USER GUIDE. Trivalent Protect 2.6 for Android

Transcription

1 USER GUIDE NOVEMBER 2017

2 Table of Contents Table of Contents 1. General Information Introduction Description Benefits & Value Platform Requirements Application Configuration Trivalent Management Service Acronyms Scope of evaluation Installation Uninstallation Overview & Elements Home Screen (no configuration) Configuration Screen Home Screen Start Service Unlock Service Change Password Operations Configure Trivalent Protect Start Service Lock Service Unlock Service (Authenticate) Change Password Check Version Frequently Asked Questions Reference of Android Security APIs Used Android Security APIs Introduction Additional Definitions, Acronyms, and Abbreviations Trivalent Protect for Android Overview Components Android Security API Functions Used Trivalent Management Service Trivalent System Service FUSE Daemon Trivalent Proprietary Information i

3 Table of Figures 6.4. Permissions Used Table of Figures Figure 1: App icon... 2 Figure 2: Activate Device Administrator screen... 3 Figure 3: Confirmation of Device Administrator popup... 4 Figure 4: Deactivate Device Administrator screen... 5 Figure 5: Home Screen (no configuration)... 6 Figure 6: Configuration Screen... 7 Figure 7: Home Screen... 9 Figure 8: Start Service Figure 9: Unlock Service Figure 10: Change Password Figure 11: Folders popup Figure 12: Check Version popup Trivalent Proprietary Information ii

4 1. General Information 1.1. Introduction General Information Trivalent Protect is a file-level encryption technology leveraging the built-in FUSE components in Android. FUSE (Filesystem in Userspace) is leveraged by Android to provide access to the physical storage media for user-generated content. Trivalent Protect leverages custom calls to the FUSE software within Android to enhance the built-in emulated storage with file encryption capabilities Description Trivalent Protect is installed as an additional layer of security to protect sensitive data stored on mobile devices. Trivalent Protect leverages a different approach to encryption by protecting files individually, first by encrypting the file, then by obfuscating the contents via a shredding and dispersal mechanism, storing files across the target storage media. This solution is compatible with Android s built in file encryption capabilities Benefits & Value The benefits and value provided by Trivalent Protect include: Transparent encryption Since Trivalent Protect uses FUSE technology, any file I/O to the public emulated storage is transparently enhanced with encryption. Cryptographically strong Trivalent Protect uses an underlying cryptographic engine that is CSfC (Commercial Solutions for Classified Programs) top-secret certified, and FIPS certified. Trivalent Protect itself will be a candidate for certification Platform Requirements Trivalent Protect is inherently built into the Getac MX50. Trivalent also provides a ROM integration kit for other ROM manufacturers Application Configuration Any data stored by an application to a configured Android directory will be automatically encrypted. Trivalent Proprietary Information 1

5 1.6. Trivalent Management Service General Information Trivalent Protect is managed by the Trivalent Management Service app. All graphics in this document relate to the Trivalent Management Service. Below is the icon for the application: Figure 1: App icon 1.7. Acronyms ACRONYM APK FIPS FUSE I/O ROM TMS DEFINITION Android application package Federal Information Processing Standard Filesystem in Userspace Input/output Read-only memory Trivalent Management Service 1.8. Scope of evaluation Version 2.6 of the Trivalent Management Service is being evaluated. Version 2.6 of the FUSE core ROM is also being evaluated. Please see the Security Target document for further details of scope of evaluation. The Trivalent Configuration Manager (TCM) is a management server that can be used to remotely configure the Trivalent Management Service, but it is outside the scope of the evaluation of the Trivalent Management Service. Trivalent Proprietary Information 2

6 2. Installation Installation To install the Trivalent Management Service APK, follow the steps below: Download the Trivalent Management Service.apk file to the device. Open the.apk file. Note: Enabling full disk encryption on the device must be done prior to installing/enabling Trivalent Protect. Enabling full disk encryption while Trivalent Protect is installed or enabled can cause issues on certain devices (MX50). Tap Install. Once installation is complete, open the Trivalent Management Service. An Activate Device Administrator screen will appear: Figure 2: Activate Device Administrator screen Tap ACTIVATE. A confirmation popup will appear: Trivalent Proprietary Information 3

7 Installation Figure 3: Confirmation of Device Administrator popup Tap ALLOW Uninstallation All encrypted files will become inaccessible once uninstallation is complete. To uninstall the Trivalent Management Service, use the following steps: Navigate to Android s settings screen. Navigate to security settings. Locate the Device administrators setting. Note: This setting may be under other or advanced security settings, depending on the Android device. On the Device administrators screen, locate the Trivalent Management Service and slide the toggle to Off. The following Deactivate device administrator screen will appear: Trivalent Proprietary Information 4

