000M p/s on GPU No salt: MD5 Rainbow Tables can be usedFriday, 16 March 12 32 33. Password Safe - iPassSafe free versioniPassSafe - To Be True Protected. AES-256 Double Encryption Layers by Netanel Software Stores data in SQLite database atDocuments/iPassSafeDB.sqlite Prevents usage of weak passwords:0000 1234 2580 1111 55550852 2222 1212 1998 5683Friday, 16 March 1233 34. Password Safe - iPassSafe free versioniPassSafe - To Be True Protected. AES-256 Double Encryption Layers by Netanel Software Random master key (Mk)is used for encryption Mk is encrypted with master password as a key Password not hashed, only null-padded PKCS7 padding allows to reject wrong keys Very fast password verification: 1 x AES-256 ~20M on CPU, havent done AES on GPU yet :) Rainbow Tables may be builtFriday, 16 March 1234 35. Strip Lite -Password Manager highly rated Password Manager and Data Vault. Strip has been protecting sensitive information on mobileby Zetetic LLC devices for over 12 yrs. Stores data in SQLite database atDocuments/strip.db Whole database file is encrypted usingopen-source component sqlcipherdeveloped by ZeteticFriday, 16 March 1235 36. Strip Lite - Password Manager Database encryption key is derived frommaster password using PBKDF2-SHA1 with4000 iterations By far the most resilient app to password cracking Password validation requires4000 x PBKDF2-SHA1 + 1 x AES-256 Est. 5K p/s on CPU, 160K on GPUFriday, 16 March 1236 37. Agenda Authentication: PC vs. Smartphone Threat Model BlackBerry Password Managers iOS Password Managers Free Paid Summary & ConclusionsFriday, 16 March 12 37 38. iOS Paid Apps Google Top Password Keepers for iOS and pick a few

Recommended

View more >