“Photo by FLO:D on Unpslash https://unsplash.com/photos/yQYQJaiypZE“
Technology advancements are constantly reshaping the way we communicate and conduct business. As the CTO of NowSecure, a mobile application security testing SaaS provider, I want to discuss a topic I believe is of timely relevance: post-quantum security and in particular within the mobile application context. The cryptographic landscape is on the verge of major disruption and it’s important for organizations to proactively assess the impact of these impending, strong cryptographic capabilities on their iOS and Android applications.
In this blog post, we will delve into the significance of post-quantum cryptography (PQC) and provide actionable suggestions for creating cryptographic inventories and safeguarding mobile apps in the face of impending quantum advancements that will likely come sooner than anticipated.
Post-Quantum Cryptography (PQC) & Y2Q
Post-quantum cryptography and the moniker Y2Q generally refer to the period of time in which quantum computers are sufficiently powerful such that existing classical systems and cryptographic security widely employed today are considered inferior and insufficient. Many encryption methods utilized today are based on the difficulty of prime factorization of large numbers with classical computing taking years to decrypt whereas quantum computers, leveraging Shor’s algorithm, will be able to decrypt this type of encryption in minutes. The deployment of sufficiently powerful large-scale (high qubit) quantum computers may still be 1-2 years away or 3-5 years away depending on who you ask, but the need to anticipate and prepare for their arrival is crucial. Regarding PQC we will discuss the following three components: Key Exchange Mechanism (KEM), Block Cipher, and Digital Signature Verification System (DSVS). In general our recommendation is to leverage static and dynamic binary analysis.
Key Exchange Mechanism (KEM) and Block Cipher
Organizations must carefully evaluate their mobile apps and supporting ecosystems to identify potential weaknesses in block ciphers and key management schemes currently in use. Luckily AES-256 is a commonly used standard for block ciphers and remains secure against quantum attacks for now.
- Recommendation: Leverage static (source and binary) and dynamic (runtime) analysis. First and third-party usage of unsafe block ciphers must be uncovered and inventoried. If possible, update to safe block cipher algorithm usage, and check applications for performance and functional testing. However, the challenge lies in securely distributing the encryption keys as this process is vulnerable to quantum decryption.
To ensure robust post-quantum security, NIST has approved CRYSTALS-Kyber as the standard KEM, replacing the widely used Diffie-Hellman algorithm. CRYSTALS-Kyber utilizes lattice-based cryptography for secure key exchange, which has been proven to mitigate the vulnerabilities posed by the availability of quantum decryption capabilities.
- Recommendation: Evaluate the use of CRYSTALS-Kyber in critical infrastructure and mobile applications to fortify resistance against quantum computing attacks. Reference implementations for CRYSTALS-Kyber are available for evaluation. Check for compatibility issues, performance and timing requirements, and follow updates to libraries such as OpenSSL for industry-wide adoption of PQC.
In the face of advancing quantum technologies, organizations should begin to prioritize the evaluation and preparation of their mobile application security cryptography.
Take Inventory of Mobile Applications
To ensure readiness for post-quantum cryptographic security, it is crucial for organizations to conduct a thorough inventory of their mobile applications and the variety of cryptographic algorithms and schemes being employed in both first-party and third-party components. This process involves identifying the cryptographic algorithms, key exchange mechanisms, and digital signature verification systems employed within each app and sub-component. By understanding the cryptographic usage across their mobile app ecosystem, organizations can proactively assess their vulnerability to quantum attacks and prepare for “cryptographic agility” as the landscape evolves. Given an ecosystem of services in which an application is run, a mobile application will likely be employing multiple cryptographic algorithms, keys, initialization vectors and unique configurations to meet its current needs.
- Recommendation: On average we anticipate 5-10 substantive cryptography related updates per application, more for third-party code, and a need to regularly test for updates when new dependencies are added to the application. Use tools to help with catching up and staying there.
One way to collect information about cryptographic primitives employed in a mobile app is using Frida, an open-source project sponsored by NowSecure and developed by NowSecure researchers (Ole André Vadla Ravnås). Frida is a dynamic binary instrumentation framework that allows “hooking” code at runtime and potentially changing its behavior. In this case we don’t want to change what the app is doing and rather we want to passively observe the code that calls crypto and collect traces of the configurations. There are some community scripts for doing this, e.g., for Android/Java and iOS. These examples demonstrate how one can selectively emit a message each time a cryptographic algorithm is initialized and the parameters such as the Initialization Vector (IV), or the Key.