8 Installation Figure 4: Deactivate Device Administrator screen Tap DEACTIVATE. The Trivalent Management Service toggle will now be set to off on the Device administrators screen. Return to Android s settings screen. Navigate to applications settings. Navigate to Application manager. Select the Trivalent Management Service. Tap UNINSTALL. A confirmation popup will appear. Tap OK. Trivalent Proprietary Information 5

9 3. Overview & Elements 3.1. Home Screen (no configuration) Overview & Elements The Home Screen of the Trivalent Management Service will present the user with multiple options. If an existing configuration does not exist on the device, the Home Screen will have a limited number of options available Figure 5: Home Screen (no configuration) Field Description Input Type 1. Configure Launches the Configuration Screen. Button 2. Update License Ingest an updated license file placed in Button /storage/emulated/0/trivalent/newlicense.json 3. Check Version Performs a version check of the Trivalent Management Service to determine if the installed version is up-to-date. Internet connection required. Button Trivalent Proprietary Information 6

10 3.2. Configuration Screen Overview & Elements The Configuration Screen allows the user to set their encryption and password settings. Settings include folders to encrypt, password complexity, and re-authentication rules. The configuration screen is accessed from the Home Screen prior to device configuration. Figure 6: Configuration Screen Field Description Input Type 1. Encryption Mode Sets how Trivalent Protect will be configured. Select FUSE. Toggle 2. Folders to Encrypt Launches a popup for the user to select which folders on the Button device will have their contents encrypted. 3. Select M:N Set how many shreds each encrypted file will be split into (N), and how many of those shreds are required to recombine the file (M). Options include: 1:1, 2:2, 2:3, 3:3, 2:4, 3:4, 4:4, 3:5, 4:5, 5:5 Dropdown Server Address 5. Password Requirements Defines the IP address to the TCM Server. Sets requirements for the complexity of the user passphrase. Options include: Simple: at least 6 characters (any characters). Medium: at least 8 characters, must have at least one lowercase, uppercase, number, and a special character. Complex: at least 16 characters, must have at least two lowercase, uppercase, number, and a special character. Textbox Dropdown Trivalent Proprietary Information 7

11 Overview & Elements Field Description Input Type 6. Authentication Sets how the user will use their password to authenticate. Mechanism Device requires authentication every time the device is Toggle unlocked. Timer requires authentication after a certain duration of time. 7. Authentication Timeout 8. Maximum Attempts 9. Lockout Time 10. New Password 11. Confirm New Password 12. Build Sets how long the device remains authenticated before requiring re-authentication. Setting is hidden unless Authentication Mechanism is set to Timer. Sets the maximum number of consecutive incorrect password attempts that are allowed prior to user lock out. Sets the length of time that the device remains locked after the maximum amount of password attempts have been made. Password used for authentication. Must meet the Password Requirements. Re-entry of password used for authentication. String must match the New Password textbox. Applies all configuration settings. Slider Slider Slider Textbox Textbox Button 3.3. Home Screen The Home Screen of the Trivalent Management Service presents the user with multiple options. Once a configuration has been set, the Home Screen provides access to features such as locking and unlocking the service, changing the password, and checking the software version. Trivalent Proprietary Information 8

12 Overview & Elements Figure 7: Home Screen Field Description Input Type 1. Start / Lock / Unlock Depending on the state of the TMS: Button Service Start Service launches the Start Service popup. 2. Change Password 3. Administration 4. Check Version Lock Service immediately revokes the user s access. Unlock Service launches the Unlock Service popup. Launches a popup to change the user s password. Launches the Access Administrator popup Determines if the installed version of TMS is up-to-date. Internet connection required. Button Button Button 3.4. Start Service The Start Service popup functions similarly to the Unlock Service popup that requires the user to enter their password for authentication. Starting the service is required prior to the user accessing their data. This popup will only appear one time per configuration. Trivalent Proprietary Information 9

