White Paper: Securing Mobile Banking Apps with MASC

INTRODUCTION

Consumers have quickly embraced their mobile phone & apps as the default tool for conducting their day-today business and personal finance. They expect their mobile apps to offer full-service facilities with a minimum of fuss. To retain a competitive edge, organizations and app providers are in a race to offer more functionality together with near-frictionless authentication and approval mechanisms. As these mobile apps get richer and offer access to more resources, they become more attractive to attackers.

It’s easy to describe a situation where a poorly designed mobile banking platform could offer a huge attack surface and the opportunity to compromise individual accounts or the complete infrastructure. The liability costs and reputational damage from such an attack could easily run into 8 figures and last long in consumers’ memories.

Unlike a bank’s traditional IT infrastructure and processes, mobile apps are required to be freely available on public servers. This provides a playground for attackers to download and exploit weaker applications in their own time.

Cryptomathic’s MASC solution is designed to protect the integrity of valuable mobile apps in the banking, finance, government, digital ID and related markets.

Fundamentally, most finance and ID-related apps share the same challenges: they all need to ensure that the apps offer a sufficient level of protection against attacks ‘on the phone’ from adjacent malware (that may have been installed by naive users) and against professional and dedicated attacks on an emulated or rooted platform.

Deploying an app for securely executing financial transactions requires attention to the following challenges:

Building a secure, yet convenient registration workflow.
Implementing reverse-engineering resistance through techniques such as anti-debugging, anti tampering, anti-jailbreaking and emulation detection.
Preserving multi-channel security.
Storing customer credentials and sensitive key material in a secure manner, ideally independent of OS repositories.
Being able to uniquely identify devices through fingerprinting techniques that cannot be reverse engineered.
Establishing a trustworthy connection to the backend to be able to exchange data and ultimately approve transactions.

All the above is required while delivering the smooth workflow users expect and across iterations of hardware and OS versions. Offering this level of integrity must not hamper either developers or innovation: a perfectly secure app that takes years to come to market or offers poor usability is of no value.

CRYPTOMATHIC MASC

Cryptomathic Mobile App Security Core (MASC) is a security solution, consisting of a software development kit (SDK) and backend services for apps managing highly sensitive digital assets. It comprises multiple layers of mutually reinforcing mobile app security components that are provided with a simple, easy-to-use API.

It enables app developers to focus on developing excellent business applications while leaving the specialist and securitycritical parts to MASC. Protecting applications in a hostile environment is an arms race with attackers. To stay ahead, MASC provides an evolutionary security framework through regular updates of defense mechanisms and randomization of protections.

MASC offers technology for reverse-engineering resistance, jailbreak / root detection and secure configuration and operation of generic mobile apps. MASC is aimed mainly at apps for handling critical digital assets and communication that need to perform sensitive cryptography. It features multiple layers of security: libraries for security protocols, TLS authentication with pinned certificates and third-party libraries integrated for malware detection and device fingerprinting.

To provide 360-degree protection, there are additional mechanisms for obfuscation, anti-tamper and anti-debug, as well as a reporting scheme allowing for live monitoring and dynamic analysis of the current threat landscape. A central part of MASC is the ability to provide the business application with secure storage and independent cryptographic functions.

The storage is independent of any offered by the device or OS and can be used to protect critical cryptographic keys; for instance application keys or communication keys for entities like the backend services.

MASC IMAGE 1

MASC SECURITY CONCEPTS

The Sentinel Framework Cryptomathic
MASC’s multi-layered evolutionary security is designed to protect against the ever-changing threat landscape, with protection measures resistant to today's attacks and responsive to future needs. MASC stays ahead of attackers by offering regular updates to the mobile app security layers and defense mechanisms. The building blocks for proactive protections and Runtime Application Self-Defense are provided by ‘sentinels’ scattered around in the MASC library. They appear and operate in many different ways to detect and react to attacks:
- The detectors have been fine-tuned over several code generations and are known to work very well in deployed customer scenarios.
- The detectors differ on how aggressively they search and what they try to detect.
- The reaction can be as soft as a warning message to the backend system or set to extremely aggressive, such as crashing the application.
MASC’s anti-debugging and anti-reverse engineering measures also fit into the sentinel framework, randomly distributing detections and reactions throughout the MASC code. The combination of regular updates of the security layers and the randomization of the sentinel framework makes each release of MASC a new adversary for an attacker.

