BC FIPS Android may never work

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

BC FIPS Android may never work

David Templar-2
Hi,

I have shown that BC 1.64/5 can run from real devices Android 4.4 (maybe
earlier).  As all runs in a JVM ((sandbox), no adverse effects!).

For those that have followed my posts and logic, an Android version of
BC FIPS may never happen - unless device manufacturers do the require
changes to the roms etc. Such are hard/expensive and may not happen.

BC FIPS incorporated programs needs the JDK/JRE to have the BC FIPS .jar
on both programmer's computer and also the device deployed too Without,
initial HMAC.SHA256 checks will fail and you will get an exception - in
Android it actually terminates the JVM (just for that app - phone/tablet
keeps working like normal though)!

As the Desktop/Server side is OK - this message applies to a few - but a
few 90+% Android devices = (around 2 billion).

I will accept that in Android, developers of most apps do not use much
security - (they assume the private folder is enough and the database too).

If somebody can give me a HMAC.SHA256 "FILE" checksum calculator that I
can use I am sure I could narrow down issue to where the problem might
be. in the Android App .Apk. Using Microsoft of HashCalk do not do what
I need.

--
Kind regards,

David Templar


Reply | Threaded
Open this post in threaded view
|

Re: BC FIPS Android may never work

David Hook-3

The problem isn't just the checksum (although that's definitely a
problem) it's the device, with a software module to get FIPS compliance
you need to be able to establish that the source of entropy the module
will use is meaningful. With Linux we have /dev/random, on Windows the
Microsoft API makes use of a FIPS compliant DRBG already, on Android,
well, it's a little harder, you need the entropy source on the device
tested and to have documentation to prove it.

It might not be totally hopeless though. To be honest, from a device
manufacturers point of view producing a FIPS compliant device with level
1 (the software level BC has) is not really that expensive (compared to
other things). There's a bit of own time to install it, plus having
testing tools, and the lab testing. We already have the testing tools,
someone just needs to get a support contract, as for the lab testing,
likewise the reason we have the tools is we've already worked with the
labs on testing for some existing clients, we can point people at labs
that have already done this.

If you've got a favorite device lobby the manufacturer, our mail box is
always open...

Regards,

David

On 9/4/20 12:23 am, David Templar wrote:

> Hi,
>
> I have shown that BC 1.64/5 can run from real devices Android 4.4
> (maybe earlier).  As all runs in a JVM ((sandbox), no adverse effects!).
>
> For those that have followed my posts and logic, an Android version of
> BC FIPS may never happen - unless device manufacturers do the require
> changes to the roms etc. Such are hard/expensive and may not happen.
>
> BC FIPS incorporated programs needs the JDK/JRE to have the BC FIPS
> .jar on both programmer's computer and also the device deployed too
> Without, initial HMAC.SHA256 checks will fail and you will get an
> exception - in Android it actually terminates the JVM (just for that
> app - phone/tablet keeps working like normal though)!
>
> As the Desktop/Server side is OK - this message applies to a few - but
> a few 90+% Android devices = (around 2 billion).
>
> I will accept that in Android, developers of most apps do not use much
> security - (they assume the private folder is enough and the database
> too).
>
> If somebody can give me a HMAC.SHA256 "FILE" checksum calculator that
> I can use I am sure I could narrow down issue to where the problem
> might be. in the Android App .Apk. Using Microsoft of HashCalk do not
> do what I need.
>



Reply | Threaded
Open this post in threaded view
|

Re: BC FIPS Android may never work

David Templar-2
The last device I "lobbied" flew over the wall into the neighbor's garden - forgive the pun :)

Just a thought - cannot entropy be generated by a device gyro and a good shake (like Truecrypt and its mouse movements)?

Thanks for the replies - have a great day!

Kind regards,

David Templar

From: David Hook <[hidden email]>
Sent: Thursday, April 9, 2020 3:05:50 AM
To: [hidden email] <[hidden email]>; [hidden email] <[hidden email]>
Subject: Re: [dev-crypto] BC FIPS Android may never work
 

The problem isn't just the checksum (although that's definitely a
problem) it's the device, with a software module to get FIPS compliance
you need to be able to establish that the source of entropy the module
will use is meaningful. With Linux we have /dev/random, on Windows the
Microsoft API makes use of a FIPS compliant DRBG already, on Android,
well, it's a little harder, you need the entropy source on the device
tested and to have documentation to prove it.

It might not be totally hopeless though. To be honest, from a device
manufacturers point of view producing a FIPS compliant device with level
1 (the software level BC has) is not really that expensive (compared to
other things). There's a bit of own time to install it, plus having
testing tools, and the lab testing. We already have the testing tools,
someone just needs to get a support contract, as for the lab testing,
likewise the reason we have the tools is we've already worked with the
labs on testing for some existing clients, we can point people at labs
that have already done this.

If you've got a favorite device lobby the manufacturer, our mail box is
always open...

Regards,

David

On 9/4/20 12:23 am, David Templar wrote:
> Hi,
>
> I have shown that BC 1.64/5 can run from real devices Android 4.4
> (maybe earlier).  As all runs in a JVM ((sandbox), no adverse effects!).
>
> For those that have followed my posts and logic, an Android version of
> BC FIPS may never happen - unless device manufacturers do the require
> changes to the roms etc. Such are hard/expensive and may not happen.
>
> BC FIPS incorporated programs needs the JDK/JRE to have the BC FIPS
> .jar on both programmer's computer and also the device deployed too
> Without, initial HMAC.SHA256 checks will fail and you will get an
> exception - in Android it actually terminates the JVM (just for that
> app - phone/tablet keeps working like normal though)!
>
> As the Desktop/Server side is OK - this message applies to a few - but
> a few 90+% Android devices = (around 2 billion).
>
> I will accept that in Android, developers of most apps do not use much
> security - (they assume the private folder is enough and the database
> too).
>
> If somebody can give me a HMAC.SHA256 "FILE" checksum calculator that
> I can use I am sure I could narrow down issue to where the problem
> might be. in the Android App .Apk. Using Microsoft of HashCalk do not
> do what I need.
>


Reply | Threaded
Open this post in threaded view
|

Re: BC FIPS Android may never work

David Hook-3

The answer would be yes, but it's a question of how much.

There's a good starting point on this in https://tools.ietf.org/html/rfc4086 it's surprising how little real entropy some operations produce, but it's always possible to combine enough to get what you need if your patient enough. On some devices this is not an easy problem to solve.

Regards,

David

On 9/4/20 2:14 pm, David Templar wrote:
The last device I "lobbied" flew over the wall into the neighbor's garden - forgive the pun :)

Just a thought - cannot entropy be generated by a device gyro and a good shake (like Truecrypt and its mouse movements)?

Thanks for the replies - have a great day!

Kind regards,

David Templar

From: David Hook [hidden email]
Sent: Thursday, April 9, 2020 3:05:50 AM
To: [hidden email] [hidden email]; [hidden email] [hidden email]
Subject: Re: [dev-crypto] BC FIPS Android may never work
 

The problem isn't just the checksum (although that's definitely a
problem) it's the device, with a software module to get FIPS compliance
you need to be able to establish that the source of entropy the module
will use is meaningful. With Linux we have /dev/random, on Windows the
Microsoft API makes use of a FIPS compliant DRBG already, on Android,
well, it's a little harder, you need the entropy source on the device
tested and to have documentation to prove it.

It might not be totally hopeless though. To be honest, from a device
manufacturers point of view producing a FIPS compliant device with level
1 (the software level BC has) is not really that expensive (compared to
other things). There's a bit of own time to install it, plus having
testing tools, and the lab testing. We already have the testing tools,
someone just needs to get a support contract, as for the lab testing,
likewise the reason we have the tools is we've already worked with the
labs on testing for some existing clients, we can point people at labs
that have already done this.

If you've got a favorite device lobby the manufacturer, our mail box is
always open...

