Contenu connexe Similaire à Kerberos + Android: A Tale of Opportunity (20) Kerberos + Android: A Tale of Opportunity3. Why Go Mobile?
80%
of the world's population now has a
mobile phone.
( 5 Billion Phones )
Slide 3 / 39 © Copyright 2012 yaSSL
4. Why Go Mobile?
21.6%
Of those 80%,
1.08 Billion
are smartphones.
Slide 4 / 39 © Copyright 2012 yaSSL
5. Why Go Mobile?
In the US:
60% 40% the ratio is even higher, with
smartphones making up 40% of all
mobile phones.
Slide 5 / 39 © Copyright 2012 yaSSL
6. OK, well why Android?
Slide 6 / 39 © Copyright 2012 yaSSL
7. Android?
Reason 1: US Market Dominance
iPhone
28%
U.S. Android
Smartphones == 40%
(40%)
Blackberry
19%
Windows Mobile, 7%
Windows Phone 7, 1%
Other, 5%
Slide 7 / 39 © Copyright 2012 yaSSL
8. Android?
Reason 2: Consumer Popularity
• 100 million activated Android devices (now 400,000 / day)
• 200,000 apps in Android Market (4.5 billion activations to date)
• 310 devices available to consumers (112 countries)
Slide 8 / 39 © Copyright 2012 yaSSL
9. Android?
Reason 3: Developer Popularity
• 450,000 developers
building for the platform!
Slide 9 / 39 © Copyright 2012 yaSSL
10. Android.
Meaning?
• Opportunity for increased Kerberos visibility
• Useful for Android and Kerberos developers
• Fun to see where the community takes it
Slide 10 / 39 © Copyright 2012 yaSSL
11. Our Plan
What we wanted to do.
Slide 11 / 39 © Copyright 2012 yaSSL
12. Goals
We wanted to fill a missing gap.
1. Port Kerberos libraries to Android
2. Port some C-based Kerberos client apps to Android
kinit
klist
kvno
kdestroy
Slide 12 / 39 © Copyright 2012 yaSSL
13. Goals
We wanted to spark community involvement.
3. Build a sample Android NDK App (with a simple GUI)
4. Give changes back to community
Slide 13 / 39 © Copyright 2012 yaSSL
14. Action!
What we did.
Slide 14 / 39 © Copyright 2012 yaSSL
16. Crypto
Added new CyaSSL crypto implementation
• Kerberos crypto options:
CyaSSL, OpenSSL, NSS, built-in
Slide 16 / 39 © Copyright 2012 yaSSL
17. Crypto
Added new CyaSSL crypto implementation
• CyaSSL is very portable
Slide 17 / 39 © Copyright 2012 yaSSL
19. Android Port
Kerberos Libraries + CyaSSL Android.
• Cross-compiled libraries for Android
• Created shell script for easy reproduction by developers
Slide 19 / 39 © Copyright 2012 yaSSL
21. Android App
Simple sample NDK project
Home Screen
• Single screen
• Uses JNI
• Wrapper around native
client apps
Slide 21 / 39 © Copyright 2012 yaSSL
22. Android App
Simple sample NDK project
kinit
• Gets a ticket using
specified principal
Slide 22 / 39 © Copyright 2012 yaSSL
23. Android App
Simple sample NDK project
klist
• Lists our tickets
Slide 23 / 39 © Copyright 2012 yaSSL
24. Android App
Simple sample NDK project
kvno
• Gets a service ticket for
the entered principal
Slide 24 / 39 © Copyright 2012 yaSSL
25. Android App
Simple sample NDK project
klist after kvno
• Verify that we got a
ticket
Slide 25 / 39 © Copyright 2012 yaSSL
26. Android App
Simple sample NDK project
kdestroy
• Clear our ticket cache
Slide 26 / 39 © Copyright 2012 yaSSL
27. Android App
Notes
• Uses a keytab instead of passwords
• Storage locations have been chosen for convenience
Can be easily modified to what the developer needs
Currently at /data/local/kerberos
Slide 27 / 39 © Copyright 2012 yaSSL
28. Android App
License Type
• Application code will remain under the MIT license
Slide 28 / 39 © Copyright 2012 yaSSL
30. GSS-API
Java Wrapper
• Provide Java bindings for developers to use
• Uses framework
• Wrapper around native Kerberos GSS-API library
(Contains functionality found in gssapi.h)
Slide 30 / 39 © Copyright 2012 yaSSL
31. GSS-API
Java Wrapper
2 example clients:
• Android client functionality
• Stand-alone Java app for desktop use
Slide 31 / 39 © Copyright 2012 yaSSL
32. GSS-API
Integrated into sample app.
Example Client
• Est. context with example server
• Send wrapped message, verify
returned sig. block (gss_wrap,
gss_verify_mic)
• Repeat #2, but with gss_seal,
gss_verify
• Misc. API tests and exit.
Slide 32 / 39 © Copyright 2012 yaSSL
33. GSS-API
Integrated into sample app.
Example Server
• Est. context with client
• Receive and unwrap a message from the client
• Generate & send signature block for received message
Slide 33 / 39 © Copyright 2012 yaSSL
34. The Future
What's happening next?
Slide 34 / 39 © Copyright 2012 yaSSL
35. The Future
Look to the Community.
Availability
• Code will be linked from both MIT and yaSSL websites
Slide 35 / 39 © Copyright 2012 yaSSL
36. The Future
Look to the Community.
PR Activity / Visibility
• Blog posts
• Forum posts
• Press releases
• GitHub
• Mailing lists
• etc...
Slide 36 / 39 © Copyright 2012 yaSSL
37. The Future
Other ideas or thoughts?
Slide 37 / 39 © Copyright 2012 yaSSL
38. References
Statistics
• http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/
• http://www.go-gulf.com/blog/smartphone
• http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40-
percent-are-android/
• Google I/O 2011: http://www.google.com/events/io/2011
Project Locations
Kerberos: http://web.mit.edu/kerberos/
CyaSSL: http://www.yassl.com/
• Android NDK App: https://github.com/cconlon/kerberos-android-ndk
• GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapi
Slide 38 / 39 © Copyright 2012 yaSSL
39. Thanks!
www.yassl.com
Slide 39 / 39 © Copyright 2012 yaSSL