The lastly 2 posts introduced app encryption, the novel system primal store together with a few other security related features introduced inward Jelly Bean. Browsing the ASOP code reveals approximately other novel characteristic which sits higher inward the security stack than the previously discussed ones -- certificate blacklisting. In this article nosotros volition nowadays approximately details close its implementation together with innovate a sample app that allows us to examination how blacklisting industrial plant inward practice.
Android certificate blacklisting
Why blacklist certificates?
In a perfect world, a working Public Key Infrastructure (PKI) takes attention of issuing, distributing together with revoking certificates every bit necessary. All that a organization needs to verify the identities of previously unknown machines together with users are a few trust anchor certificates. In practice, though, at that spot are number of issues. Those receive got been known for approximately time, but the recent breaches inward top-level CAs receive got shown that the problems together with their consequences are far from theoretical. Probably the biggest PKI number is that revocation of origin certificates is non truly supported. Most OSes together with browsers come upwards alongside a pre-configured laid of trusted CA certificates (dozens of them!) together with when a CA certificate is compromised at that spot are 2 primary ways to handgrip it: 1. say users to take it from the trust store; or, 2. number an emergency update that removes the affected certificate. Expecting users to handgrip this is manifestly unrealistic, together with thus that leaves the minute option. Windows modifies OS trust anchors past times distributing patches via Windows Update, together with browser vendors only unloose a novel acre version. However, fifty-fifty if an update removes a CA certificate from the organization trust store, a user tin nonetheless install it again, peculiarly when presented alongside a 'do this, or you lot can't access this site' ultimatum. To brand certain removed trust anchors are non brought back, the hashes of their world keys are added to a blacklist together with the OS/browser rejects them fifty-fifty if they are inward the user trust store. This approach effectively revokes CA certificates (within the reach of the OS/browser, of course) together with takes attention of PKI's inability to handgrip compromised trust anchors. However, it's non precisely ideal: fifty-fifty an emergency update takes approximately fourth dimension to prepare, together with fifty-fifty later on it is out approximately users won't update correct away, no affair how oft they are beingness nagged close it. CA compromises are relatively rare together with widely publicized though, together with thus it seems to operate OK inward do (for now, at least).
While CA breaches are fairly uncommon, terminate entity (EE) primal compromise occurs much to a greater extent than often. Whether due to a server breach, stolen laptop or a lost smart card, it happens daily. Fortunately, modern PKI systems receive got been designed alongside this inward hear -- CAs tin revoke certificates together with pose out revocation information inward the shape of doesn't truly work inward the existent world. Revocation checking to a greater extent than oft than non requires network access to a machine different from the 1 nosotros are trying to connect to, together with every bit such has a fairly high failure rate. To mitigate this most browsers do their best to fetch fresh revocation information, but if this fails for approximately reason, they only ignore the mistake (soft-fail), or at best exhibit approximately visual indication that revocation information is non available. To solve this Google Chrome has opted to disable online revocation checks altogether, together with at nowadays uses its online update machinery to proactively force revocation information to browsers, without requiring an application update or restart. Thus Chrome tin receive got an up-to-date local cache of revocation information which makes certificate validation both faster together with to a greater extent than reliable. This is yet approximately other blacklist (Chrome calls it a 'CRL set'), this fourth dimension based on information published past times each CA. The browser vendor effectively managing revocation information on the user's behalf is quite novel, together with non everyone thinks it's a proficient idea, but it has worked good together with thus far.
Android certificate blacklisting
In Android versions prior to 4.0 (Ice Cream Sandwich, ICS), the organization trust shop was a unmarried Bouncy Castle primal shop file. Modifying it without origin permissions was impossible together with the OS didn't receive got a supported way to improve it. That meant that adding novel trust anchors or removing compromised ones required an OS update. Since, dissimilar regular desktop OSes, updates are to a greater extent than oft than non handled past times carriers together with non the OS vendor, they are commonly few together with far between. What's more, if a device doesn't sell well, it may never instruct an official update. In do this way that at that spot are thousands of devices that nonetheless trust compromised CAs, or don't trust newer CAs that receive got issued hundreds of spider web site certificates. ICS changed this past times making the organization trust shop mutable together with adding an UI, every bit good every bit an SDK API, that allows for adding together with removing trust anchors. This didn't quite solve PKI's number 1 occupation though -- aside from the user manually disabling a comprised trust anchor, an OS update was nonetheless required to blacklist a CA certificate. Additionally, Android does not perform online revocation checks when validating certificate chains, together with thus at that spot was no way to notice compromised terminate entity certificates, fifty-fifty if they receive got been revoked.
This finally leads us to the topic of the article -- Android 4.1 (Jelly Bean, JB) has taken steps to allow for online update of organization trust anchors together with revocation information past times introducing certificate blacklists. There are at nowadays 2 organization blacklists:
- a world primal hash blacklist (to handgrip compromised CAs)
- a series number blacklist (to handgrip compromised EE certificates)
The certificate chain validator element takes those 2 lists inward consideration when verifying spider web site or user certificates. Let's expression at how this implemented inward a chip to a greater extent than detail.
