|
Analysing Android's Full Disk Encryption Feature
{johannes.goetzfried, tilo.mueller}@cs.fau.de
Abstract Since Android 4.0, which was released in October 2011, users of Android smartphones are provided with a built-in encryption feature to protect their home partitions. In the work at hand, we give a structured analysis of this software-based encryption solution. For example, software-based encryption always requires at least a small part of the disk to remain unencrypted; in Android this is the entire system partition. Unencrypted parts of a disk can be read out and are open to system manipulations. We present a tool named EvilDroid to show that with physical access to an encrypted smartphone only (i.e., without user level privileges), the Android system partition can be subverted with keylogging. Additionally, as it was exemplary shown by attacks against Galaxy Nexus devices in 2012, Android-driven ARM devices are vulnerable to cold boot attacks. Data recovery tools like FROST exploit the remanence effect of RAM to recover data from encrypted smartphones, at worst the disk encryption key. With a Linux kernel module named Armored, we demonstrate that Android¡¯s software encryption can be improved to withstand cold boot attacks by performing AES entirely on the CPU without RAM. As a consequence, cold boot attacks on encryption keys can be defeated. We present both a detailed security and a performance analysis of Armored. Keywords: cold boot, evil maid, Android, cpu-bound encryption +: Corresponding author: Johannes Götzfried Martensstr. 3, 91058 Erlangen, Germany, Tel: +49-9131-85-69904 Journal of Wireless Mobile Networks,
Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 5, No. 1, pp. 84-100,
March 2014 [pdf] |