13 Overview & Elements Figure 8: Start Service Field Description Input Type 1. Enter Password Current authentication password. Textbox border will turn Textbox red if the submitted password is incorrect. 2. Error field Incorrect password will appear in the event of an Label incorrect password submission. 3. Authenticate Submits the password entered for authentication. Button 3.5. Unlock Service The Unlock Service popup will appear when the Android device is not authenticated. The user password is required for reauthentication. This popup can also be launched from the Home Screen Figure 9: Unlock Service Field Description Input Type 1. Enter Password Current authentication password. Textbox border will turn Textbox red if the submitted password is incorrect. 2. Error field Incorrect password will appear in the event of an Label incorrect password submission. 3. Authenticate Submits the password entered for authentication. Button 3.6. Change Password The Change Password popup is used if the user needs to update their authentication password. This feature is available on-demand to the user from the Home Screen. Trivalent Proprietary Information 10

14 Overview & Elements Figure 10: Change Password Field Description Input Type 1. Current Password Current authentication password. The textbox border will Textbox turn red if the submitted password is incorrect. 2. New Password New password to be used for authentication. The textbox Textbox border will turn green when the password meets complexity requirements. 3. Confirm New Password Re-entry of new authentication password. The textbox Textbox border will turn green when both textbox entries match. 4. Error field Invalid password will appear if the password does not meet complexity requirements. Label 5. Cancel 6. Submit Password mismatch will appear in the event of unequal passwords. Incorrect password will appear in this field in the event of an incorrect password submission. Returns the user to the Home Screen. Submits the entered password for authentication and executes the password change request. Button Button Trivalent Proprietary Information 11

15 4. Operations 4.1. Configure Trivalent Protect Operations Setting up a new configuration can only be performed if there is no existing configuration residing on the device. If there is no option to configure, the device will require a factory data reset and the Trivalent Management Service will need to be reinstalled. 1. Open the Trivalent Management Service. 2. Tap CONFIGURE to launch the Configuration Screen. 3. Ensure the Encryption Mode is set to FUSE. 4. Tap SELECT next to the Folders to Encrypt label. a. The following Folders popup will appear: Figure 11: Folders popup 5. Tap the desired folders to enable encryption. Note: Folder selection can only be done one time. Once set, folders cannot be added unless done remotely from the TCM. 6. Tap ACCEPT to close the popup. Trivalent Proprietary Information 12

16 Operations 7. Use the Select M:N dropdown to set the M:N ratio to be used during encryption. 8. Enter the TCM Server IP Address in the Server Address textbox. 9. Use the Password Requirements dropdown to set the user password complexity. 10. Use the Auth Mechanism toggle to set the authentication style used for this configuration. a. If Timer is selected, use the Auth Timeout slider to set the length of the time that the device remains authenticated before requiring re-authentication. Note: Device requires authentication every time the device is unlocked. Timer requires authentication after a specified duration of time. 11. Use the Max Attempts slider to set the maximum number of consecutive incorrect password attempts prior to user lock out. 12. Use the Lockout Time slider to set the length of time that the device remains locked after too many incorrect password attempts have been made. 13. In the New Password textbox, enter the desired user password. Note: The password must match the complexity settings defined in the Password Requirements dropdown. It should be a strong passphrase; a passphrase with at least one uppercase letter, lowercase letter, special character, and number is recommended. Longer length passphrases provide increased security strength over shorter ones. Acceptable password strength should reflect the sensitivity of the data being encrypted. Higher data sensitivity should have increased password strength. 14. In the Confirm textbox, re-enter the password. 15. Tap BUILD to complete the configuration Start Service Starting the service may only be performed once per configuration. The service must be started in the following order to access encrypted content: Open the Trivalent Management Service. Tap START SERVICE to launch the Start Service popup. Note: If Start Service is not an option, the device already has a configuration or requires a new configuration. If the option to Configure is present, contact an administrator. In the Enter Password textbox, type the user password. Tap AUTHENTICATE to submit the password for authentication. Trivalent Proprietary Information 13

17 Operations 4.3. Lock Service To lock the service, use the following steps: Open the Trivalent Management Service. Tap LOCK SERVICE. a. The button will change to UNLOCK SERVICE Unlock Service (Authenticate) Depending on the configuration, authentication is required either after a certain amount of time or every time the device is unlocked. The Unlock Service popup will appear when authentication is required. This popup can also be accessed via the Android notification menu or via the TMS Home Screen. Once the Unlock Service popup appears, use the following steps: In the Enter Password textbox, type in the user password. Tap AUTHENTICATE to submit the password. a. The popup will disappear once successful Change Password To change the user password: Open the Trivalent Management Service. Tap CHANGE PASSWORD to launch the Change Password popup. In the Current Password textbox, type in the current user password. In the New Password textbox, type in a new password a. The textbox border will turn green once the new password meets the configured complexity requirements. Note: The password should be a strong passphrase; a passphrase with at least one uppercase letter, lowercase letter, special character, and number is recommended. Longer length passphrases provide increased security strength over shorter ones. Acceptable password strength should reflect the sensitivity of the data being encrypted. Higher data sensitivity should have increased password strength. Re-enter the new password in the Confirm New Password textbox. a. The textbox border will turn green when the password matches the New Password textbox. Trivalent Proprietary Information 14

