SoK: Untangling File-based Encryption on Mobile Devices

TL;DR

This paper provides a formal framework to analyze and compare file-based encryption schemes on mobile devices, specifically Android and iOS, validating their security properties under standard cryptographic assumptions.

Contribution

It introduces a formal model for studying FBE schemes and applies it to analyze the security of Android and iOS implementations using diverse documentation sources.

Findings

Validated the security of key derivation chains

Confirmed the overall design security under standard assumptions

Provided a comparative analysis framework for FBE schemes

Abstract

File-based encryption (FBE) schemes have been developed by software vendors to address security concerns related to data storage. While methods of encrypting data-at-rest may seem relatively straightforward, the main proponents of these technologies in mobile devices have nonetheless created seemingly different FBE solutions. As most of the underlying design decisions are described either at a high-level in whitepapers, or are accessible at a low-level by examining the corresponding source code (Android) or through reverse-engineering (iOS), comparisons between schemes and discussions on their relative strengths are scarce. In this paper, we propose a formal framework for the study of file-based encryption systems, focusing on two prominent implementations: the FBE scheme used in Android and Linux operating systems, as well as the FBE scheme used in iOS. Our proposed formal model and our detailed description of the existing algorithms are based on documentation of diverse nature, such as whitepapers, technical reports, presentations and blog posts, among others. Using our framework we validate the security of the existing key derivation chains, as well as the security of the overall designs, under widely-known security assumptions for symmetric ciphers, such as IND-CPA or INT-CTXT security, in the random-oracle model.