Frequently asked technical questions (FAQ) about Redwall technology

Frequently asked technical questions


Redwall is a completely different approach to mobile security, and has little in common with security apps on your phone or dedicated secure devices. Because of this revolutionary approach, we hope the following FAQ will answer some of your more technical questions. If we can help in any way and answer more, please let us know. For more technical questions, please see the product FAQ.

Does Redwall work with SELinux, TrustZone, etc.?
Yes. For Linux (and Unix-like systems), Redwall's policy enforcement happens below the kernel, and works in addition to SE policies and Linux permissions. For example, if an SE policy forbids access to a certain file but Redwall allows it, the kernel will still deny the access. If, however, SE Linux allows the access but Redwall's policy forbids it, then Redwall will block the access.

Redwall's core protection does not require or depend on TrustZone, or any other specific technology other than typical processor features that require no licensing, activation, or other special considerations. This makes Redwall far more portable, and reduces complexity significantly.
How does Redwall protect and store passwords?
Unlike MDMs or apps that require password entry into an app, or other built-in systems using "separation" techniques, Redwall uses a special GUI that runs prior to Android. This allows Redwall to unlock keys then zeroize the password in a way not possible from Java or anywhere in Android. This means there is no opportunity for an attacking process to monitor memory and steal passwords or authentication data.

For storage, Redwall has its own keystore, which uses NSA Suite B algorithms to store one-way hashes of passwords and PINs. Redwall does not use Android's or any other third party keystores or password libraries of any kind.

Passwords and PINs are restricted to policy-defined complexity requirements that include minimum length, minimum number of various types of special characters, maximum serial password correlation (to prevent passwords like "qwert1234"), and excluded strings (to prevent passwords like "passw0rd").
How are keys managed?
Redwall encryption keys for DAR and most other features are chosen at initialization time on the device, and protected with the authentication data specific to a persona. As such, no external key management is required.

The root of trust for secure boot and certain other certificates and keys must be embedded into the device independent from Redwall. Other keys from Redwall Technologies are included for those situations where device vendors need Redwall to sign files, however these are easily replaced.
How does Redwall affect performance?
The short answer is that the typical performance hit is 2% to the CPU and battery of a device. The actual results are so small that they are difficult to measure on Android, and garbage collection, radio power changes, and other variations have a greater impact to performance than Redwall does.

The actual load depends on the policy, which defines the activity levels, timing, and other parameters related to the timing and extent of integrity checking, differential power analysis defenses, and other defenses.
Do I need to I port my application or driver to Redwall?
No. There is no need to make changes to your existing drivers or applications. No special API, nor any sort of paravirtualization or other special considerations are required. Redwall operates below the kernel and does not need access to your proprietary or legacy source code.

Should you wish to use Redwall features more directly, such as Redwall's cryptographic functions or mode changing applications, a C API is available (a Java API is available for mode switches to facilitate ease of use from Android applications).
How do updates work?
OTA and most other updates work as usual with Redwall. When the updates include resources that fall under the integrity checking settings, the signatures must be updated along with those resources. For Android devices, carrier settings, Play Store apps updates, and other system updates work as normal.

Updates to Redwall components must be signed with keys that are distinct from Android and other system elements, but may be updated in the same manner.

Note that Redwall does not have a periodic release cycle to Redwall elements that interact with Android, as the unique protection methods eliminate the urgency for fixes to zero-day exploitable weaknesses. Redwall does frequently provide updates for improvements, new features (and bug fixes as needed), but the customer may choose whether or not to apply the updates without concern for security-related hot-fixes.
What authentication mechanisms are supported?
To authenticate to the Redwall keystore, a security policy defines the required mechanism. Redwall supports PIN, passcode, passwords and passphrases, PIV card (e.g. CAC), and some external authentication mechanisms as well. The required authorization can be different for each personas (e.g. personal use may not require any authentication, but the enterprise mode may require a PIV card).
How does Redwall protect itself?
Redwall has several highly-proprietary defenses which we happily disclose under NDA. We also perform more traditional self-checks such as boot and run-time integrity monitoring.
Does Redwall root the device?
No, and in fact Redwall prevents rooting the device by blocking privilege escalation, periodic run-time integrity checking, and remote attestation. For Android devices with unlocked bootloaders where Redwall is not built-in to the device, a reflash is required. Whether or not it is signed by the manufacturer depends on the specifics of the device.
What are the policy options and how are they managed?
Policy files are simple JSON files, and they may be updated using any mechanism such as an MDM on smartphones and tablets. Typically the device is configured to accept signed policy updates, and to only allow an increase in the security posture. For example, if privilege escalation prevention is enabled, it may not be disabled via an update from an MDM, since apps are considered untrusted elements.
Did you know...

  • Redwall Mobile can operate with or without a server (MDM) component, and is suitable for tactical, non-connected (disconnected) deployments.
  • Redwall Mobile does not depend on any third-party libraries nor any special features such as TrustZone.
  • Redwall Mobile does not require any changes to your apps or drivers.
  • Redwall Mobile offers performance benefits over virtualization, and a stronger security model than traditional hypervisors.
  • Redwall is proud to be working with Cornet Technology, and encourages you to take a look at their innovative STINN LTEmp Manpack product.
Redwall Logo