18 Tap SUBMIT to update the password. Operations 4.6. Check Version Checking the version of the Trivalent Management Services components can be performed regardless if the device already has a configuration running. Open the Trivalent Management Service. Tap CHECK VERSION. a. The Check Version popup will appear displaying Up-to-date, Not up-to-date, or Unable to connect. Tap OK to dismiss the popup. Figure 12: Check Version popup If an update is available, please contact Trivalent at support@trivalent.us.com. Trivalent Proprietary Information 15

19 5. Frequently Asked Questions Question How are my encrypted files stored? Can encrypted folders be added to the list after configuration is complete? I unlocked my Android Device and did not receive the authentication popup. How do I authenticate? If I do not enter my password and then close the Authentication window, will I still be able to use my device? Will the TMS notify me when a passphrase lockout is over? I restarted my Android device and noticed the TMS notifications were gone. Did the service turn off? I am not authenticated but I can still view my files (ex: Gallery). Why is this happening? Where can I get additional Help Information? Frequently Asked Questions Answer Files are first encrypted using AES 256 bit encryption. The encrypted file is then parsed using a proprietary information dispersal algorithm to define shredding rules and to store the shreds securely. Encrypted folders cannot be added to the list after configuration. All folders must be chosen at the time of configuration. If the authentication popup is accidently missed or dismissed, swipe down from the top of the Android device to reveal the Android Notification Menu. In the Android Notification Menu there will be a notification reading Not Authenticated. Tap on the notification to access the authentication popup. You will be able to access the device but unable to access encrypted files. The TMS will not notify you when a passphrase lockout is over. No, restarting the phone only clears the notifications. Launching the TMS and authenticating will repopulate the notifications. Some apps, such as the stock Gallery app, store open file data in their cache. To clear an app s cache, bring up the app switcher then swipe the app closed. Next, go to Settings > Device > Apps and select your app. Tap both the Clear cache and Clear data buttons. Trivalent Support can be contacted at support@trivalent.us.com or by visiting our website at Trivalent Proprietary Information 16

20 6. Reference of Android Security APIs Used 6.1. Android Security APIs Introduction Reference of Android Security APIs Used This section of the document contains a complete list of the Android platform security API functions used by the Trivalent Protect for Android system Additional Definitions, Acronyms, and Abbreviations Acronym AES API CBC Ctor DiU ECB FEKEK HMAC I/O IMEI MAC OAEP PBE PBKDF(2) PKCS RSA SHA SPXCore Definition Advanced Encryption Standard Application Programming Interface Cipher Block Chaining Object Constructor Data-in-use/Data-in-process Electronic Codebook (A type of block cipher) File Encryption Key Encryption Key Hashed Message Authentication Code Input/Output International Mobile Equipment Identity Media Access Control Optimal Asymmetric Encryption Padding Password-Based Encryption Password-Based Key Derivation Function Public Key Cryptography Standard Rivest, Shamir & Adleman, a type of encryption algorithm Secure Hash Algorithm An encryption engine 6.2. Trivalent Protect for Android Overview Components Below is a brief overview of the Trivalent Protect (for Android) to provide the user with context for understanding this document. The major components of the Trivalent Protect (for Android) system are: Management Service Application Trivalent System Service FUSE Daemon Management Service Application The Management Service is responsible for system configuration, initialization, authentication/deauthentication, FEKEK generation and centralized key management. Trivalent Proprietary Information 17

21 Reference of Android Security APIs Used Trivalent System Service The Trivalent System Service is responsible for communication with the FUSE daemon. It is also responsible for securely passing the FEKEK from the Management Service to the FUSE daemon. This component is compiled into the manufacturer ROM FUSE Daemon The FUSE daemon is responsible for file I/O, file encryption/decryption, and file cryptographic shredding. This component is compiled into the manufacturer ROM. Trivalent Proprietary Information 18

