The efficient implementation of the Android kernel with China standard cryptographic algorithm

INTRODUCTION In recent years, with the rapid development of mobile Internet, mobile terminal intelligent devices have become popular, people use intelligent mobile terminal to obtain news information, social activities, entertainment shopping. Gradually, the intelligent mobile terminal has replaced the PC as an indispensable part of human life, work, and study. In many mobile phone operating system, The Android operating system [1] based on Linux, founded by Googles Open Handset Alliance, is one of the hottest device operating system. And its open source and easy to operate the characteristics, which has been attracting much attention of the equipment manufacturer and consumers of electronic products. With the popularity of Android devices, Android’s open source feature as the risk brought about also threatens the security of the Android platform, Personal information of their phones have become the most anxious for the user. Android system itself has provided a complete set of encryption system, that is, the use of traditional encryption algorithm for sensitive data within the system and application software signature and encryption to enhance system security. With the hardware processing speed and decryption means continue to improve, the traditional encryption algorithm is facing a serious challenge, Such as the confidentiality of the RSA algorithm with the increase of the key length, it does necessary to increase the key length in order to improve the security of the data, This will reduce the speed of the algorithm. Traditional encryption algorithm is not only been further studied, also its been attacked. There is a cracked security risks, in which it makes the personal information stored in the Android system and sensitive data faced a serious threat. Cryptography algorithm, especially the encryption algorithm is the core of information security, so in a high security environment, we should use a better performance of the password algorithm. In recent years, China has also made great progress in cryptographic algorithms, The Chinese cryptography professor has cracked the world’s two major cryptographic algorithms MD5 [2] and SHA1[3]. National Commercial Cryptography Administration has also announced SM2 algorithm, SM3 algorithm, and SM4 algorithm. Therefore, considering the security of cryptographic algorithms and Chinese law in communications security, this research and analysis for the encryption mechanism of Android kernel, the domestic encryption algorithm SM2/SM3/SM4 encryption algorithm is added to the original Android to replace the AOSP system, transformation of safety of domestic cryptographic algorithms based on Android kernel. In order to improve the encryption efficiency of the system, provide confidentiality and integrity protection, and promote the application of National cryptographic algorithms.

ANDROID SECURITY MECHANISM AND ENCRYPTION SERVICE A. Security model Android uses a layered system architecture, which consists of the Linux kernel layer, the hardware abstraction layer, the system runtime library layer, the application framework layer and the application layer [4]. Figure 1 shows the architecture of Android. Android is based on the Linux operating system kernel, which implements the core functions of hardware device driver, process and memory management, network protocol stack, power management and so on. In addition, Android also increased the number of mobile devices for specific functions, such as Low Memory Killer, Ashmem (Anonymous Shared Memory), and Binder. These enhancements to help further the Androids memory management, inter process communication (IPC) and other aspects of security. Android mechanism also uses the security features provided by the Linux kernel, using Linux user isolation mechanism to achieve Android application sandbox mechanism. During the installation phase of the application, Android automatically provide for each application with unique UID (User ID), application execution on the specific process in the UID operation, in addition, each application has a special data read and write permissions for their own directory. So the application sandbox mechanism ensures that each application runs in its own independent space, the mutual interference between each other, thus greatly enhance the protection of user privacy, and stability and running application security [5]. Because the Android application sandbox mechanism makes a process can access the memory of another process space, so as to achieve inter process communication, Binder as a new IPC mechanism for Android came into being. Binder is based on the design and conception of OpenBinder, and realizes the distributed component architecture based on abstract interface. The Binder mechanism in the kernel space to increase the process identifier, thus, the caller can not exceed the allowed permission system to obtain through forged identity, so it can prevent the occurrence of right phenomenon, improve safety. B. Encryption Service The encryption service of the Android system can protect the system security based on the Java encryption architecture [5]. Supported encryption algorithms includes: DES algorithm, AES algorithm, DH algorithm, RSA algorithm, MD5 algorithm, SHA-1, SHA-256, etc.. DES (Data Encryption Standard) is one of the most popular block cipher which also widely used in the world [6]. It is developed by the United States IBM company, it is the length of the plaintext packet of 64 bits, the key length of 56 bits. To express in three stages, the first is the initial replacement, then has the same function in the 16 round of transformation, and finally after an inverse initial permutation; where was the key point, first through a replacement function, then the encryption process of each round, produce a sub key through a circular left shift and replacement. The decryption algorithm of DES is the same as what the encryption algorithm, while the sub key is used in reverse order [7]. AES (Advanced Encryption Standard)is a block encryption standard adopted by the federal government[8]. Issued by the National Institute of standards and Technology (NIST) that has become one of the most popular algorithms for symmetric key encryption [9]. AES algorithm is a block cipher with block length and key length. The key length and the block length may be independently designated as 128 bits, 192 bits, and 256 bits. AES algorithm is the most basic transformation unit ”round” multiple iterations. The round function is composed of four different internal functions: ByteSubShiftRowMixColumnAddRoundKey. The decryption of the algorithm is only in the opposite direction inversion encryption [7]. DH (Diffie-Hellman) key exchange protocol is the first public key cryptosystem proposed by W.Diffie and M.Hellman in 1976 [10]. The purpose of the algorithm is to enable two users to exchange keys safely, and to obtain a shared session key. The security of the algorithm based on the difficulty of finding discrete logarithms. The RSA algorithm was constructed by R.Rivst, A.Shamir, and L.Adleman in 1978 [11]. It is also the most mature and perfect public key cryptosystem.