This means that the MASC defense mechanisms remain a moving target for attackers and prevent the circumvention of the countermeasures.
Assurances

Apps and mobile software components are rarely standalone. They frequently perform their most important operations on various backend systems, and both parties in this communication need assurance that they are talking to an authentic partner at the other end.

Assurance and API Protection

Assurance makes it possible to control who has access to using private backend APIs and gives a high confidence that the backend is talking to a genuine app - in the same manner the app knows that it is talking to the genuine backend. This security mechanism introduces several layers of obfuscation in the build process for protection of the assurance building blocks. The MASC sentinel framework protects the software component against reverse-engineering and tampering. A challengeresponse protocol based on the above building blocks assures the server that it talks to a genuine app. This also serves to protect the server API from unauthorized access, by preventing non-approved 3rd party apps or aggregators from accessing the APIs, already at the outer perimeter.

Device Assurance

It is possible to upgrade the Assurance to work with device / app specific secrets. This is known as a device binding and can be done after the first contact between a newly installed app and the server backend. The binding protocol with the backend authenticates the software and backend to each other without sending the shared secrets across the network in-the-clear.

Device-unique keys are negotiated to protect communication with this device and identify this device (app installation) on subsequent encounters.
Secure connectivity

MASC is designed to be responsible for secure communication between the business app and the backend systems. MASC provides the ability for customers to set up a root certificate store independent of the device certificate store. Server certificate pinning is provided. To ensure that the app only communicates with the intended system, it maintains its own root certificate store. It implements pinned server certificate verification and as well as client certificate storage. The range of measures, provided by MASC, to secure communications are described here.

HTTPS Tunneling

HTTPS traffic to the backend must be tunneled through MASC to be able to use the keys controlled by MASC, this means that an attacker cannot just circumvent MASC. The HTTPS tunneling applies a whitelist to the host names and certificates (certificate pinning) presented by the hosts to further prevent man-in-the-middle attacks. The whitelists are provisioned to MASC and kept protected to prevent access and modifications by an adversary.

Encrypted Transport

Additional transport encryption is provided on top of TLS, to guard against TLS man-in-the-middle attacks, or to be used when TLS is unwrapped at the server perimeter, but end-to-end encryption is required.

Strong Authentication

MASC provides strong app authentication, by generating an elliptic curve key pair on the phone, with support for uploading the public key to a server. Another API allows using the generated private key to sign data and upload it to the server for verification.

Access Token Protection

Access token protection and replacement ensures that secret OAuth2 access tokens are kept securely inside the core, and do not reach the upper app layers.

Cookie Protection

MASC allows a set of HTTP cookies to be configured as retained. Retained cookies are handled entirely inside the MASC core, and are not accessible to the upper app layers. This can be useful to protect secure session cookies, for example.

Device Health and Audit Logging

MASC continually monitors the app or software components for debugging and tampering, and the device for jailbreaks and rooting. This information can be relayed to the backend via the device health and audit log services. The backend can use the information to deny, or limit access from, jailbroken or tampered devices.
Application Hardening

Code Hardening

The MASC code is hardened to make it difficult to attack. Different strategies are employed to make it harder to modify the behavior with tools such as function hooking, replacing system calls or modifying state.

Data Obfuscation

Build-time configuration constants are obfuscated by our own white box encryption algorithms: (the code is the key), as well as standard AES encryption, and only reside in clear in RAM as short as possible.

Native Code Obfuscation

MASC is delivered as native code that has been extensively obfuscated to make the control flow unintelligible, and to obfuscate all constant strings.

Protected Configuration

An app or software component frequently needs build time configurations, like license keys, API keys, backend host names for specific brands, certificates etc. A build time tool is part of MASC, which allows build-time obfuscation of such configuration constants. MASC provides an API to access the constants at run time, but they reside encrypted at rest.

Anti-debug

MASC continually monitors to identify debugging attempts and emulated environments to protect against run-time analysis. Detection results can be relayed to the backend. When a definite sign of debugging is detected, MASC can deliberately crash the application process in ways that make it hard for an attacker to identify as a deliberate crash.