22 6.3. Android Security API Functions Used Trivalent Management Service Reference of Android Security APIs Used Cryptographic Hashing Constructors Called None Methods Called javax.crypto.mac.getinstance(string) javax.crypto.mac.getmaclength() javax.crypto.mac.getalgorithm() javax.crypto.mac.init(key) javax.crypto.mac.update(byte[]) javax.crypto.mac.dofinal(byte[], int) java.security.messagedigest.getinstance(string) java.security.messagedigest.digest(byte[]) java.security.cert.certificatefactory.getinstance(string) java.security.cert.certificatefactory.generatecertificate(byte[]) Objects Created javax.crypto.mac java.security.messagedigest java.security.cert.certficatefactory java.security.cert.x509certificate Exceptions Handled java.security.nosuchalgorithmexception java.security.cert.certificateexception java.security.cert.certificateencodingexception Trivalent Proprietary Information 19

23 FEKEK Generation Reference of Android Security APIs Used Constructors Called None Methods Called javax.crypto.keygenerator.getinstance(string) javax.crypto.keygenerator.init(int) javax.crypto.keygenerator.generatekey() Objects Created javax.crypto.keygenerator javax.crypto.secretkey Exceptions Handled java.security.nosuchalgorithmexception Trivalent Proprietary Information 20

24 Android KeyStore-based RSA Key Pair Generation Constructors Called android.security.keypairgeneratorspec.builder.ctor(context) javax.security.auth.x500.x500principal.ctor(string) Reference of Android Security APIs Used Methods Called java.security.keystore.getinstance(string) java.security.keystore.load(inputstream, char[]) java.security.keystore.getentry(string, KeyStore.ProtectionParameter); java.security.keypairgenerator.getinstance(string, String) android.security.keypairgeneratorspec.builder.setalias(string) android.security.keypairgeneratorspec.builder.setstartdate(date) android.security.keypairgeneratorspec.builder.setenddate(date) android.security.keypairgeneratorspec.builder.setserialnumber(biginteger) android.security.keypairgeneratorspec.builder.setsubject(x500principal) android.security.keypairgeneratorspec.builder.build() java.security.keypairgenerator.initialize(algorithmparameterspec) java.security.keypairgenerator.generatekeypair() java.security.keystore.privatekeyentry.getcertificate() java.security.certificate.getpublickey() java.security.keystore.privatekeyentry.getprivatekey() Objects Created java.security.keystore java.security.keystore.privatekeyentry java.security.keystore.entry java.security.keypairgenerator android.security.keypairgeneratorspec android.security.keypairgeneratorspec.builder javax.security.auth.x500.x500principal java.security.keypair java.security.publickey java.security.privatekey java.security.cert.certificate Exceptions Handled java.security.keystoreexception java.security.cert.certificateexception java.security.nosuchalgorithmexception java.security.unrecoverableentryexception java.security.nosuchproviderexception java.security.invalidalgorithmparameterexception Trivalent Proprietary Information 21

25 PBKDF2 Key Generation Reference of Android Security APIs Used Interfaces Implemented javax.crypto.secretkey o getalgorithm() o getformat() o getencoded() o hashcode() o equals(object) javax.crypto.interfaces.pbekey o getiterationcount() o getsalt() o getpassword() o hashcode() o equals(object) o finalize() Constructors Called java.security.securerandom.ctor() javax.crypto.spec.pbekeyspec.ctor(char[], byte[], int, int) java.security.keyrep.ctor(keyrep.type, String, String, byte[]) Methods Called java.security.securerandom.nextbytes(byte[]) javax.crypto.spec.pbekeyspec.getpassword() javax.crypto.spec.pbekeyspec.getsalt() javax.crypto.spec.pbekeyspec.getiterationcount() javax.crypto.spec.pbekeyspec.getkeylength() javax.crypto.mac.getinstance(string) javax.crypto.mac.getmaclength() javax.crypto.mac.init(secretkey) javax.crypto.mac.update(byte[] salt) javax.crypto.mac.dofinal(byte[], int) Objects Created java.security.securerandom javax.crypto.spec.pbekeyspec javax.crypto.mac javax.crypto.secretkey javax.crypto.interfaces.pbekey java.security.keyrep Exceptions Handled java.security.spec.invalidkeyspecexception java.security.nosuchalgorithmexception java.security.generalsecurityexception Trivalent Proprietary Information 22

