Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Gigigo Workshop - iOS Extensions
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Kerberos + Android: A Tale of Opportunity

Download to read offline

Slides from Chris Conlon's presentation about yaSSL's work porting the CyaSSL embedded SSL library, the MIT Kerberos library, and the Kerberos GSS-API to the Android platform.

To learn more, visit www.yassl.com.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Kerberos + Android: A Tale of Opportunity

  1. 1. Kerberos + Android A Tale of OpportunitySlide 1 / 39 © Copyright 2012 yaSSL
  2. 2. Platform Decisions The StatisticsSlide 2 / 39 © Copyright 2012 yaSSL
  3. 3. Why Go Mobile? 80% of the worlds population now has a mobile phone. ( 5 Billion Phones )Slide 3 / 39 © Copyright 2012 yaSSL
  4. 4. Why Go Mobile? 21.6% Of those 80%, 1.08 Billion are smartphones.Slide 4 / 39 © Copyright 2012 yaSSL
  5. 5. Why Go Mobile? In the US: 60% 40% the ratio is even higher, with smartphones making up 40% of all mobile phones.Slide 5 / 39 © Copyright 2012 yaSSL
  6. 6. OK, well why Android?Slide 6 / 39 © Copyright 2012 yaSSL
  7. 7. Android? Reason 1: US Market Dominance iPhone 28% U.S. Android Smartphones == 40% (40%) Blackberry 19% Windows Mobile, 7% Windows Phone 7, 1% Other, 5%Slide 7 / 39 © Copyright 2012 yaSSL
  8. 8. Android? Reason 2: Consumer Popularity •  100 million activated Android devices (now 400,000 / day) •  200,000 apps in Android Market (4.5 billion activations to date) •  310 devices available to consumers (112 countries)Slide 8 / 39 © Copyright 2012 yaSSL
  9. 9. Android? Reason 3: Developer Popularity •  450,000 developers building for the platform!Slide 9 / 39 © Copyright 2012 yaSSL
  10. 10. Android. Meaning? •  Opportunity for increased Kerberos visibility •  Useful for Android and Kerberos developers •  Fun to see where the community takes itSlide 10 / 39 © Copyright 2012 yaSSL
  11. 11. Our Plan What we wanted to do.Slide 11 / 39 © Copyright 2012 yaSSL
  12. 12. Goals We wanted to fill a missing gap. 1.  Port Kerberos libraries to Android 2.  Port some C-based Kerberos client apps to Android kinit klist kvno kdestroySlide 12 / 39 © Copyright 2012 yaSSL
  13. 13. Goals We wanted to spark community involvement. 3.  Build a sample Android NDK App (with a simple GUI) 4.  Give changes back to communitySlide 13 / 39 © Copyright 2012 yaSSL
  14. 14. Action! What we did.Slide 14 / 39 © Copyright 2012 yaSSL
  15. 15. 1. Crypto ImplementationSlide 15 / 39 © Copyright 2012 yaSSL
  16. 16. Crypto Added new CyaSSL crypto implementation •  Kerberos crypto options: CyaSSL, OpenSSL, NSS, built-inSlide 16 / 39 © Copyright 2012 yaSSL
  17. 17. Crypto Added new CyaSSL crypto implementation •  CyaSSL is very portableSlide 17 / 39 © Copyright 2012 yaSSL
  18. 18. 2. PortingSlide 18 / 39 © Copyright 2012 yaSSL
  19. 19. Android Port Kerberos Libraries + CyaSSL Android. •  Cross-compiled libraries for Android •  Created shell script for easy reproduction by developersSlide 19 / 39 © Copyright 2012 yaSSL
  20. 20. 3. Android ApplicationSlide 20 / 39 © Copyright 2012 yaSSL
  21. 21. Android App Simple sample NDK project Home Screen •  Single screen •  Uses JNI •  Wrapper around native client appsSlide 21 / 39 © Copyright 2012 yaSSL
  22. 22. Android App Simple sample NDK project kinit •  Gets a ticket using specified principalSlide 22 / 39 © Copyright 2012 yaSSL
