Groß T, Ahmadova M, Müller T (2019)
Publication Language: English
Publication Type: Conference contribution, Conference Contribution
Publication year: 2019
Publisher: Association for Computing Machinery
Conference Proceedings Title: Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019)
Event location: Canterbury, United Kingdom
ISBN: 9781450371643
We investigate the amount of information leakage through unencrypted metadata in Android’s file-based encryption(FBE) which was introduced as an alternative to the pre- viously dominating full-disk encryption (FDE) in Android 7.0. We propose a generic method, and provide appropriate tool- ing, to reconstruct forensic events on Android smartphones encrypted with FBE. Based on a dataset of 3903 applications, we show that metadata of files can be used to reconstruct the name, version and installation date of all installed apps. Furthermore, we show that, depending on a specific app, information leakages through metadata can even be used to reconstruct a user’s behavior. For the example of WhatsApp, we show that the point of time a user sent or received her last message can be traced back even though the phone was encrypted. Our approach requires access to the raw data of an encrypted disk only but does not require access to a powered-on device or the bootloader, such as known attacks against FDE including cold boot and evil maid. We conclude that FBE is significantly more insecure than FDE and was presumably elected for usability reasons like direct boot.
APA:
Groß, T., Ahmadova, M., & Müller, T. (2019). Analyzing android’s file-based encryption: Information leakage through unencrypted metadata. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019). Canterbury, United Kingdom: Association for Computing Machinery.
MLA:
Groß, Tobias, Matanat Ahmadova, and Tilo Müller. "Analyzing android’s file-based encryption: Information leakage through unencrypted metadata." Proceedings of the International Workshop on Security of Mobile Applications (IWSMA 2019), Canterbury, United Kingdom Association for Computing Machinery, 2019.
BibTeX: Download