26 Key Wrapping and Unwrapping Reference of Android Security APIs Used Wrapping FEKEK with RSA_AKS_Mgmt Constructors Called javax.crypto.secretkeyspec.ctor(byte[], int, int, String) Methods Called java.security.key.getencoded() javax.crypto.cipher.getinstance(string) java.security.keystore.getinstance(string) java.security.keystore.load(keystore.loadstoreparameter) java.security.interfaces.rsapublickey.getmodulus() java.security.interfaces.rsakey.getmodulus() javax.crypto.cipher.init(int, Key) javax.crypto.cipher.dofinal(byte[]) Objects Created java.security.secretkey javax.crypto.cipher java.security.keystore Exceptions Handled java.security.keystoreexception javax.crypto.nosuchpaddingexception java.security.nosuchalgorithmexception java.security.certificateexception javax.crypto.nosuchpaddingexception javax.crypto.illegalblocksizeexception java.security.invalidkeyexception Wrapping [FEKEK]RSA_AKS_Mgmt with PBKDF2 Key Constructors Called javax.crypto.secretkeyspec.ctor(byte[], int, int, String) Methods Called javax.crypto.cipher.getinstance(string) javax.crypto.cipher.init(int, Key) javax.crypto.cipher.wrap(key) Objects Created java.security.secretkey javax.crypto.cipher Trivalent Proprietary Information 23

27 Exceptions Handled javax.crypto.nosuchpaddingexception java.security.nosuchalgorithmexception javax.crypto.nosuchpaddingexception javax.crypto.illegalblocksizeexception Reference of Android Security APIs Used Unwrapping [[FEKEK]RSA_AKS_Mgmt]PBKDF2_Key (once) Constructors Called None Methods Called javax.crypto.cipher.getinstance(string) javax.crypto.cipher.init(int, Key) java.security.key.getencoded() javax.crypto.cipher.unwrap(key, String, int) Objects Created java.security.secretkey javax.crypto.cipher Exceptions Handled javax.crypto.nosuchpaddingexception java.security.nosuchalgorithmexception javax.crypto.nosuchpaddingexception Unwrapping [FEKEK]RSA_AKS_Mgmt Constructors Called javax.crypto.spec.secretkeyspec.ctor(byte[], int, int, String) Methods Called java.security.messagedigest.getinstance(string) java.security.key.getencoded() javax.crypto.cipher.getinstance(string) java.security.keystore.getinstance(string) java.security.keystore.load(keystore.loadstoreparameter) java.security.interfaces.rsakey.getmodulus() javax.crypto.cipher.init(int, Key) javax.crypto.cipher.dofinal(byte[], int, int) Objects Created javax.crypto.cipher java.security.keystore java.security.secretkey java.security.privatekey java.security.interfaces.rsakey Trivalent Proprietary Information 24

28 java.security.key Reference of Android Security APIs Used Exceptions Handled java.security.nosuchalgorithmexception javax.crypto.nosuchpaddingexception java.security.keystoreexception java.security.certificateexception java.security.invalidkeyexception javax.crypto.illegalblocksizeexception javax.crypto.badpaddingexception Wrapping FEKEK with HWB_RSA_TSS Constructors Called javax.crypto.secretkeyspec.ctor(byte[], int, int, String) Methods Called java.security.key.getencoded() javax.crypto.cipher.getinstance(string) java.security.keystore.getinstance(string) java.security.keystore.load(keystore.loadstoreparameter) java.security.interfaces.rsapublickey.getmodulus() java.security.interfaces.rsakey.getmodulus() javax.crypto.cipher.init(int, Key) javax.crypto.cipher.dofinal(byte[]) Objects Created java.security.secretkey javax.crypto.cipher java.security.keystore Exceptions Handled java.security.keystoreexception javax.crypto.nosuchpaddingexception java.security.nosuchalgorithmexception java.security.certificateexception javax.crypto.nosuchpaddingexception javax.crypto.illegalblocksizeexception java.security.invalidkeyexception Trivalent Proprietary Information 25

29 OAEP Reference of Android Security APIs Used Interfaces Implemented org.bouncycastle.crypto.asymmetricblockcipher o init(boolean, CipherParameters) o getinputblocksize() o getoutputblocksize() o processblock(byte[], int, int) Constructors Called org.bouncycastle.crypto.digests.sha512digest.ctor() org.bouncycastle.crypto.encodings.oaepencoding.ctor(asymmetricblockcipher, Digest, byte[]) Methods Called org.bouncycastle.crypto.encodings.oaepencoding.init(true, null) org.bouncycastle.crypto.encodings.oaepencoding.processblock(byte[], int, int) java.security.key.getencoded() Objects Created org.bouncycastle.crypto.digest org.bouncycastle.crypto.digests.sha512digest org.bouncycastle.crypto.encodings.oaepencoding org.bouncycastle.crypto.asymmetricblockcipher java.security.key java.security.interfaces.rsapublickey java.security.privatekey org.bouncycastle.crypto.cipherparameters Exceptions Handled org.bouncycastle.crypto.invalidciphertextexception java.security.invalidkeyexception java.security.keystoreexception java.security.nosuchalgorithmexception java.security.cert.certificateexception javax.crypto.badpaddingexception javax.crypto.illegalblocksizeexception javax.crypto.nosuchpaddingexception Trivalent Proprietary Information 26

