Analysing Android's full disk encryption feature

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 5, Issue 1, 2014, Pages 84-100

  Götzfried, Johannes ^a   Müller, Tilo ^a  

^a UNIVERSITY OF ERLANGEN NUREMBERG   (Germany)

Author keywords

Android; Cold boot; Cpu bound encryption; Evil maid

Indexed keywords

EID: 84896321437     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (33)

1. Ponemon Institute LLC, "Smartphone Security: Survey of U. S. consumers, " in Ponemon Institute Research Report. sponsored by AVG Technologies, January 2011, http://aa-download. avg. com/filedir/other/Smartphone. pdf.
2. S. Skorobogatov, "Data Remanence in Flash Memory Devices, " in International Workshop on Cryptographic Hardware and Embedded Systems (CHES'05), Edinburgh, Scotland, LNCS, vol. 3659. Springer-Verlag, August-September 2005, pp. 339-353.
3. A. Rahmati, M. Salajegheh, D. Holcomb, J. Sorber, W. Burleson, and K. Fu, "TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices withou Clocks, " in Proc. of the 21th USENIX Security Symposium, (USENIX Security'12), Bellevue, WA, USA. USENIX Association, August 2012.
4. R. Anderson and M. Kuhn, "Tamper Resistance: A Cautionary Note, " in Proc. of the 2nd USENIX Workshop on Electronic Commerce (WOEC'96), Oakland, California, USA. USENIX Association, November 1996, pp. 1-11.
5. P. Gutmann, "Data Remanence in Semiconductor Devices, " in Proc. of the 10th USENIX Security Symposium (USENIX Security'01), Washington, DC, USA. USENIX Association, August 2001.
6. J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten, "Lest We Remember: Cold Boot Attacks on Encryptions Keys, " in Proc. of the 17th USENIX Security Symposium (USENIX Security'08), San Jose, California, USA. USENIX Association, August 2008, pp. 45-60.
7. Joanna Rutkowska, "Evil Maid goes after TrueCrypt, " http://theinvisiblethings. blogspot. com/2009/10/evil-maid-goes-after-truecrypt. html, October 2009, The Invisible Things Lab.
8. Johannes Götzfried and TiloMüller, "ARMORED: CPU-bound Encryption for Android-driven ARM Devices, " in Proc. of the 8th IEEE International Conference on Availability, Reliability and Security (ARES'13), Regensburg, Germany. IEEE, September 2013, pp. 161-168.
9. J. Pabel, "FrozenCache-Mitigating Cold-Boot Attacks for Full-Disk-Encryption Software, " in 27th Chaos Communication Congress (27C3), Berlin, Germany, December 2009.
10. T. Müller, F. Freiling, and A. Dewald, "TRESOR Runs Encryption Securely Outside RAM, " in Proc. of the 20th USENIX Security Symposium, (USENIX Security'11), San Francisco, California, USA. USENIX Association, August 2011, pp. 17-17.
11. P. Simmons, "Security Through Amnesia: A Software-based Solution to the Cold Boot Attack on Disk Encryption, " in Proc. of the 27th Annual Computer Security Applications Conference (ACSAC'11), Orlando, Florida, USA. ACM, December 2011, pp. 73-82.
12. T. Müller, B. Taubmann, and F. Freiling, "TreVisor: OS-Independent Software-Based Full Disk Encryption Secure Against Main Memory Attacks, " in Proc. of the 10th International Conference on Applied Cryptography and Network Security (ACNS'12), Singapore, LNCS, vol. 7341. Springer-Verlag, June 2012, pp. 66-83.
13. FIPS, "Advanced Encryption Standard (AES), " National Institute for Standards and Technology, Federal Information Processing Standards Publication 197, November 2001.
14. S. Gueron, "Intel's New AES Instructions for Enhanced Performance and Security, " in Proc. of the 16th International Workshop on Fast Software Encryption (FSE'09), Leuven, Belgium, LNCS, vol. 5665. Springer-Verlag, February 2009, pp. 51-66.
15. B. Gladman, "A Specification for Rijndael, the AES Algorithm, " www. gladman. me. uk, August 2007.
16. M. Turan, E. Barker, W. Burr, and L. Chen, "Special Publication 800-132: Recommendation for Password-Based Key Derivation, " NIST, Computer Security Division, Information Technology Laboratory, Tech. Rep., December 2010.
17. A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, "Smudge Attacks on Smartphone Touch Screens, " in Proc. of the 4th USENIX Workshop on Offensive Technologies (WOOT'10), Washington, DC, USA. USENIX Association, August 2010.
18. M. Kumar, "Android facial recognition based unlocking can be fooled with photo, " http://thehackernews. com/, November 2011, The Hacker News.
19. T. Cannon and S. Bradford, "Into the Droid: Gaining Access to Android User Data, " in DefCon Hacking Conference (DefCon'12), Las Vegas, Nevada, USA, July 2012.
20. xdadevelopers, "Google Play Nexus not wiping after Bootloader Unlock, " http://forum. xda-developers. com, April 2012, Thread 1650830.
21. M. Becher, M. Dornseif, and C. N. Klein, "FireWire-All your memory are belong to us, " in Proc. of the Annual CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada, May 2005.
22. Peter Kleissner, "Stoned Bootkit, " in Black Hat (BH'09), Las Vegas, Nevada, USA, July 2009.
23. D. Defreez, "Android Privacy Through Encryption, " Master's thesis, University of Ashland, Department of Computer Science, May 2012.
24. T. Müller, A. Dewald, and F. Freiling, "AESSE: A Cold-Boot Resistant Implementation of AES, " in Proc. of the 3rd European Workshop on System Security (EUROSEC'10), Paris, France. ACM, April 2010, pp. 42-47.
25. T. Müller and M. Spreitzenbarth, "FROST: Forensic Recovery Of Scrambled Telephones, " in Proc. of the 11th International Conference on Applied Cryptography and Network Security (ACNS'13), Banff, Alberta, Canada, LNCS, vol. 7954. Springer-Verlag, June 2013, pp. 373-388.
26. D. J. Bernstein and P. Schwabe, "NEON crypto, " http://cr. yp. to/, March 2012, Department of Computer Science, University of Illinois at Chicago, USA.
27. Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode, Addendum to special publication 800-38a ed., National Institute of Standards and Technology, 2010.
28. Joe Sylve, "LiME-Linux Memory Extractor, " in ShmooCon'12, Washingtion, DC, USA, January 2012.
29. E.-O. Blass and W. Robertson, "TRESOR-HUNT: Attacking CPU-Bound Encryption, " in Proc. of the 28th Annual Computer Security Applications Conference (ACSAC'12), Orlando, Florida, USA. ACM, December 2012, pp. 71-78.
30. Break & Enter: Improving security by breaking it, "Adventures with Daisy in Thunderbolt-DMA-Land: Hacking Macs through the Thunderbolt interface, " February 2012.
31. Joanna Rutkowska, "Anti Evil Maid, " http://theinvisiblethings. blogspot. de/2011/09/anti-evil-maid. html, September 2011, The Invisible Things Lab.
32. T. Müller, H. Spath, R. Mäckl, and F. Freiling, "STARK Tamperproof Authentication to Resist Keylogging, " in Proc. of Financial Cryptography and Data Security (FC'13), Okinawa, Japan. International Financial Cryptography Association (IFCA), April 2013.
33. B. Parno, "Bootstrapping Trust in a Trusted Platform, " in Proc. of the 3rd USENIX Workshop on Hot Topics in Security (HotSec'08), San Jose, California, USA. USENIX Association, July 2008.