Android :Divergences and Commonalities with Linux

A safe estimate would be that Android and Linux are about 95% alike at the kernel level, and about 65% or so at the user-mode.

This guesstimate is drawn by taking into consideration that, at the kernel level, aside from
a few differences (ARM platform and drivers not withstanding), the rest of the kernel source is
unmodified. Those differences (which include IPC, memory and logging enhancements) are
collectively referred to as Androidisms, and most have in fact by now been merged into the
mainline – either replaced with similar kernel functionality, or included in the drivers/staging/
android) directory.

At the user-mode level, there is more of a divergence, introducing two entirely new components – the Dalvik runtime and the Hardware Abstraction Layer – as well as replacing glibc with Bionic, and providing a custom version of init, the system startup daemon.

Android also makes more clever use of features present in Linux, though left unused in
most desktop distributions. These include control groups, low-memory conditions (Linux OOM,
which Android expands on with its Low Memory Killer), and security features – capabilities and
SElinux

Android also uses quite a few open source projects which were of limited popularity in Linux, but form the backbone of its feature set. These projects (in the external/ folder of the AOSP) are largely responsible for implementing Android’s network capabilites, and include racoon(vpn),mdns (service discovery and Wi-Fi Direct), dnsmsg and hostapd (tethering and Wi-Fi Direct), and wpa_supplicant (Wi-Fi).

posix capabilities

Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute.

https://www.linuxjournal.com/article/5737

https://stackoverflow.com/questions/6154427/fork-and-execve-to-inherit-unprivileged-parent-process-capabilities
https://blog.container-solutions.com/linux-capabilities-why-they-exist-and-how-they-work
https://blog.container-solutions.com/linux-capabilities-in-practice

https://raesene.github.io/blog/2019/06/01/docker-capabilities-and-no-new-privs/

https://linux.die.net/man/2/execve

https://blog.ploetzli.ch/2014/understanding-linux-capabilities/

https://www.schutzwerk.com/en/43/posts/linux_container_capabilities/

https://unix.stackexchange.com/questions/580434/capability-inheritable-for-system-call-in-c-c

http://www.cis.syr.edu/~wedu/seed/Labs/Capability_Exploration/Capability_Exploration.pdf

https://www.gnu.org/software/hurd/community/gsoc/project_ideas/libcap/details.html

Cryptography

“Cryptography ” comes from the Greek word “krypto” meaning “secret ” or “hidden”. The art of writing secret message is called cryptography. It used to protect confidentiality, ensure integrity and guarantees authenticity and nonrepudiation .


Hashing – Crypto

Message Digest ( one way hash) Functions : Hash function calculates the unique fixed size ( 128/256 bits) string representation of any arbitrary block of information . The below message digest functions are widely used :
1. MD5
2. SHA

MD5 (Message Digest 5)
– MD5 takes a message of arbitrary length as the input and then outputs a 128 bit fingerprint .
–MD5 algorithm comes into use in a wide variety of cryptographic application and is useful for digital signature , file integrity checking and strong passwords.
– MD5 is not collision resistant and therefore the latest algorithms such as SHA-2 and SHA-3 is recommended.


SHA (Secure Hashing Algorithm )
The secure hashing algorithm is developed by NIST ,specified in Secure Hash Standard (SHS) and published as a federal information processing standard(FIPS PUB 180). It has three generation SHA-1, SHA-2 and SHA-3.

SHA1 is no longer approved for cryptographic operations.
SHA2 is a family of two similar has functions, with two different block sizes, namely SHA-256, which uses 32 bit words and SHA-512, which uses 64 -bit words.
SHA3


More here : https://cryptobook.nakov.com/asymmetric-key-ciphers/ecc-encryption-

https://developer.android.com/guide/topics/security/cryptography

java-crypto-lib-bouncy-castle/

android-crypto-libspongy-castle

Applications of Hash Functions:

Password Storage :
  • Instead of storing password in clear, mostly all logon processes store the hash values of passwords in the file
  • An intruder can only see the hashes of passwords, even if he accessed the password. He can neither logon using hash nor can he derive the password from hash value since hash function possesses the property of pre-image resistance.
Data Integrity Check

Data integrity check is a most common application of the hash functions. It is used to generate the checksums on data files. This application provides assurance to the user about correctness of the data.




The integrity check helps the user to detect any changes made to original file. It however, does not provide any assurance about originality. The attacker, instead of modifying file data, can change the entire file and compute all together new hash and send to the receiver. This integrity check application is useful only if the user is sure about the originality of file.

secure boot

Secure boot assures that device boots using only software that is trusted and has not been tempered . The boot process consists of various components and the integrity of each succeeding component is verified according to the given reference and a chain of trust is established. This chain can be represented by the recurrence:

I0 = True;
Ii+1 = Ii ∧ Vi(Li+1) ; where Ii denotes the integrity of layer i and Vi is the corresponding verification function. The verification function performs cryptographic hash of the ith layer, and compares the result to the reference value.

Note: To be noted that without the integrity of the initial boot code ( represented by the I0 ) any further integrity verification becomes pointless. Thus, the initial boot code is protected by a tamper-evident hardware module.