Android uses a content provider to shop OS settings inward a organization databases. Some of those settings tin live modified past times 3rd political party apps belongings the necessary permissions, spell approximately are reserved for the organization together with tin entirely live changed past times going through the organization settings UI, or past times approximately other organization application. The latter are known every bit 'secure settings'. Jelly Bean adds 2 novel secure settings nether the next URIs:
content://settings/secure/pubkey_blacklistcontent://settings/secure/serial_blacklist
As the names imply, the starting fourth dimension 1 stores world primal hashes of compromised CAs together with the minute 1 a listing of EE certificate series numbers. Additionally, the organization server at nowadays starts a
CertiBlacklister element which registers itself every bit a ContentObserver for the 2 blacklist URIs. Whenever a novel value is written to those, the CertBlacklister gets notified together with writes the value to a file on disk. The format of the files is simple: a comma delimited listing of hex-encoded world primal hashes or certificate series numbers. The actual files are:- certificate blacklist:
/data/misc/keychain/pubkey_blacklist.txt - serial number blacklist:
/data/misc/keychain/serial_blacklist.txt
Why write them to disk when they are already available inward the settings database? Because the element that truly uses the blacklists is a criterion Java CertPath API flat that doesn't know anything close Android together with it's organization databases. The actual class,
PKIXCertPathValidatorSpi, is business office of the Bouncy Castle JCE provider, modified to handgrip certificate blacklists, which is an Android-specific characteristic together with non defined inward the criterion CertPath API. The PKIX certificate validation algorithm the flat implements is rather complex, but what Jelly Bean adds is fairly straightforward:- when verifying an EE (leaf) certificate, depository fiscal establishment check if it's series number is inward the series number blacklist. If it is, render the same mistake (exception) every bit if the certificate has been revoked.
- when verifying a CA certificate, depository fiscal establishment check if the hash of it's world primal is inward Blue Planet primal blacklist. If it is, render the same mistake every bit if the certificate has been revoked.
The certificate path validator element is used throughout the whole system, together with thus blacklists touching both applications that role HTTP customer classes together with the native Android browser together with WebView. As mentioned above, modifying the blacklists requires organization permissions, together with thus entirely kernel organization apps tin role it. There are no apps inward the AOSP source that truly telephone phone those APIs, but a proficient candidate to care blacklists are the Google services components, available on 'Google experience' devices (i.e., devices alongside the Play Store customer pre-installed). Those care Google accounts, access to Google services together with supply push-style notifications (aka, Google Client Messaging, GCM). Since GCM allows for real-time server-initiated force notifications, it's a security bet that those volition live used to trigger certificate blacklist updates (in fact, approximately source code comments hint at that). This all sounds proficient on newspaper (well, covert actually), but let's meet how good it industrial plant on a existent device. Enough theory, on to
Using Android certificate blacklisting
As explained above, the API to update blacklists is rather simple: essentially 2 secure settings keys, the values beingness the actual blacklists inward hex-encoded form. Using them requires organization permissions though, together with thus our examination application needs to either alive inward
/system/app or live signed alongside the platform certificate. As usual, nosotros take the quondam for our tests. Influenza A virus subtype H5N1 screenshot of the app is shown below.
The app allows us to install a CA certificate to the organization trust shop (using the
KeyChain API), verify a certificate chain (consisting of a the CA certificate together with a unmarried EE certificate), add together either of the certificates to the organization blacklist, together with finally clear it together with thus nosotros tin start over. The code is quite straightforward, meet github repository for details. One thing to Federal Reserve annotation is that it instantiates the depression flat org.bouncycastle.jce.provider.CertBlacklist flat inward gild to depository fiscal establishment check straight whether modifying the blacklist succeeded. Since this flat is non business office of Blue Planet API, it is accessed using reflection. Some experimentation reveals that spell the
CertiBlacklister observer industrial plant every bit expected together with changes to the blacklists are straightaway written to the corresponding files inward /data/misc/keychain, verifying the chain succeeds fifty-fifty later on the certificates receive got been blacklisted. The argue for this is that, every bit all organization classes, the certificate path validator flat is pre-loaded together with shared across all apps. Therefore it reads the blacklist files entirely at startup, together with a organization restart is needed to receive got it re-read the files. After a restart, validation fails alongside the expected error: 'Certificate revocation of series XXXX'. Another number is that spell blacklisting past times series number industrial plant every bit expected, world primal blacklisting doesn't seem to operate inward the electrical flow world create (JRO03C on Milky Way Nexus every bit of July 2012). This is a outcome of improper treatment of the primal hash format together with volition hopefully live fixed inward a side past times side JB maintenance release. Update: it is at nowadays fixed inward AOSP master.Summary
In Jelly Bean, Android takes steps to instruct on par alongside the Chrome browser alongside honour to managing certificate trust. It introduces features that allow for modifying blacklists dynamically: based on force notifications, together with without requiring a organization update. While the electrical flow implementation has approximately stone oil edges together with does require a reboot to apply updates, 1 time those are smoothed out, certificate blacklisting volition definitely contribute to making Android to a greater extent than resilient to PKI-related attacks together with vulnerabilities.
Tag :
android security
0 Komentar untuk "Droidcedas : Certificate Blacklisting Inwards Jelly Bean"