Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ...
Transcript of Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ...
![Page 1: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/1.jpg)
Kerberos + Android A Tale of Opportunity
© Copyright 2012 yaSSL Slide 1 / 39
![Page 2: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/2.jpg)
Platform Decisions
The Statistics
© Copyright 2012 yaSSL Slide 2 / 39
![Page 3: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/3.jpg)
Why Go Mobile?
80% of the world's population now has a mobile phone.
© Copyright 2012 yaSSL Slide 3 / 39
( 5 Billion Phones )
![Page 4: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/4.jpg)
Why Go Mobile?
Of those 80%,
are smartphones.
© Copyright 2012 yaSSL
1.08 Billion
21.6%
Slide 4 / 39
![Page 5: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/5.jpg)
Why Go Mobile?
In the US: the ratio is even higher, with smartphones making up 40% of all mobile phones.
60% 40%
© Copyright 2012 yaSSL Slide 5 / 39
![Page 6: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/6.jpg)
OK, well why Android?
© Copyright 2012 yaSSL Slide 6 / 39
![Page 7: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/7.jpg)
Android?
U.S. Smartphones (40%)
© Copyright 2012 yaSSL
Android 40%
iPhone 28%
Blackberry 19%
Windows Mobile, 7%
Other, 5% Windows Phone 7, 1%
==
Slide 7 / 39
Reason 1: US Market Dominance
![Page 8: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/8.jpg)
Android? Reason 2: Consumer Popularity
© Copyright 2012 yaSSL
• 100 million activated Android devices (now 400,000 / day) • 200,000 apps in Android Market (4.5 billion activations to date)
• 310 devices available to consumers (112 countries)
Slide 8 / 39
![Page 9: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/9.jpg)
Android? Reason 3: Developer Popularity
© Copyright 2012 yaSSL
• 450,000 developers building for the platform!
Slide 9 / 39
![Page 10: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/10.jpg)
Android. Meaning?
© Copyright 2012 yaSSL
• Opportunity for increased Kerberos visibility • Useful for Android and Kerberos developers
• Fun to see where the community takes it
Slide 10 / 39
![Page 11: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/11.jpg)
Our Plan
What we wanted to do.
© Copyright 2012 yaSSL Slide 11 / 39
![Page 12: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/12.jpg)
Goals We wanted to fill a missing gap.
© Copyright 2012 yaSSL
1. Port Kerberos libraries to Android 2. Port some C-based Kerberos client apps to Android
kinit
klist
kvno
kdestroy
Slide 12 / 39
![Page 13: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/13.jpg)
Goals We wanted to spark community involvement.
© Copyright 2012 yaSSL
3. Build a sample Android NDK App (with a simple GUI) 4. Give changes back to community
Slide 13 / 39
![Page 14: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/14.jpg)
Action!
What we did.
© Copyright 2012 yaSSL Slide 14 / 39
![Page 15: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/15.jpg)
1. Crypto Implementation
© Copyright 2012 yaSSL Slide 15 / 39
![Page 16: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/16.jpg)
Crypto Added new CyaSSL crypto implementation
© Copyright 2012 yaSSL Slide 16 / 39
• Kerberos crypto options: CyaSSL, OpenSSL, NSS, built-in
![Page 17: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/17.jpg)
Crypto Added new CyaSSL crypto implementation
© Copyright 2012 yaSSL Slide 17 / 39
• CyaSSL is very portable
![Page 18: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/18.jpg)
2. Porting
© Copyright 2012 yaSSL Slide 18 / 39
![Page 19: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/19.jpg)
Android Port Kerberos Libraries + CyaSSL Android.
