CRYPTOGRAPHY 456 ANDROID SECURE FILE TRANSFER W/ SSL

CRYPTOGRAPHY 456 ANDROID SECURE FILE TRANSFER W/ SSL Daniel Collins Advisor: Dr. Wei Zhong

Contents Create Key Stores and Certificates Multi-Threaded Android applications UI Handlers Creating client and server SSL Sockets with Java Android Intents Screen Shots

Creating Keystores for Android Android natively supports Bouncy Castle (BKS) key stores. However, the most recent version of Bouncy Castle is not compatible with Android. Replace the version of Bouncy Castle in the lib/ext folder with bcprov-jdk15on-146.jar We will create the keystores with the Bouncy Castle provider for use in an Android Application

Commands for Creating Keystores Create a BKS keystore for the client keytool -genkey -u -keyalg RSA -keystore clientkeystore -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovid er -providerpath /path/to/bcprov-jdk15on-146.jar In this example, I will use client as the password Create a BKS keystore the server keytool -genkey -u -keyalg RSA -keystore serverkeystore -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovid er -providerpath /path/to/bcprov-jdk15on-146.jar In this example, I will use server as the password

Commands for Creating Certificates Export Client Certificate from client keystore keytool -export -v -file clientcer -keystore clientkeystore -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovid er -providerpath /path/to/bcprov-jdk15on-146.jar Export Server Certificate from server keystore keytool -export -v -file servercer -keystore serverkeystore -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovid er -providerpath /path/to/bcprov-jdk15on-146.jar

Commands for Trusting Certificates Import client certificate into server keystore keytool -import -v -alias filetransferclient file clientcer -keystore serverkeystore - storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovid er -providerpath /path/to/bcprov-jdk15on-146.jar Import server certificate into client keystore keytool -import -v -alias filetransferserver file servercer -keystore clientkeystore - storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovid er -providerpath /path/to/bcprov-jdk15on-146.jar

Add Keystores to Android Application Copy the clientkeystore and serverkeystore files into the res/raw folder in your Android application. You may need to create this folder

Code Overview MainActivityServer.java Creates the server-side user interface. FileTransferServer.java Creates the SSL Secured Socket and communicates with client. MainActivityClient.java Creates the client-side user interface. FileTransferClient.java Creates the SSL Secured Socket and communicates with server.

Creating the Server Main Activity UI The MainActivityServer.java class will contain: Handler classes to allow the background thread to update the user interface. Two EditText widgets named FileNameEt and PortEt A TextView named mserverstatustv A button named ReceiveFileBtn with an onclicklistener A progress bar will be constructed and the FileTransferServer.java thread will be started when it is clicked

UI Handler Classes The Android s Handler class can be extended to allow an application to update the UI from a background thread. The class overrides the handlemessage() function of Android s Handler class. The handlemessage() function receives a Message object which contains the data for the update. The uihandler and pbhandler classes are selfcontained in the MainActivityServer class in this example.

The uihandler Class private class uihandler extends Handler { @Override public void handlemessage(message msg) { TextView mstatusmessagestv = (TextView) findviewbyid(r.id.serverstatustv); } } mstatusmessagestv.append( (CharSequence) ("\n" + (String) msg.obj)); The Message object s variable, obj, is an arbitrary Java Object In this case, obj contains the string to display in mserverstatustv.

pbhandler s handlemessage() Function if(msg.what == 1) { progressbar.setmessage("receiving file from " + (String) msg.obj + "..."); progressbar.setmax(msg.arg1); } else if(msg.what == 2) { } progressbar.setprogress(msg.arg1);... // etc To update the progress bar, the Message objects (int) what and (int) arg1 variables are used. what notifies the handler what the message is about arg1 is used to update the progress bar s status.

Creating the OnClickListener receivefilebtn.setonclicklistener(new Button.OnClickListener() { @Override Public void onclick(view v) { } // Create progress bar dialog... // Start the FileTransferServer thread... v is the View object and will be used to transfer the UI s context to the thread.

Creating the Progress Bar progressbar = new ProgressDialog(v.getContext()); progressbar.setcancelable(true); progressbar.setmessage(serverip + " is listening on " + mserverport + "..."); progressbar.setprogressstyle(progressdialog.style_horizontal); progressbar.setprogress(0); progressbar.setmax(0); progressbar.show(); SERVERIP is the device s IP Address. mserverport is the user specified port for communication. This can be retrieved from portet.

Starting the Server Thread Thread mserverthread = new FileTransferServer(SERVERIP, mserverport, new uihandler(), new pbhandler(), v.getcontext(), mserverfilepath); mserverthread.start(); v.getcontext() will be used to retrieve the keystore from Android s res/raw folder. mserverfilepath is the user specified filename from filenameet

The FileTransferServer.java Class public class FileTransferServer extends Thread { } public FileTransferServer(String LocalIP, int Port, Handler uihandler, Handler ProgressBarHandler, Context context, String filetoreceive) { } }... public void run() {... The constructor simply assigns it s parameters to class variables The run() function does the following: Creates the SSL Socket Receives a file from the client on this socket.

Creating the SSL Socket (Server) Get instance of a KeyManagerFactory object KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory. getdefaultalgorithm()); Get a Bouncy Castle instance of a KeyStore object KeyStore keystore = KeyStore.getInstance("BKS");

Creating the SSL Socket (Server) cont d Load the keystore file into the keystore object keystore.load(uicontext.getresourc es().openrawresource(r.raw.filetra nsferserverkeystore), "server".tochararray()); The first parameter loads the serverkeystore file from the Android res/raw folder using the UI class s context. The second parameter is the keystore password.

