Profile picture
Daniel Potts @danielppotts
, 11 tweets, 5 min read Read on Twitter
@mcannonbrookes Here’s my device maker’s and app writer’s guide to implementing #AABill in #ozcyber. The answer is a little nuanced & depends on what you’re trying to get at. I’ll also mention how you can protect yourself against it down below.
@mcannonbrookes The dirty way is to implement backdoors, in essence a backdoor-API. That API would need to be exposed, and would technically violate all encryption standards I know off and make the app/device un-certifiable for use in regulated industry.
@mcannonbrookes The cleanest way is for them to take a copy or a derived key for the encryption used. Like physical keys, they’d need to keep them somewhere safe; they can be copied; and they're easy to find.
@mcannonbrookes For apps, it is pretty easy to do. Add the backdoor directly, take the key, or hack and override one of the supporting libs it uses. Or better yet, do it in the OS from underneath if you're going after Data-In-Transit. For Data-At-Rest, we need to use other techniques.
@mcannonbrookes For the OS and stored data (data-at-rest) it gets interesting. The good news is, most modern chips like a Qualcomm Snapdragon will generate and store encryption keys within a secure element or encryptor, and it never leaves. You can't access it.
@mcannonbrookes Flash encryption/decryption ends up being one-way with they root key safely stored. But I'm over-simplifying. Good systems will create derived keys using stuff like entropy, multi-factors, etc. So, if you want a copy either take each factor or go for the root key.
@mcannonbrookes Other cool techniques would be to do things like weaken entropy sources (where 'random' comes from), which will speed up key cracking (guessing). Eventually people pick up on this, and it is un-certifiable to FIPS etc.
@mcannonbrookes Fact is, most systems have holes like this already. I don't think I've seen an OS without one. Big code bases written by humans just are. So, if you want to build better systems that are harder to backdoor what do you do?
@mcannonbrookes Some industry best-practices by us @cogystems and others include: 1/ implementing our software (and hardware) with defence-in-depth principles. For example, using multi-layered encryption: two totally separate algorithms+implementations for your encryption.
@mcannonbrookes 2/ scrubbing passwords and keys from memory (Android JVM leaves them everywhere!). 3/ relying on independent hardware (uSEs, uSIMs, HSMs etc). 4/ post-load your own apps. 5/ write your own OS.
@mcannonbrookes We actually go a lot further, but I'll stop now unless someone is interested..
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Daniel Potts
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!