30 Keystores and Key Storage Reference of Android Security APIs Used Android Platform KeyStore Constructors Called None Methods Called java.security.keystore.getinstance(string) java.security.keystore.load(inputstream, char[]) java.security.keystore.getentry(string, null); java.security.keypairgenerator.getinstance(string, String) Objects Created java.security.keystore java.security.keystore.privatekeyentry java.security.keystore.entry java.security.publickey java.security.privatekey java.security.keypairgenerator Exceptions Handled java.security.keystoreexception java.security.cert.certificateexception java.security.nosuchalgorithmexception java.security.unrecoverableentryexception java.security.nosuchproviderexception java.security.invalidalgorithmparameterexception Trivalent Proprietary Information 27

31 File-Based Constructors Called java.security.spec.rsaprivatekeyspec.ctor(biginteger, BigInteger) java.security.spec.x509encodedkeyspec.ctor(byte[]) Methods Called java.security.keystore.getinstance(string, Provider) java.security.security.getprovider(string) java.security.keystore.load(inputstream, char[]) java.security.keystore.store(outputstream, char[]) java.security.keystore.aliases() java.security.keystore.getcertificate(string) java.security.keystore.setkeyentry(string, Key, char[], Certificate[]) java.security.keyfactory.getinstance(string, String) java.security.keyfactory.getinstance(string) java.security.keyfactory.generateprivate(keyspec) java.security.keyfactory.generatepublic(keyspec) javax.crypto.mac.getinstance(string) javax.crypto.mac.getmaclength() javax.crypto.mac.getalgorithm() javax.crypto.mac.init(key) javax.crypto.mac.update(byte[]) javax.crypto.mac.dofinal(byte[], int) java.security.messagedigest.getinstance(string) java.security.messagedigest.digest(byte[]) java.security.keystore.getkey(string, char[]) Objects Created java.security.keystore java.security.publickey java.security.privatekey java.security.keyfactory java.security.spec.rsaprivatekeyspec java.security.cert.x509certificate javax.crypto.mac java.security.messagedigest java.security.key java.security.secretkey java.security.spec.x509encodedkeyspec Exceptions Handled java.security.keystoreexception java.security.cert.certificateexception java.security.nosuchalgorithmexception Reference of Android Security APIs Used Trivalent Proprietary Information 28

32 Trivalent System Service Reference of Android Security APIs Used Android KeyStore-based RSA Key Pair Generation Constructors Called android.security.keypairgeneratorspec.builder.ctor(context) javax.security.auth.x500.x500principal.ctor(string) Methods Called java.security.keystore.getinstance(string) java.security.keystore.load(inputstream, char[]) java.security.keystore.getentry(string, KeyStore.ProtectionParameter); java.security.keypairgenerator.getinstance(string, String) android.security.keypairgeneratorspec.builder.setalias(string) android.security.keypairgeneratorspec.builder.setstartdate(date) android.security.keypairgeneratorspec.builder.setenddate(date) android.security.keypairgeneratorspec.builder.setserialnumber(biginteger) android.security.keypairgeneratorspec.builder.setsubject(x500principal) android.security.keypairgeneratorspec.builder.build() java.security.keypairgenerator.initialize(algorithmparameterspec) java.security.keypairgenerator.generatekeypair() java.security.keystore.privatekeyentry.getcertificate() java.security.certificate.getpublickey() java.security.keystore.privatekeyentry.getprivatekey() Objects Created java.security.keystore java.security.keystore.privatekeyentry java.security.keystore.entry java.security.keypairgenerator android.security.keypairgeneratorspec android.security.keypairgeneratorspec.builder javax.security.auth.x500.x500principal java.security.keypair java.security.publickey java.security.privatekey Exceptions Handled java.security.keystoreexception java.security.nosuchalgorithmexception java.security.unrecoverableentryexception java.security.nosuchproviderexception java.security.invalidalgorithmparameterexception Trivalent Proprietary Information 29

