Since Android 4.0, which was released in October 2011, users of Android smartphones are pro-
vided with a built-in encryption feature to protect their home partitions. In the work at hand, we
give a structured analysis of this software-based encryption solution. For example, software-based
encryption always requires at least a small part of the disk to remain unencrypted; in Android this
is the entire system partition. Unencrypted parts of a disk can be read out and are open to system
manipulations. We present a tool named EvilDroid to show that with physical access to an encrypted
smartphone only (i.e., without user level privileges), the Android system partition can be subverted
with keylogging. Additionally, as it was exemplary shown by attacks against Galaxy Nexus devices
in 2012, Android-driven ARM devices are vulnerable to cold boot attacks. Data recovery tools like
FROST exploit the remanence effect of RAM to recover data from encrypted smartphones, at worst
the disk encryption key. With a Linux kernel module named Armored, we demonstrate that Android’s
software encryption can be improved to withstand cold boot attacks by performing AES entirely on
the CPU without RAM. As a consequence, cold boot attacks on encryption keys can be defeated. We
present both a detailed security and a performance analysis of Armored.
more here.................http://isyou.info/jowua/papers/jowua-v5n1-4.pdf
vided with a built-in encryption feature to protect their home partitions. In the work at hand, we
give a structured analysis of this software-based encryption solution. For example, software-based
encryption always requires at least a small part of the disk to remain unencrypted; in Android this
is the entire system partition. Unencrypted parts of a disk can be read out and are open to system
manipulations. We present a tool named EvilDroid to show that with physical access to an encrypted
smartphone only (i.e., without user level privileges), the Android system partition can be subverted
with keylogging. Additionally, as it was exemplary shown by attacks against Galaxy Nexus devices
in 2012, Android-driven ARM devices are vulnerable to cold boot attacks. Data recovery tools like
FROST exploit the remanence effect of RAM to recover data from encrypted smartphones, at worst
the disk encryption key. With a Linux kernel module named Armored, we demonstrate that Android’s
software encryption can be improved to withstand cold boot attacks by performing AES entirely on
the CPU without RAM. As a consequence, cold boot attacks on encryption keys can be defeated. We
present both a detailed security and a performance analysis of Armored.
more here.................http://isyou.info/jowua/papers/jowua-v5n1-4.pdf