Encrypted File System for Rust/Android Applications by Stefan Schindler - Rust Zürisee Feb 2023

Rust Security

Learn about implementing an encrypted file system in Rust and Android applications, discussing key generation, proper memory management, and hardware-accelerated implementations for enhanced security and control.

Key takeaways
  • Using a separate file system implementation can provide a higher degree of security and control, especially on Android devices.
  • Master keys used for encryption should be handled carefully to avoid potential security vulnerabilities.
  • Use of reference counting objects requires careful consideration to avoid bugs and maintain system stability.
  • CMake can be used to create custom build configurations with ease.
  • There are benefits to using a combination of CPU-based and hardware-accelerated implementations for certain cryptographic functions.
  • Trust issues arise when users have little control over the operating system and hardware security.
  • CryptoFS ensures security by generating a new 64-bit int to hide AES.
  • Gradle plugin helps with incremental builds when needed.
  • Implementing end-to-end encryption without relying on operating system can be possible using a trusted hardware Security Module (HSM) or a specialized software.
  • Using a Rust library for the filesystem can ease the development of this system.
  • Proper memory management is necessary to prevent timing attacks.
  • Cryptographic padding for the AES box cipher using the AEAD approach can be added for better security.
  • The size of the input length plays a crucial factor in generating the correct amount of cryptographic keys.
  • Reference counting techniques can help manage objects in software, but they need to be considered in the scope of the design.
  • Using a CMake custom command can handle the generation and distribution of cryptographic keys.
  • Digital signature verification through the poly1305 algorithm ensures the verification of file integrity.
  • Timing attacks during cryptographic operations can lead to unwanted outcomes.
  • Reference counting issues in Rust lead to segmentation faults.
  • Implementation of cross-compilation toolchains for FFI allows for different architectures.

Let me know if you need the points re-organized for easier reading or if you require further clarification on any point.

More talks

How to Ride Elephants Safely: Working with PostgreSQL when your DBA is not around

Joe Masilotti - Just enough Turbo Native to be dangerous - Rails World 2023

Rust and Tell - Berlin - Hot code reload in Rust by Robert Krahn

DjangoCon Europe 2023 | Use SQLite in production

SAINTCON 2023 - Clint Sorensen - Identity Is Key To Zero Trust Design

Exploring a Modern Enterprise Stack with Jamstack

Application Security: Inside Out • Simon Corlett • GOTO 2023

Into the hive of eBPF! by Mohammed Aboullaite