PORSCHA : POLICY ORIENTED SECURE CONTENT HANDLING IN ANDROID

Machigar Ongtang, Kevin Butler, Patrick McDanielDhurakij Pundit University, University of Oregon, Pennsylvania State University ACSAC(2010)

Agenda

Introduction Content on Smart Phone About Android Architecture Evaluation Discussion Conclusion

Android provide few direct protections for the content placed on the phone

DRM(Digital Right Management) Porscha:

content should only be accessible by explicitly authorized phones

content should only be accessed by provider endorsed applications

content should be subject to contextual constraints

Two phases of Porscha: in transit on platform

Introduction

Content on Smart Phone

Personal and Business Documents Service-specific data

spy camera Mydroid

Financial Information

Content on Smart Phone

DRM Policy Requirements Binding content to the phone Binding content to endorsed applications Constraining continuing use of the content

About Android

Four types of components Two groups of applications

Documents in transit & on-platform access

About Android

On-platform access Initial Document Recipients Documents at Rest Document Sharing

Architecture

Constraints on Devices－ binding to specific devices identified by the users' International Mobile Subscriber Identity (IMSI) or WAP Identify Module (WIM).

Constraints on Applications－ be restricted to applications with a given code fingerprint (hash of the application image)

Constraints on Use－ support not only the regulation of simple accesses, but also differentiation of simple access from read, modify and delete rights

Architecture－ in transit

 Identity-Based Encryption (IBE):enables the senders to construct the public keys of the recipients from known identities, and contains a trusted Private Key Generator(PKG).

Encryption : inputting the message (data), public key string, and cryptosystem parameters

Decryption : inputting the ciphertext and private key to the decryption algorithm

Architecture－ in transit

sender(content source) : S receiver(phone) : R identity for participant s : Is

public/private key of a : Ka+/Ka

-

content : m police for m : pm ------------------------------------------

Delivery of SMS/MMS:

Architecture－ in transit

Delivery of email: one-time 128-bit AES symmetric key : ke

Architecture－ on platform

Policy Enforcement on Initial Recipients

Architecture－ on platform Email traffic is opaque to Android Use the Apache Mime4j library to parse

the e-mail message streams in plain RFC-882 and MIME formats

Architecture－ on platform

Policy Enforcement on Documents at Rest add an extra policy field to the structure of

each Content Provider record The Porscha mediator inserts the policy into

this field

Architecture－ on platform

Enforcement on Indirect Receivers

EVALUATION

Discussion

Recipients Without Porscha store all modifications such as decrypted emails and

those with information removed, locally on the phone, and only reflect back to the IMAP server the original email

Application and Platform Trust Alternative Application Enforcement Infrastructures Digital Rights Management

Porscha is lightweight and designed with mobile solutions in mind; by contrast, many advanced DRM protocols are heavyweight and not transparent to applications.

Conclusion

Porscha can protect SMS, MMS, Email document.

Porscha secures content delivery using identity-based encryption and mediates on-platform content handling to ensure conformance with content policy

Thank you for listening