iOS:
// snippet for hooking CCCrypt on iOS
// ref: https://codeshare.frida.re/@xperylab/cccrypt-dump/
// 8< -----------------------snip---------------------------------- 8<
var func_crypto = Module.findExportByName('libcommonCrypto.dylib', 'CCCrypt');
var out;
var outLen;
Interceptor.attach(func_crypto, {
onEnter: function(args) {
var valuein = '';
try {
valuein = Memory.readUtf8String(args[6]);
} catch (error) {
var dataLength = args[7].toInt32();
valuein = base64(Memory.readByteArray(args[6], dataLength));
}
console.log('Value In: ' + valuein);
var key = Memory.readByteArray(args[3], 32);
console.log('Key: ' + base64(key));
var iv = Memory.readByteArray(args[5], 16);
console.log('IV: ' + base64(iv));
out = args[8];
outLen = args[9];
},
onLeave: function(retval) {
var valueout = '';
try {
valueout = Memory.readUtf8String(out);
} catch (error) {
var dataLength = outLen.toInt32();
valueout = base64(Memory.readByteArray(out, dataLength));
}
console.log('Value Out: ' + valueout);
console.log('\n');
}
});
// 8< -----------------------snip---------------------------------- 8<
Android:
// ref: https://codeshare.frida.re/@ninjadiary/secret-diary-of-frinja
// 8< -----------------------snip---------------------------------- 8<
// Cipher
var cipher = Java.use("javax.crypto.Cipher");
cipher.getInstance.overload('java.lang.String').implementation = function (var0) {
console.log("[*] Cipher.getInstance called with algorithm: " + var0 + "\n");
return this.getInstance(var0);
};
cipher.getInstance.overload('java.lang.String', 'java.lang.String').implementation = function (var0, var1) {
console.log("[*] Cipher.getInstance called with algorithm: " + var0 + " and provider: " + var1 + "\n");
return this.getInstance(var0, var1);
};
cipher.getInstance.overload('java.lang.String', 'java.security.Provider').implementation = function (var0, var1) {
console.log("[*] Cipher.getInstance called with algorithm: " + var0 + " and provider: " + var1 + "\n");
return this.getInstance(var0, var1);
};
cipher.doFinal.overload('[B').implementation = function (b) {
console.log("Cipher.doFinal called by " + Log.getStackTraceString(Exception.$new()));
return cipher.doFinal.overload("[B").call(this, b);
};
// 8< ---------snip------------ 8<
These snippets demonstrate the power Frida has in being able to observe the relevant cryptographic calls at runtime and emit logging details. However, doing this at scale, across two distinct platforms and trying to collect details across so many potential ways to perform cryptography is a daunting task. That is why I recommend engaging with NowSecure if you are an enterprise that is beginning a journey to address Y2Q or concerned about implementing PQC.
Inventory Cryptographic Usage with NowSecure Platform
At NowSecure, we recognize the significance of inventorying cryptographic usage within mobile applications. To assist our customers in this endeavor, we offer a cutting-edge mobile application security testing SaaS solution that facilitates the preliminary inventorying process. NowSecure Platform provides static binary and dynamic runtime analysis of applications and cryptographic algorithms, key exchange mechanisms, and digital signature verification systems utilized across mobile app portfolios. And yes, we use Frida. By leveraging NowSecure Platform,, organizations can gain valuable insights into their cryptographic landscape and make informed decisions to enhance post-quantum security. Of course we’re not perfect and we are always looking at adding additional coverage of cryptographic algorithms that would be affected by Y2Q.
In conclusion and in the face of advancing quantum technologies, organizations should begin to prioritize the evaluation and preparation of their mobile application security cryptography as early as possible. This will be a marathon not a sprint. We expect most applications to require 5-10 substantive updates and many more for apps with complicated dependencies.
Post-quantum cryptography as approved by NIST offers a defense against quantum attacks and mobile app infrastructure and client code need to embrace these advancements. By proactively inventorying their cryptographic usage, organizations can identify potential vulnerabilities and implement the necessary measures to safeguard their mobile applications. NowSecure is ready to assist our customers in navigating this critical transition and ensuring their mobile app security remains resilient in the quantum era.
Note: This blog post was written by a human with AI assistance. I’d also like to thank Damien Fortune of Secured Communications for his input.
References
- NIST – NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
- FS-ISAC’s Post-Quantum Cryptography Working Group has released a report on preparing for a post-quantum world.
- Frida script for collecting Android cryptography runtime information
- Frida script for collecting iOS cryptography runtime info
- CRYSTALS-Kyber (NPM)
- CRYSTALS-Kyber (C implementation)
- CRYSTALS-Dilithium
- NowSecure Platform
