Encrypted File System for Rust/Android Applications by Stefan Schindler - Rust Zürisee Feb 2023

Rust Security

Learn about implementing an encrypted file system in Rust and Android applications, discussing key generation, proper memory management, and hardware-accelerated implementations for enhanced security and control.

Key takeaways
  • Using a separate file system implementation can provide a higher degree of security and control, especially on Android devices.
  • Master keys used for encryption should be handled carefully to avoid potential security vulnerabilities.
  • Use of reference counting objects requires careful consideration to avoid bugs and maintain system stability.
  • CMake can be used to create custom build configurations with ease.
  • There are benefits to using a combination of CPU-based and hardware-accelerated implementations for certain cryptographic functions.
  • Trust issues arise when users have little control over the operating system and hardware security.
  • CryptoFS ensures security by generating a new 64-bit int to hide AES.
  • Gradle plugin helps with incremental builds when needed.
  • Implementing end-to-end encryption without relying on operating system can be possible using a trusted hardware Security Module (HSM) or a specialized software.
  • Using a Rust library for the filesystem can ease the development of this system.
  • Proper memory management is necessary to prevent timing attacks.
  • Cryptographic padding for the AES box cipher using the AEAD approach can be added for better security.
  • The size of the input length plays a crucial factor in generating the correct amount of cryptographic keys.
  • Reference counting techniques can help manage objects in software, but they need to be considered in the scope of the design.
  • Using a CMake custom command can handle the generation and distribution of cryptographic keys.
  • Digital signature verification through the poly1305 algorithm ensures the verification of file integrity.
  • Timing attacks during cryptographic operations can lead to unwanted outcomes.
  • Reference counting issues in Rust lead to segmentation faults.
  • Implementation of cross-compilation toolchains for FFI allows for different architectures.

Let me know if you need the points re-organized for easier reading or if you require further clarification on any point.

More talks

How hacking works - Web edition - Espen Sande-Larsen - NDC Oslo 2024

Locknote: Conclusions & Key Takeaways from Black Hat USA 2024

I Connected My Farm To The Internet. Now What? - Lars Klint - NDC Sydney 2024

Keynote: A Conversation with Tom Preston-Werner | ViteConf 2023

Bücherratten: IPv6 - Eine kleine Einführung mit Linux

Making and Breaking NSA's Codebreaker Challenge

Paula Julve – SMART ethics for devops

Passwords are so 1990 - Sam Bellen - PHP UK 2022