© Copyright 2012 yaSSL Slide 19 / 39
• Cross-compiled libraries for Android • Created shell script for easy reproduction by developers
![Page 20: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/20.jpg)
3. Android Application
© Copyright 2012 yaSSL Slide 20 / 39
![Page 21: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/21.jpg)
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 21 / 39
Home Screen • Single screen • Uses JNI • Wrapper around native
client apps
![Page 22: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/22.jpg)
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 22 / 39
kinit • Gets a ticket using
specified principal
![Page 23: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/23.jpg)
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 23 / 39
klist • Lists our tickets
![Page 24: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/24.jpg)
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 24 / 39
kvno • Gets a service ticket for
the entered principal
![Page 25: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/25.jpg)
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 25 / 39
klist after kvno • Verify that we got a
ticket
![Page 26: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/26.jpg)
Android App Simple sample NDK project
© Copyright 2012 yaSSL Slide 26 / 39
kdestroy • Clear our ticket cache
![Page 27: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/27.jpg)
Notes • Uses a keytab instead of passwords
• Storage locations have been chosen for convenience
Android App
© Copyright 2012 yaSSL Slide 27 / 39
Can be easily modified to what the developer needs Currently at /data/local/kerberos
![Page 28: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/28.jpg)
License Type • Application code will remain under the MIT license
Android App
© Copyright 2012 yaSSL Slide 28 / 39
![Page 29: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/29.jpg)
4. GSS-API Wrapper
© Copyright 2012 yaSSL Slide 29 / 39
![Page 30: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/30.jpg)
GSS-API Java Wrapper
© Copyright 2012 yaSSL Slide 30 / 39
• Provide Java bindings for developers to use • Uses framework
• Wrapper around native Kerberos GSS-API library
(Contains functionality found in gssapi.h)
![Page 31: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/31.jpg)
GSS-API Java Wrapper
© Copyright 2012 yaSSL Slide 31 / 39
2 example clients: • Android client functionality
• Stand-alone Java app for desktop use
![Page 32: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/32.jpg)
GSS-API Integrated into sample app.
© Copyright 2012 yaSSL Slide 32 / 39
Example Client • Est. context with example server
• Send wrapped message, verify
returned sig. block (gss_wrap, gss_verify_mic)
• Repeat #2, but with gss_seal,
gss_verify • Misc. API tests and exit.
![Page 33: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/33.jpg)
GSS-API Integrated into sample app.
© Copyright 2012 yaSSL Slide 33 / 39
Example Server • Est. context with client
• Receive and unwrap a message from the client
• Generate & send signature block for received message
![Page 34: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/34.jpg)
The Future
What's happening next?
© Copyright 2012 yaSSL Slide 34 / 39
![Page 35: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/35.jpg)
The Future Look to the Community.
© Copyright 2012 yaSSL Slide 35 / 39
Availability • Code will be linked from both MIT and yaSSL websites
![Page 36: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/36.jpg)
The Future Look to the Community.
© Copyright 2012 yaSSL Slide 36 / 39
PR Activity / Visibility • Blog posts • Forum posts • Press releases • GitHub • Mailing lists • etc...
![Page 37: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/37.jpg)
The Future
© Copyright 2012 yaSSL Slide 37 / 39
Other ideas or thoughts?
![Page 38: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/38.jpg)
References
© Copyright 2012 yaSSL Slide 38 / 39
Statistics • http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/ • http://www.go-gulf.com/blog/smartphone • http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40-
percent-are-android/ • Google I/O 2011: http://www.google.com/events/io/2011
Project Locations Kerberos: http://web.mit.edu/kerberos/ CyaSSL: http://www.yassl.com/
• Android NDK App: https://github.com/cconlon/kerberos-android-ndk • GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapi
![Page 39: Kerberos Android - wolfSSL Embedded SSL/TLS Library | … · Kerberos + Android A Tale of ... • ... • Android NDK App: ...](https://reader031.fdocuments.in/reader031/viewer/2022021717/5b3262ac7f8b9a81728c7f27/html5/thumbnails/39.jpg)
Thanks!
© Copyright 2012 yaSSL Slide 39 / 39
www.yassl.com