33 Key Unwrapping Reference of Android Security APIs Used Unwrapping [FEKEK]HWB_RSA_TSS Constructors Called javax.crypto.spec.secretkeyspec.ctor(byte[], int, int, String) Methods Called java.security.messagedigest.getinstance(string) java.security.key.getencoded() javax.crypto.cipher.getinstance(string) java.security.keystore.getinstance(string) java.security.keystore.load(keystore.loadstoreparameter) java.security.interfaces.rsakey.getmodulus() javax.crypto.cipher.init(int, Key) javax.crypto.cipher.dofinal(byte[], int, int) Objects Created javax.crypto.cipher java.security.keystore java.security.secretkey java.security.privatekey java.security.interfaces.rsakey java.security.key Exceptions Handled java.security.nosuchalgorithmexception javax.crypto.nosuchpaddingexception java.security.keystoreexception java.security.invalidkeyexception javax.crypto.illegalblocksizeexception javax.crypto.badpaddingexception Trivalent Proprietary Information 30

34 Keystores and Key Storage Reference of Android Security APIs Used Android Platform KeyStore Constructors Called None Methods Called java.security.keystore.getinstance(string) java.security.keystore.load(inputstream, char[]) java.security.keystore.getentry(string, null); java.security.keypairgenerator.getinstance(string, String) Objects Created java.security.keystore java.security.keystore.privatekeyentry java.security.keystore.entry java.security.publickey java.security.privatekey java.security.keypairgenerator Exceptions Handled java.security.keystoreexception java.security.nosuchalgorithmexception java.security.unrecoverableentryexception java.security.nosuchproviderexception java.security.invalidalgorithmparameterexception FUSE Daemon File Encryption/Decryption Methods Called CryptoPP::StreamTransformationFilter.Put(unsigned char*, size_t) CryptoPP::StreamTransformationFilter.MessageEnd() Objects Created CryptoPP::AES::Encryption(unsigned char*, size_t) CryptoPP::CBC_Mode_ExternalCipher::Encryption(CryptoPP::AES::Encryption, unsigned char*) CryptoPP::AES::Decryption(unsigned char*, size_t) CryptoPP::CBC_Mode_ExternalCipher::Decryption(CryptoPP::AES::Decryption, unsigned char*) CryptoPP::StreamTransformationFilter(CryptoPP::CBC_ModeExternal::Encryption, CryptoPP::StringSink) Trivalent Proprietary Information 31

35 6.4. Permissions Used Reference of Android Security APIs Used The Management Service uses the following Android permissions: Permissions Modify or delete the contents of SD card Read the contents of the SD card Read phone status and identity Use Accounts on the device Connect and disconnect from Wi-Fi View network connections View Wi-Fi connections Full network access Pair with Bluetooth devices AuricFSAdmin Reorder running apps Run at startup Prevent Tablet from Sleeping Explanation The ability to read from and write to the SD card, which is the public Android file space, is needed by Trivalent's Cryptographic Development Kit (CDK). The CDK is an alternative product offering cryptographic protection on Android, and it uses the same Management Service as FUSE. Thus, while FUSE configurations do not need access to the public file space, CDK configurations do in order to write password-protected keystores to the file space where third-party applications can access them. These keystores contain cryptographic keys wrapped in app-specific public keys, so that only the intended app has access. Phone status and identity access is requested so that the phone s ID can be used for identification purposes in the TCM. This permission is requested to enable future testing with multi-factor authentication using Google identity services. The ability to modify the Wi-Fi connection is requested so that the device s MAC address can be used for identification purposes in the TCM. The MAC address may only be available from one of a few sources, so multiple Wi-Fi-related permissions are requested to make sure all of these sources are available if needed. Network access is requested for making network requests to the TCM and the Trivalent licensing server, using the HTTPS and MQTT protocols. Bluetooth permission is requested so that the device s Bluetooth adapter s name and address can be used for identification purposes in the TCM. AuricFSAdmin is a custom permission group Trivalent has added to the Android operating system. This permission is required for an app to communicate with Trivalent s Auric System Service. The ability to reorder apps is used because the Management Service needs the ability to launch and display authentication prompts from the background. The ability to run at startup is used so that the Management Service s authentication service can begin running on boot if FUSE has been configured. The Management Service uses this permission because time-based authentication methods need to remain Trivalent Proprietary Information 32

36 Reference of Android Security APIs Used accurate in their de-authentication triggers, even if a device s screen is off. Trivalent Proprietary Information 33