Differences
This shows you the differences between two versions of the page.
|
osp:lectures:lecture-4 [2015/11/01 22:15] vlad.traista [Practical] |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== 04 - Android Security Mechanisms ===== | ||
| - | * Description: Android permissions, cryptographic providers, network security | ||
| - | * Practical part: Permissions, encrypt/decrypt, MAC, Trust Store | ||
| - | |||
| - | |||
| - | ==== Lecture ==== | ||
| - | |||
| - | |||
| - | *{{:osp:lectures:lecture-4.pdf | Lecture Slides}} | ||
| - | |||
| - | {{url>http://ocw.cs.pub.ro/courses/_media/osp/lectures/lecture-4.pdf}} | ||
| - | |||
| - | |||
| - | ==== Practical ==== | ||
| - | |||
| - | |||
| - | === Task 1 - List Permissions === | ||
| - | |||
| - | List all permissions currently known by the system using the **pm** command. Display more information about each permission using **-f** (defining package, label, description and protection level). | ||
| - | |||
| - | |||
| - | === Task 2 - Custom Permissions === | ||
| - | |||
| - | Create an application with 2 activities. In each activity display a specific message using a **TextView**. Declare a new permission in the manifest file (permission tree, permission group and the actual permission). The permission must have the protection level **dangerous**. For the second activity, request the new permission (**android:permission**). Run this application. | ||
| - | |||
| - | Create another application with a single activity. In the activity include a button which will be used to start the second activity of the first application. To do this, first we will to define an intent filter in the manifest file of the first application in the second activity node. | ||
| - | |||
| - | <code> | ||
| - | <intent-filter> | ||
| - | <action android:name="com.example.user.application1.startSecondActivity" /> | ||
| - | </intent-filter> | ||
| - | </code> | ||
| - | |||
| - | Second, we will need an intent for launching an activity from another application: | ||
| - | |||
| - | <code> | ||
| - | Intent i = new Intent(); | ||
| - | |||
| - | // Replace the package name and full qualified name of the second activity with the ones from your package | ||
| - | i.setComponent(new ComponentName("com.example.user.application1", "com.example.user.application1.MainActivity2Activity")); | ||
| - | |||
| - | // The action string represents the intent filter name defined in the manifest file of the first application | ||
| - | i.setAction("com.example.user.application1.startSecondActivity"); | ||
| - | |||
| - | startActivity(i); | ||
| - | </code> | ||
| - | |||
| - | Run the application. When pressing the button you should get a SecurityException (Permission Denied). For solving this, use the declared permission in the manifest of the second application. | ||
| - | |||
| - | === Task 3 - Generate and Verify HMAC === | ||
| - | |||
| - | In the first application (with 2 activities), include an **EditText** and a button in the first activity. When the user types a text and presses the button, it will send the text to the second activity through an intent (**putExtra**). In the second activity, get the message from the Intent and display it in the TextView. | ||
| - | |||
| - | In the first activity generate a symmetric key using **KeyGenerator** for HmacSha256 algorithm. Save this key in a Singleton (that can be accessed from both activities). Then generate the HMAC of the text introduced by the user (using **Hmac** with HmacSha256 algorithm) and send the HMAC along with the initial message (through the Intent). In the second activity, obtain the HMAC from the Intent, obtain the Singleton, get the symmetric key and recompute the HMAC.If the HMAC is valid (equal with the recomputed one), Display the message "Data is unmodified". | ||
| - | |||
| - | Hint: Send data and HMAC as byte arrays in the Intent. | ||
| - | |||
| - | === Task 4 - Encrypt and Decrypt Data === | ||
| - | |||
| - | In the first activity generate another symmetric key using **KeyGenerator** for AES algorithm (or use the same key from Task 2). Save the key in the Singleton. Encrypt the text typed by the user using **Cipher** with algorithm AES/CBC/PKCS5Padding. Send the ciphertext through the Intent to the second activity (instead of the plain text). Also send the initialization vector (IV). In the second activity, extract the ciphertext and IV from the Intent, decrypt the ciphertext using **Cipher** and display it in the TextView. | ||
| - | |||
| - | Hint: In the first activity, compute the MAC and then encrypt the data. In the second activity, decrypt the data and then verify the MAC. | ||
| - | Hint: Send ciphertext, IV and HMAC as byte arrays in the Intent. | ||
| - | Hint: Use **doFinal** to directly encrypt and decrypt (no need for update + doFinal). | ||
| - | |||
| - | |||
| - | === Bonus - Task 5 - Display System Trust Store === | ||
| - | |||
| - | Create an application and display the system (default) trust store using the TrustManager. | ||
