Best Design Approaches for encryption

Android features some encryption libraries, which protect data on mobile devices with high level of security. The best security practice is to store all corporate data on servers behind firewalls, which works only when connected to internet. For encryption, we are following symmetric key algorithm between sender and receiver, which is as follows:


  • Sender sends receiver a copy of the secret key.
  • Sender encrypts the plain text and sends to receiver.
  • Receiver decrypts the data using secret key.

Following are some of the best practices to follow while storing encrypted data on mobile. It comes under ‘Good security discipline’ and ‘Software design and development’.

Good security discipline:
  • Never  store plaintext secret key on the device – The secret key should only be generated when the user provides the password, which identifies him.
  • Use  standard security algorithms with standard implementation - For eg; use the same method to check whether a user exists or whether he presents a wrong password.
  • Review the design with a security professional.
Software design and development :
  • Avoid  the use of java String class- String class is immutable, so it is impossible to store information like password, which changes or zero out.
  • Use high  quality key generation algorithm for password based encryption- The UTF 8 key encoding has an effective key space of 1.1 million characters, when compared to theoretical key space equal to 4.2 billion characters. PKCS#5 which has a much higher effective key space is the preferred standard for password encryption.
  • Use unpredictable  initialization vectors- Initialization vector (IV) is a random vector, which makes the encrypted text more random. IV should be changed after a set of messages, because it might become easier for attacker to guess the IV after a series of messages.
  • Do not use  message key indefinitely- Replace the message key after its limit. For eg- after sending 2^48 AES blocks with Chain Block Cipher, the probability of decryption will be higher.
  • The  setSeed() of secure random should only be used to generate predictable runs of testing- Class security.SecureRandom is used to generate cryptographically secure pseudo random numbers. The method setSeed() in the above class causes the instance to return a predictable sequence of numbers. By mistake it is used to generate random sequence of numbers, which should be avoided.    
Using the Advanced Encryption standards in Android

The cryptographic algorithms are organized into five groups: -
  • Ciphers - these  are classic encryption and decryption algorithms
  • Key agreement -  these implement a protocol for two parties to securely exchange a secret key between them, over an insecure channel. 
  • Message Authentication codes -  these are algorithms used to check that a message (file, etc) has not been corrupted or changed. 
  • Message digests - these are hash functions that offer a "fingerprint" of a document. These are frequently used as the basis of a message authentication code.  
  • Signatures -  these are algorithms that authenticate the origin of a file or message. Google requires that all apk files in the Google Play store are signed by a code that is unique to each developer. Thus each app in Google Play can be traced to the developer who put it there.
  • Description of AES


          AES is a symmetric key algorithm, which takes the same key for encryption and decryption. AES comes with key sizes of 128, 192 and 256 bits.  The larger the key, more secure is the cipher. The whole algorithm includes 3 steps- Key generation, encryption and decryption.

    Key generation

       - Creating a key specification object - used to hold all configuration parameters which includes human- friendly passwords, a salt (random number to make it more difficult for attacker), number of iterations of hashing object and length of secret key.
        -  Get a SecretKeyFactory object -  It tells the factory object which algorithm to use when     we generate the secret keys.
        -   Generate the secret key- It is done using the generateSecret method in the factory, and   passing the PBE key specification.
        - Create a second secret key spec- Using the raw bytes from the secret key and associate that spec with the AES algorithm.

    Encryption

    - Get an instance of the cipher, specifying the mode and padding.
    - Initialize the cipher, and a randomly chosen initialization vector. Use a different initialization vector for each message, if the initialization vector is send in plaintext along with an encrypted message.
    - Call update, passing in a byte array that holds one or more blocks of input plaintext.
    - Call dofinal, passing in one or more blocks of input ending with the final block.

    Decryption

    - Get an instance of the cipher.
    Initialize it for decrypting with the same secret key and the same IV.
     doFinal(), since we have all the blocks.













Comments

Popular posts from this blog

Difference between "diff" and "sdiff" commands in Unix

Important annotations used in Hibernate