Nanne Baars is a (Android) security expert at Xebia. He loves to work on security topics, which is why he is one of the main committers on the OWASP WebGoat project. Jeroen Willemsen is a full-stack developer specialized in IT security at Xebia with a passion for mobile and risk management.

Session Description:
So you have an Android application which stores secrets and needs users to authenticate? In this session Jeroen and Nanne will show you how to deal with this. They will show you how to implement an effective authentication mechanism and how to safeguard your secrets within the app. Touching the following topics:

• Guarding your encryption keys and cleaning them up correctly.
• Visit some of the ins- and outs regarding authentication.
• Show how to create a secure authentication mechanism with little risk to leak any of the used information.
• Give pointers on topics you should think about when dealing with keying material. In this section they will deep dive into different methods on how to use symmetric and a-symmetric keys.

The session is built up in three parts: authentication, an introduction into how you can take advantage of the Android 6 platform to store keys and a “DIY” method for dealing with keys.