  23. 23. Android App Simple sample NDK project klist •  Lists our ticketsSlide 23 / 39 © Copyright 2012 yaSSL
  24. 24. Android App Simple sample NDK project kvno •  Gets a service ticket for the entered principalSlide 24 / 39 © Copyright 2012 yaSSL
  25. 25. Android App Simple sample NDK project klist after kvno •  Verify that we got a ticketSlide 25 / 39 © Copyright 2012 yaSSL
  26. 26. Android App Simple sample NDK project kdestroy •  Clear our ticket cacheSlide 26 / 39 © Copyright 2012 yaSSL
  27. 27. Android App Notes •  Uses a keytab instead of passwords •  Storage locations have been chosen for convenience Can be easily modified to what the developer needs Currently at /data/local/kerberosSlide 27 / 39 © Copyright 2012 yaSSL
  28. 28. Android App License Type •  Application code will remain under the MIT licenseSlide 28 / 39 © Copyright 2012 yaSSL
  29. 29. 4. GSS-API WrapperSlide 29 / 39 © Copyright 2012 yaSSL
  30. 30. GSS-API Java Wrapper •  Provide Java bindings for developers to use •  Uses framework •  Wrapper around native Kerberos GSS-API library (Contains functionality found in gssapi.h)Slide 30 / 39 © Copyright 2012 yaSSL
  31. 31. GSS-API Java Wrapper 2 example clients: •  Android client functionality •  Stand-alone Java app for desktop useSlide 31 / 39 © Copyright 2012 yaSSL
  32. 32. GSS-API Integrated into sample app. Example Client •  Est. context with example server •  Send wrapped message, verify returned sig. block (gss_wrap, gss_verify_mic) •  Repeat #2, but with gss_seal, gss_verify •  Misc. API tests and exit.Slide 32 / 39 © Copyright 2012 yaSSL
  33. 33. GSS-API Integrated into sample app. Example Server •  Est. context with client •  Receive and unwrap a message from the client •  Generate & send signature block for received messageSlide 33 / 39 © Copyright 2012 yaSSL
  34. 34. The Future Whats happening next?Slide 34 / 39 © Copyright 2012 yaSSL
  35. 35. The Future Look to the Community. Availability •  Code will be linked from both MIT and yaSSL websitesSlide 35 / 39 © Copyright 2012 yaSSL
  36. 36. The Future Look to the Community. PR Activity / Visibility •  Blog posts •  Forum posts •  Press releases •  GitHub •  Mailing lists •  etc...Slide 36 / 39 © Copyright 2012 yaSSL
  37. 37. The Future Other ideas or thoughts?Slide 37 / 39 © Copyright 2012 yaSSL
  38. 38. References Statistics •  http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/ •  http://www.go-gulf.com/blog/smartphone •  http://blog.nielsen.com/nielsenwire/online_mobile/40-percent-of-u-s-mobile-users-own-smartphones-40- percent-are-android/ •  Google I/O 2011: http://www.google.com/events/io/2011 Project Locations Kerberos: http://web.mit.edu/kerberos/ CyaSSL: http://www.yassl.com/ •  Android NDK App: https://github.com/cconlon/kerberos-android-ndk •  GSS-API Java Wrapper: https://github.com/cconlon/kerberos-java-gssapiSlide 38 / 39 © Copyright 2012 yaSSL
  39. 39. Thanks! www.yassl.comSlide 39 / 39 © Copyright 2012 yaSSL

Slides from Chris Conlon's presentation about yaSSL's work porting the CyaSSL embedded SSL library, the MIT Kerberos library, and the Kerberos GSS-API to the Android platform. To learn more, visit www.yassl.com.

Views

Total views

3,586

On Slideshare

0

From embeds

0

Number of embeds

5

Actions

Downloads

13

Shares

0

Comments

0

Likes

0

×