Anti-tamper

MASC detects various signs of tampering with the code: checksumming, detecting function hooking or replacement, detecting hooking frameworks, etc. Both the anti-debug and anti-tamper mechanisms are able to detect the presence of common hacking tools and will react appropriately when detected.

Emulator Detection

Android emulators are often used in reverse engineering. MASC looks for various signs of being run on an emulator and can crash the app or report to the backend in such cases.

Root and Jailbreak Detection

Jailbroken or rooted devices are often used in reverse engineering and provide less protection of the user against malware. MASC continually detects various signs of the device being jailbroken or rooted. The detection results can be relayed to the backend via the health and audit log messages.
Secure storage
A core component of MASC is Secure Storage which implements protection measures designed with two main objectives:
- Prevent separation of data and application
- Prevent migration or copying data to other devices.
All application data is dispersed to make it hard to identify, separate and migrate from the application. The secure storage protections are extremely creative about where data is positioned. Cryptomathic’s design uses as many operating system services as possible.

On top of this, there are controls in place to prohibit attackers from monitoring where the data is accessed; the application is designed to be cautious about the circumstances and times when the application stores and retrieves the data, because it never knows what might be watching. Where available, dedicated phone hardware is used as part of secure storage protection.

Key Protection

Cryptographic keys generated and managed by MASC are protected by device hardware where possible. The keys are encrypted as long as possible and stay within MASC.

ARCHITECTURE OVERVIEW

The below figure illustrates some components of the MASC library. The white boxes show some specific functions of MASC, while the blue box illustrates that the sentinel framework and code obfuscation pervades all of the components.

Integration with New or Existing Environments

As a platform independent security SDK, Cryptomathic MASC can be integrated with relatively little effort into new or existing apps and their corresponding back-end components. It features different modules, which can be used either independently or jointly. In practice, each platform consists of a core written in C with thin wrappers for iOS and Android to make it easy to integrate the MASC services with the mobile app.

The developers, therefore, still retain control over the UI design and may implement their own workflow with the security of the Cryptomathic Mobile App Security Core. Measures such as obfuscation, anti-debugging and antitampering can all be applied to a generic application without affecting functional interfaces and simply cause the application to disable (deletes its keys, shuts down or crashes) if it detects that it is being modified or run in a debug environment. These protections could be ported into nearly any app due to the lack of functional interaction – they either act simply as a wrapper layer or as a set of modules which can be independently embedded into the existing code.

The below figure shows how MASC provides multi-layered security surrounding a mobile app. HTTPS traffic to the backend is tunneled through MASC to provide certificate pinning, host whitelisting and device assurance.

MASC IMAGE 2

CONCLUSION

Through multiple years of successfully protecting millions of sensitive app instances (e.g. banking apps and government eID wallets), MASC delivers a proven foundation to enhance app security and support future technologies. It minimizes the additional time and costs of integrating or redeveloping applications to support increasing / evolving security requirements. Cryptomathic´s patent-pending and battle hardened evolutionary security design ensures that mobile apps and their security framework remain future-proof and resistant against attacks. Through multiple years of successfully protecting millions of sensitive app instances (e.g. banking apps and government eID wallets), MASC delivers a proven foundation to enhance app security and support future technologies.

cryptomathic_symbol_red_negative_transparent

Securing Mobile Apps with MASC

Cryptomathic Mobile App Security Core (MASC) for the strongest app protections

INTRODUCTION

CRYPTOMATHIC MASC

MASC SECURITY CONCEPTS

The Sentinel Framework Cryptomathic

Assurances

Assurance and API Protection

Device Assurance

Secure connectivity

HTTPS Tunneling

Encrypted Transport

Strong Authentication

Access Token Protection

Cookie Protection

Device Health and Audit Logging

Application Hardening

Code Hardening

Data Obfuscation

Native Code Obfuscation

Protected Configuration

Anti-debug

Anti-tamper

Emulator Detection

Root and Jailbreak Detection

Secure storage

Key Protection

ARCHITECTURE OVERVIEW

Integration with New or Existing Environments

CONCLUSION