short-paper

Analyzing Android's File-Based Encryption: Information Leakage through Unencrypted Metadata

Authors:

Tobias Groß,

Matanat Ahmadova,

Tilo MüllerAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 47, Pages 1 - 7

https://doi.org/10.1145/3339252.3340340

Published: 26 August 2019 Publication History

Get Access

Abstract

We investigate the amount of information leakage through unencrypted metadata in Android's file-based encryption (FBE) which was introduced as an alternative to the previously dominating full-disk encryption (FDE) in Android 7.0. We propose a generic method, and provide appropriate tooling, to reconstruct forensic events on Android smartphones encrypted with FBE. Based on a dataset of 3903 applications, we show that metadata of files can be used to reconstruct the name, version and installation date of all installed apps. Furthermore, we show that, depending on a specific app, information leakages through metadata can even be used to reconstruct a user's behavior. For the example of WhatsApp, we show that the point of time a user sent or received her last message can be traced back even though the phone was encrypted. Our approach requires access to the raw data of an encrypted disk only but does not require access to a powered-on device or the bootloader, such as known attacks against FDE including cold boot and evil maid. We conclude that FBE is significantly more insecure than FDE and was presumably elected for usability reasons like direct boot.

References

[1]

Amir Etemadieh, CJ Heres, and Khoa Hoang. 2017. Hacking Hardware With $10 SD Card Reader. https://bh2017.exploitee.rs/Hacking_Hardware_With_A_10_Reader-wp.pdf Blackhat 2017.

Google Scholar

[2]

Simson L. Garfinkel. 2009. Automating Disk Forensic Processing with SleuthKit, XML and Python. In Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2009, Berkeley, California, USA, May 21, 2009. 73--84.

Digital Library

Google Scholar

[3]

Johannes Götzfried and Tilo Müller. 2014. Analysing Android's Full Disk Encryption Feature. Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications 5 (2014), 84--100.

Google Scholar

[4]

Joshua James, Pavel Gladyshev, and Yuandong Zhu. 2013. Signature Based Detection of User Events for Post-Mortem Forensic Analysis. CoRR abs/1302.2395 (2013). http://arxiv.org/abs/1302.2395

Google Scholar

[5]

Sven Kälber, Andreas Dewald, and Felix C. Freiling. 2013. Forensic Application-Fingerprinting Based on File System Metadata. In Seventh International Conference on IT Security Incident Management and IT Forensics, IMF 2013, Nuremberg, Germany, March 12-14, 2013. 98--112.

Digital Library

Google Scholar

[6]

Ronan Loftus, Marwin Baumann, Rick van Galen, and Rachelle de Vries. 2017. Android 7 File Based Encryption and the Attacks Against It. https://www.semanticscholar.org/paper/Android-7-File-Based-Encryption-and-the-Attacks-It-Loftus-Baumann/e1cf9ad5614f3a24b24088e4b22e9218f0abc3a0.

Google Scholar

[7]

Igor Mikhaylov. 2016. Chip-Off Technique in Mobile Forensics. https://www.digitalforensics.com/blog/chip-off-technique-in-mobile-forensics/ Accessed: 18.03.2019.

Google Scholar

[8]

Tilo Müller, Michael Spreitzenbarth, and Felix C. Freiling. 2014. Frost: Forensic Recovery of Scrambled Telephones. In International Conference on Applied Cryptography and Network Security.

Google Scholar

[9]

Adam Skillen, David Barrera, and Paul C. van Oorschot. 2013. Dead-bolt: Locking Down Android Disk Encryption. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM '13). ACM, New York, NY, USA, 3--14.

Digital Library

Google Scholar

[10]

Peter Teufl, Andreas Fitzek, Daniel Hein, Alexander Marsalek, Alexander Oprisnik, and Thomas Zefferer. 2014. Android encryption systems. In 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS). 1--8.

Crossref

Google Scholar

[11]

Zhaohui Wang, Rahul Murmuria, and Angelos Stavrou. 2012. Implementing and Optimizing an Encryption Filesystem on Android. In 2012 IEEE 13th International Conference on Mobile Data Management. 52--62.

Digital Library

Google Scholar

Cited By

View all

Ren JJi CJin WYu CGuo WDu YZhu Z(2023)Transparent File Deduplication with Reduced Update Cost on Encryption Enabled Mobile Devices2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00276(2025-2032)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00276
Chatzoglou EKambourakis GSmiliotopoulos C(2022)Let the Cat out of the Bag: Popular Android IoT Apps under Security ScrutinySensors10.3390/s2202051322:2(513)Online publication date: 10-Jan-2022
https://doi.org/10.3390/s22020513
Buurke RLe-Khac N(2022)Accessing Secure Data on Android Through Application AnalysisDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_6(93-108)Online publication date: 4-Jun-2022
https://doi.org/10.1007/978-3-031-06365-7_6
Show More Cited By

Recommendations

Analyzing GUI running fluency for Android apps
MSCC '16: Proceedings of the 3rd ACM Workshop on Mobile Sensing, Computing and Communication

Android as a free open platform has become increasingly popular and been widespread adopted in mobile, tablet, and other devices. However, a great number of issues, such as inadequate quality and the fragmentation phenomenon, have emerged, enhancing the ...
Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...

Comments

Information & Contributors

Information

Published In

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
431
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)7

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ren JJi CJin WYu CGuo WDu YZhu Z(2023)Transparent File Deduplication with Reduced Update Cost on Encryption Enabled Mobile Devices2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00276(2025-2032)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00276
Chatzoglou EKambourakis GSmiliotopoulos C(2022)Let the Cat out of the Bag: Popular Android IoT Apps under Security ScrutinySensors10.3390/s2202051322:2(513)Online publication date: 10-Jan-2022
https://doi.org/10.3390/s22020513
Buurke RLe-Khac N(2022)Accessing Secure Data on Android Through Application AnalysisDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_6(93-108)Online publication date: 4-Jun-2022
https://doi.org/10.1007/978-3-031-06365-7_6
Garg SBaliyan N(2021)Comparative analysis of Android and iOS from security viewpointComputer Science Review10.1016/j.cosrev.2021.10037240(100372)Online publication date: May-2021
https://doi.org/10.1016/j.cosrev.2021.100372

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Analyzing GUI running fluency for Android apps

Android: Changing the Mobile Landscape

Public-Key encryption from ID-Based encryption without one-time signature

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Recommendations

Analyzing GUI running fluency for Android apps

Android: Changing the Mobile Landscape

Public-Key encryption from ID-Based encryption without one-time signature

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations