Present but Unreachable: Reducing Persistentlatent Secrets in HotSpot JVM

Pridgen, Adam; Garfinkel, Simson L.; Wallach, Dan S.

doi:10.24251/hicss.2017.727

Cited by 6 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To the best of our knowledge, there is no in-depth study of cryptographic secrets of TLS on Android, but, for other platforms, there have recently been several studies for extracting TLS secrets from a virtual machine [31], Windows OS [15], and Oracle's Java HotSpot JVM [22]. The first two studies look at extracting master secrets; the latter focuses on general data reconstruction from a garbage-collected runtime system.…”

Section: A Memory Forensicsmentioning

confidence: 99%

“…Taubmann et al [31] provide a technique to extract master secrets at runtime using virtual machine introspection techniques, and Kambic [15] provides a similar analysis of Windows systems. Pridgen et al [22] investigate Java TLS implementations, finding key material remaining in memory as a consequence of the JVM's garbage collector. A copying garbage collector may leave multiple dead copies of a key behind in memory that are not "reachable" as live data, yet are still vulnerable to forensic extraction.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Removing Secrets from Android's TLS

Lee¹,

Wallach

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Cryptographic libraries that implement Transport Layer Security (TLS) have a responsibility to delete cryptographic keys once they're no longer in use. Any key that's left in memory can potentially be recovered through the actions of an attacker, up to and including the physical capture and forensic analysis of a device's memory. This paper describes an analysis of the TLS library stack used in recent Android distributions, combining a C language core (BoringSSL) with multiple layers of Java code (Conscrypt, OkHttp, and Java Secure Sockets). We first conducted a black-box analysis of virtual machine images, allowing us to discover keys that might remain recoverable. After identifying several such keys, we subsequently pinpointed undesirable interactions across these layers, where the higherlevel use of BoringSSL's reference counting features, from Java code, prevented BoringSSL from cleaning up its keys. This interaction poses a threat to all Android applications built on standard HTTPS libraries, exposing master secrets to memory disclosure attacks. We found all versions we investigated from Android 4 to the latest Android 8 are vulnerable, showing that this problem has been long overlooked. The Android Chrome application is proven to be particularly problematic. We suggest modest changes to the Android codebase to mitigate these issues, and have reported these to Google to help them patch the vulnerability in future Android systems.

show abstract

Section: A Memory Forensicsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Removing Secrets from Android's TLS

Lee¹,

Wallach

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Using the Android Dalvik virtual machine as a use case, this study demonstrated that it is possible to replicate the features of the Android framework to find instances of structured classes and fields from the process memory dump. This line of argument was further explored by [2,32,34,35,42] to recover and reconstruct in-memory forensics artifacts from different runtime environments that are built using different memory management algorithms. [32] extended the work of [7] to cover a newer version of Android DVM.…”

Section: Userland Memory Forensicsmentioning

confidence: 99%

“…An object is allocated at the top of an available region as long as its size does not exceed the region's end. Prior work [2,32,34,35,42] has involved developing techniques for deconstructing a process memory image and reconstructing the memory allocation metadata, dumping the heap objects, and decoding the objects. However, the limitation of these approaches is the developed tools aggregate the allocation, but do not establish the relationships between allocated objects, and therefore they cannot be used to determine the origin or scope within which an object exists at runtime.…”

Section: Introductionmentioning

confidence: 99%

App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics Artifacts

Ali-Gombe

Tambaoan

Gurfolino

et al. 2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

“…Researchers have developed many solutions to address this. Chow et al handle this by secure deallocation [14], Pridgen et al aim at reducing encryption keys retained in the Java heap for desktops and servers [49], Dunn et al use ephemeral channels where data will be securely erased after a session finishes [18], and Lee and Wallach study the retention of TLS secrets in Android memory [34]. Different from existing work, our paper focuses on the study of password retention, and proposes effective fixes to address this problem.…”

Section: A Protecting Sensitive Datamentioning

confidence: 99%

Total Recall: Persistence of Passwords in Android

Lee¹,

Chen

Wallach

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

A good security practice for handling sensitive data, such as passwords, is to overwrite the data buffers with zeros once the data is no longer in use. This protects against attackers who gain a snapshot of a device's physical memory, whether by inperson physical attacks, or by remote attacks like Meltdown and Spectre. This paper looks at unnecessary password retention in Android phones by popular apps, secure password management apps, and even the lockscreen system process. We have performed a comprehensive analysis of the Android framework and a variety of apps, and discovered that passwords can survive in a variety of locations, including UI widgets where users enter their passwords, apps that retain passwords rather than exchange them for tokens, old copies not yet reused by garbage collectors, and buffers in keyboard apps. We have developed solutions that successfully fix these problems with modest code changes.

show abstract

Present but Unreachable: Reducing Persistentlatent Secrets in HotSpot JVM

Cited by 6 publications

References 12 publications

Removing Secrets from Android's TLS

Removing Secrets from Android's TLS

App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics Artifacts

Total Recall: Persistence of Passwords in Android

Contact Info

Product

Resources

About