Analysis of encryption algorithms for Android Application Security Development

Analysis of encryption algorithms for Android Application Security Development

During Android development, it is inevitable that some data needs to be encrypted and decrypted and stored to a local file, or transmitted to other servers and devices over the network. However, encryption is not always safe, if the encryption function is used incorrectly, data encryption is vulnerable to reverse cracking attacks. There are still many encryption algorithms that developers are not aware.

1. Basic concepts to be understood

Three major functions of cryptography: Encryption, Authentication, and Identification)

Encryption: prevents attackers from getting your data.

Authentication: prevent the bad guys from modifying your data, but you have not found it.

Authentication: prevents the bad guys from impersonating you.

The basic concepts and principles of encryption algorithms are not described in plaintext, ciphertext, key, symmetric encryption algorithm, and asymmetric encryption algorithm.

2. APIs provided by Android SDK 2.1 Android encryption API Structure

The APIs used by the Android SDK are basically similar to those provided by JAVA. They are composed of Java Cryptography Architecture (JCA, java encryption Architecture), Java Cryptography Extension (JCE, Java encryption Extension package ), java Secure Sockets Extension (JSSE, Java Secure Socket Extension package), Java Authentication and Authentication Service (JAAS, Java Authentication and Security Service.

JCA provides basic encryption frameworks, such as certificates, digital signatures, message digests, and key pair generators. The following packages of the corresponding Android API:

 

JCE extends JCA and provides various encryption algorithms, digest algorithms, and key management functions. It corresponds to the following packages of Android APIs:

 

JSSE provides SSL (based on the Secure Sockets Layer) encryption function, which is used for HTTPS encrypted transmission. The corresponding Android API is mainly in the java.net. ssl package.

JAAS provides the Java platform for user identity authentication. The corresponding Android APIs are mainly used in the following packages:

 

They are actually just a set of interfaces. The actual algorithms can be provided by different providers. The default providers of Android APIs are mainly Bouncy Castle and OpenSSL.

In addition, the Android API provides android. security and android. security. keystore (New in API 23) to manage the keychain and keystore.

2.2 Base64 encoding algorithm

Base64 encoding is a method that uses 64 characters (ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 ++/) to represent any binary data. In the early stages of computer network development, due to "historical reasons", email does not support non-ASCII characters. If the email to be sent contains non-ASCII characters (such as Chinese characters) or images, the emails you receive may contain a bunch of garbled characters. Therefore, the Base64 encoding algorithm is invented. Why is garbled? Please Google it on your own. In encryption and decryption algorithms, the original data and encrypted data are also binary data. To avoid transmission errors, you can easily save or debug the code, generally, encrypted data must be base64-encoded.

Android provides the Base64 encoding tool android. util. Base64, which can be used directly without the need to implement the base64 encoding algorithm.
For example:

 

Developer suggestions:Base64 is only an encoding method. It is not an encryption algorithm. Do not use base64 to encrypt data.

2.3 random number generator

When a random number is required in the Android encryption algorithm, SecureRandom is used to obtain the random number.
For example:

 

Do not set seed for SecureRandom. It is insecure to call seeded constructor or setSeed (byte. SecureRandom () uses dev/urandom as the seed generator by default, which is unpredictable.

Developer suggestions: 

1. Do not use the Random class to obtain Random numbers.
2. Do not set seed when using SecureRandom. Setting the seed using the following function is risky:

 

2.4 Hash Algorithm

The Hash algorithm is a string input of any length. This algorithm can provide a fixed n-Bit String output. The output string is generally called a Hash value.
It has the following two features:

Collision Resistance: it is not feasible to search for two different inputs to obtain the same output value. It takes about time to find two input strings with the same output.

To find two input strings with the same output.

 

Irreversible: you cannot export the initial status from the result.

The anti-collision feature allows the Hash algorithm to generate different Hash values for any changes made to the original input. Therefore, the Hash algorithm can be used to verify data integrity. We often see that when downloading a file on some websites, the website also provides the hash value of this file for us to download the file and check whether the file has been tampered.

The irreversible feature makes the Hash algorithm a one-way password system. It can only encrypt, cannot decrypt, and can be used to encrypt user login passwords and other creden.

Developer suggestions:

1. SHA-256 and SHA-3 algorithms are recommended.
For example, use the SHA-256 algorithm to hash the message string

 

2. We do not recommend using MD2, MD4, MD5, SHA-1, and RIPEMD algorithms to encrypt user passwords and other sensitive information. There are already many solutions to this type of algorithm, such as the md5 algorithm. There are many dictionary libraries on the Internet that provide md5 values and can be used to find the pre-encrypted data.

 

3. Do not use the hash function as the signature of the symmetric encryption algorithm.

4. Note: When multiple strings are connected in a string, do hash again.

For example, string S, string T, string T, and string hash, recorded as H (S | T ). However, the following situations may occur. For example, the hash values of "builtin | securely" and "built | insecurely" are identical.
How can we avoid the above problems by modifying them?
Change to H (length (S) | S | T) or H (S) | H (T) or H (S) | T ).