Creating the SSL Socket (Server) cont d Initialize the KeyManagerFactory with the KeyStore kmf.init(keystore, "server".tochararray()); Get Instance of TrustManagerFactory TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustMan agerfactory.getdefaultalgorithm()); Initialize TrustManagerFactory tmf.init(keystore);

Creating the SSL Socket (Server) cont d Create SSLContext object SSLContext SSLctx = SSLContext.getInstance("TLS"); Initialize the SSLContext SSLctx.init(kmf.getKeyManagers(), tmf.gettrustmanagers(), null); Initiate ServerSocketFactory SSLServerSocketFactory ssf = SSLctx.getServerSocketFactory();

Creating the SSL Socket (Server) cont d Create Server Socket SSLServerSocket ss = (SSLServerSocket) ssf.createserversocket(myport); Authenticate Client ss.setneedclientauth(true);

Receiving the File (Server) A secure socket is now available to receive a file from the client. This file will be received in two parts First, the file size will be sent Then the client will begin the actual file transfer, which will be sent in packets of 1024 bytes. As the file is being received, the progress bar is updated.

Updating the UI from Server Thread public void updateui(string message) { Message msg = Message.obtain(mHandler); msg.obj = message; mhandler.sendmessage(msg); } The updateui function is part of the FileTransferServer class. mhandler references the uihandler class we created in MainActivityServer.java After assigning data to the Message object, msg, we send it to the Handler which will update the UI.

Updating the ProgressBar public void updatepbmax(long filesize, String clientip) { } Message msg = Message.obtain(pbHandler); msg.arg1 = (int) filesize; msg.obj = clientip; msg.what = 1; pbhandler.sendmessage(msg); pbhandler references the pbhandler class we created in MainActivityServer.java After assigning data to the Message object, msg, we send it to the Handler which will update the UI.

Updating the ProgressBar cont d... public void updatepbprogress(int progress) { Message msg = Message.obtain(pbHandler); msg.arg1 = progress; msg.what = 2; pbhandler.sendmessage(msg); } public void closepb() { Message msg = Message.obtain(pbHandler); msg.what = 3; pbhandler.sendmessage(msg); } These two functions send unique msg.what variables which allow the pbhandler to determine the purpose of the message.

Creating the Client Main Activity UI The MainActivityClient.java class will contain: A Handler class for the ProgressBar and TextViews Two EditText widgets named serveripet and portet Two TextView widgets named main_local_ip_address_tv and main_chat_box_tv Two buttons named selectfilebtn and main_send_file_btn with OnClickListeners selectfilebtn will launch an Android Intent to allow the user to choose a file main_send_file_btn will create a progress bar and start the FileTransferClient thread

Android Intents Android Intents can be used to allow separate applications to transfer data with each other When the Intent is broadcast, the Android system displays a list of applications that can handle the request. This example looks for a file explorer application Not all Android devices have a pre-installed file browser. You can download a third-party file browser, such as ES File Explorer, to handle the Intent To install ES File Explorer on an emulator: Download the apk file and store it on the device sdcard Open an internet browser type "file:///sdcard/es_file_explorer_file_name.apk" then press Go The function, onactivityresult() will be called when the user selects a file.

Launching the Intent selectfilebtn.setonclicklistener(new Button.OnClickListener(){ @Override public void onclick(view v) { } }); // Create a new intent Intent intent = new Intent(Intent.ACTION_GET_CONTENT); // Look for any file type intent.settype("file/*"); // Start the Activity startactivityforresult(intent,pickfile_result_code);

Getting Results from the Intent @Override protected void onactivityresult(int requestcode, int resultcode, Intent data) { } switch(requestcode){ } case PICKFILE_RESULT_CODE: if(resultcode==result_ok){ } break; // Gets data from Intent Uri datauri = data.getdata(); // Verify file existance and get details...

Starting the Client Thread mclientthread = new FileTransferClient(SERVERIP, mclientfileport, new uihandler(), new pbhandler(), mclientfilepath, mclientfilesize, v.getcontext()); mclientthread.start(); The thread will be started from the main_send_file_btn OnClickListener mclientfilepath and mclientfilesize are available in the URI data from the Intent.

The FileTransferClient.java Class public class FileTransferClient extends Thread { } public FileTransferClient(String remoteip, int remoteport, Handler UIHandler, Handler PBHandler, String filetosend, long filesendsize, Context uicontext) { } }... public void run() {... The constructor simply assigns it s parameters to class variables The run() function does the following: Creates the SSL Socket Sends a file to the server on this socket.

Creating the SSL Socket (Client) Setting up the KeyManagerFactory, TrustManagerFactory, and SSL context is the same for the client as it is the server. KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDe faultalgorithm()); KeyStore keystore = KeyStore.getInstance("BKS"); keystore.load(uicontext.getresources().openrawresourc e(r.raw.filetransferclientkeystore), "client".tochararray()); kmf.init(keystore, "client".tochararray()); SSLContext SSLctx = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.g etdefaultalgorithm()); tmf.init(keystore); SSLctx.init(kmf.getKeyManagers(), tmf.gettrustmanagers(), null);

Creating the SSL Socket (Client) cont d Initiate Client SSLSocketFactory SSLSocketFactory sf = SSLctx.getSocketFactory(); Create the SSL secured socket SSLSocket socket = (SSLSocket) sf.createsocket(serveraddr, serverport); Start handshake with server socket.starthandshake(); Client and Server decide which protocol and cipher s to use. Client and Server authenticate each other s digital certificates.

Sending the File (Client) A secure socket is now available to send a file to the server. This file will be sent in two parts First, the file size will be sent Then the client send the file in packets of 1024 bytes. As the file is being sent, the progress bar is updated.

Screen Shots (Server) Server GUI Server waiting for file

Screen Shots (Client) Client GUI Client sending file

Screen Shots (Intent) Intent Broadcast Selecting a file w/ ES File Explorer