Regards,

David

On 9/4/20 12:23 am, David Templar wrote:
> Hi,
>
> I have shown that BC 1.64/5 can run from real devices Android 4.4
> (maybe earlier).  As all runs in a JVM ((sandbox), no adverse effects!).
>
> For those that have followed my posts and logic, an Android version of
> BC FIPS may never happen - unless device manufacturers do the require
> changes to the roms etc. Such are hard/expensive and may not happen.
>
> BC FIPS incorporated programs needs the JDK/JRE to have the BC FIPS
> .jar on both programmer's computer and also the device deployed too
> Without, initial HMAC.SHA256 checks will fail and you will get an
> exception - in Android it actually terminates the JVM (just for that
> app - phone/tablet keeps working like normal though)!
>
> As the Desktop/Server side is OK - this message applies to a few - but
> a few 90+% Android devices = (around 2 billion).
>
> I will accept that in Android, developers of most apps do not use much
> security - (they assume the private folder is enough and the database
> too).
>
> If somebody can give me a HMAC.SHA256 "FILE" checksum calculator that
> I can use I am sure I could narrow down issue to where the problem
> might be. in the Android App .Apk. Using Microsoft of HashCalk do not
> do what I need.
>



Reply | Threaded
Open this post in threaded view
|

Re: BC FIPS Android may never work

David Templar-2
Makes me think... Combined with screen touch and swipes (varied directions 2d) and a gyro or (as some devices just have an Accelerometer) 3d/2d such should create enough.

Is there a function to test if the strength of the input is sufficient?

Kind regards,

David Templar

From: David Hook <[hidden email]>
Sent: Thursday, April 16, 2020 11:59:57 AM
To: [hidden email] <[hidden email]>
Subject: Re: [dev-crypto] BC FIPS Android may never work
 

The answer would be yes, but it's a question of how much.

There's a good starting point on this in https://tools.ietf.org/html/rfc4086 it's surprising how little real entropy some operations produce, but it's always possible to combine enough to get what you need if your patient enough. On some devices this is not an easy problem to solve.

Regards,

David

On 9/4/20 2:14 pm, David Templar wrote:
The last device I "lobbied" flew over the wall into the neighbor's garden - forgive the pun :)

Just a thought - cannot entropy be generated by a device gyro and a good shake (like Truecrypt and its mouse movements)?

Thanks for the replies - have a great day!

Kind regards,

David Templar

From: David Hook [hidden email]
Sent: Thursday, April 9, 2020 3:05:50 AM
To: [hidden email] [hidden email]; [hidden email] [hidden email]
Subject: Re: [dev-crypto] BC FIPS Android may never work
 

The problem isn't just the checksum (although that's definitely a
problem) it's the device, with a software module to get FIPS compliance
you need to be able to establish that the source of entropy the module
will use is meaningful. With Linux we have /dev/random, on Windows the
Microsoft API makes use of a FIPS compliant DRBG already, on Android,
well, it's a little harder, you need the entropy source on the device
tested and to have documentation to prove it.

It might not be totally hopeless though. To be honest, from a device
manufacturers point of view producing a FIPS compliant device with level
1 (the software level BC has) is not really that expensive (compared to
other things). There's a bit of own time to install it, plus having
testing tools, and the lab testing. We already have the testing tools,
someone just needs to get a support contract, as for the lab testing,
likewise the reason we have the tools is we've already worked with the
labs on testing for some existing clients, we can point people at labs
that have already done this.

If you've got a favorite device lobby the manufacturer, our mail box is
always open...

Regards,

David

On 9/4/20 12:23 am, David Templar wrote:
> Hi,
>
> I have shown that BC 1.64/5 can run from real devices Android 4.4
> (maybe earlier).  As all runs in a JVM ((sandbox), no adverse effects!).
>
> For those that have followed my posts and logic, an Android version of
> BC FIPS may never happen - unless device manufacturers do the require
> changes to the roms etc. Such are hard/expensive and may not happen.
>
> BC FIPS incorporated programs needs the JDK/JRE to have the BC FIPS
> .jar on both programmer's computer and also the device deployed too
> Without, initial HMAC.SHA256 checks will fail and you will get an
> exception - in Android it actually terminates the JVM (just for that
> app - phone/tablet keeps working like normal though)!
>
> As the Desktop/Server side is OK - this message applies to a few - but
> a few 90+% Android devices = (around 2 billion).
>
> I will accept that in Android, developers of most apps do not use much
> security - (they assume the private folder is enough and the database
> too).
>
> If somebody can give me a HMAC.SHA256 "FILE" checksum calculator that
> I can use I am sure I could narrow down issue to where the problem
> might be. in the Android App .Apk. Using Microsoft of HashCalk do not
> do what I need.
>