In actual development, various url parameters are often sorted in a dictionary. a secret string is added after parameter names and values are concatenated to calculate the hash value and use it as the URL signature,

For example, after foo = 1, bar = 2, baz = 3 is sorted as bar = 2, baz = 3, foo = 1, and the hash string is: SECRETbar2baz3foo1, if there is no separator between the parameter and value, the hash values of "foo = bar" and "foob = ar" are the same, "foo = bar & fooble = baz" is the same as "foo = barfooblebaz". In this way, specially crafted malicious parameters may have the same hash value as normal parameters, in this way, the signature verification of the server is cheated.

2.5 Message Authentication Algorithm

To ensure that the encrypted Message is not forged by others, you must provide a Message authentication code (MAC, Message authentication code ).
The message authentication code is a hash function with a key, based on the key and hash function.

The parties agree in advance that the key cannot be known to any third party.

The message sender uses the MAC algorithm to calculate the MAC value of the message and sends it to the receiver after the message is appended.
After receiving a message, the receiver uses the same MAC algorithm to calculate the MAC value of the received message, and compares it with the received MAC value.

Developer suggestions: 
It is recommended to use the HMAC-SHA256 algorithm to avoid using CBC-MAC.
An example of HMAC-SHA256 is as follows:

 

2.6 symmetric encryption algorithm

In the symmetric encryption algorithm, the plaintext (raw data) and encryption key are processed by a Special encryption algorithm together to convert them into complex encrypted ciphertext for sending. After receiving the ciphertext, the recipient needs to use the Encrypted Key and the inverse algorithm of the same algorithm to decrypt the ciphertext to restore it to readable plaintext. In the symmetric encryption algorithm, only one key is used. Both the sender and receiver use this key to encrypt and decrypt the data. Therefore, the sender must know the encryption key in advance.

The disadvantage of this algorithm is that once the key is leaked, the encrypted content will be untrusted.

Developer suggestions: 
1. We recommend that you use the AES algorithm.
2. DES uses a 56-bit encryption key by default. It is no longer secure and is not recommended.
3. Do not use ECB mode in encryption mode. ECB mode is not safe. The typical three images are described as follows:

Plaintext:

 

After the ECB encryption mode is used:

 

 

 

After using the CBC encryption mode:

 

 

 

For more information on the CBC encryption Mode attacks, see: SSL/TLS Protocol Security Series: CBC mode weak security Introduction (a) http://drops.wooyun.org/tips/6619

 

4. the AES encryption algorithm API provided by Android uses the ECB mode by default. Therefore, you must explicitly specify the encryption algorithm as CBC or CFB mode, which can be filled with PKCS5Padding. The minimum length of the AES key is 128 bits, and 256 bits are recommended.

 

 

 

2.7 asymmetric encryption

 

Asymmetric encryption algorithms require two keys: public key and private key ). A public key is a pair of private keys. If a public key is used to encrypt data, only the corresponding private key can be used for decryption. If a private key is used to encrypt data, only the corresponding public key can be used for decryption (this process can be used as a digital signature ).
Asymmetric encryption mainly uses the RSA algorithm.

Developer suggestions:

1. Note that the key length should not be less than 512 bits. We recommend that you use a 2048-bit key length.

The algorithm that uses RSA for digital signature, such:

 

 

2. Use the RSA Algorithm for encryption. The RSA encryption algorithm should use Cipher. getInstance (RSA/ECB/OAEPWithSHA256AndMGF1Padding). Otherwise, there is a risk of replay attacks. For example:

 

 

 

2.8 encryption algorithm PBE

 

PBE is a password-based encryption algorithm. It uses passwords instead of keys, and the passwords are managed by users themselves. It uses random numbers to combine multiple encryption methods to ensure data security.

Developer suggestions: 
When using the password-based encryption algorithm PBE, add salt to generate the key. The salt value should preferably come from SecureRandom and specify the number of iterations.
For example:

 

 

 

(All the preceding examples are for reference only)

 

3. Summary

Several principles:

1. Do not design your own encryption algorithms and protocols using industry-standard algorithms.

2. Do not use the ECB mode for symmetric encryption algorithms. We do not recommend using the DES algorithm.

3. Select a key with an appropriate length.

4. Make sure that the seed of the random number generator has sufficient information entropy.

5. Do not use an encryption algorithm without message authentication to encrypt messages and prevent replay attacks.

6. When multiple strings are concatenated for hash, be careful.

7. Do not set the yan salt value to be too short or repeated.

8. When an IV is used as the initialization vector, the CBC, CFB, and GCM constants of IV can be replayed like ECB, that is, the last ciphertext of the previous message is used as the IV of the Next message, is not safe.

9. Key Principles

(1) The key cannot be a constant. It should be random and regularly replaced. If the key used for data encryption is a constant, the same plaintext will be encrypted to obtain the same ciphertext, which is difficult to prevent dictionary attacks.

(2) Developers should guard against hard-coding keys.

In actual development, how does one keep the key secure? If hard encoding is easy to reverse in the Code, if it is placed in a file on the device, it will also be reverse searched by experienced hackers. Here, we recommend Alibaba Cloud universal security's security component service, the security encryption function provides the Security Management and Encryption Algorithm Implementation of developer keys to ensure the security of keys and implement secure encryption and decryption operations.