ABSTRACT
Mobile phones are increasingly used for security sensitive activities such as online banking or mobile payments. This usually involves some cryptographic operations, and therefore introduces the problem of securely storing the corresponding keys on the phone. In this paper we evaluate the security provided by various options for secure storage of key material on Android, using either Android's service for key storage or the key storage solution in the Bouncy Castle library. The security provided by the key storage service of the Android OS depends on the actual phone, as it may or may not make use of ARM TrustZone features. Therefore we investigate this for different models of phones.
We find that the hardware-backed version of the Android OS service does offer device binding -- i.e. keys cannot be exported from the device -- though they could be used by any attacker with root access. This last limitation is not surprising, as it is a fundamental limitation of any secure storage service offered from the TrustZone's secure world to the insecure world. Still, some of Android's documentation is a bit misleading here.
Somewhat to our surprise, we find that in some respects the software-only solution of Bouncy Castle is stronger than the Android OS service using TrustZone's capabilities, in that it can incorporate a user-supplied password to secure access to keys and thus guarantee user consent.
- Building a secure system using Trustzone Technology. Technical report, ARM Limited, 2009. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD%29-GENC-009492C_trustzone_security_whitepaper.pdf.Google Scholar
- Apple cedes market share in smartphone operating system market as Android surges and Windows phone gains, according to IDC, August 2013. http://www.businesswire.com/news/home/20130807005280/en/.Google Scholar
- T. Cooijmans. Secure key storage and secure computation in Android. Master's thesis, Radboud University Nijmegen, 2014.Google Scholar
- N. Elenkov. Using ECDH on Android, December 2011. http://nelenkov.blogspot.nl/2011/12/using-ecdh-on-android.html.Google Scholar
- N. Elenkov. Jelly Bean hardware-backed credential storage, July 2012. http://nelenkov.blogspot.nl/2012/07/jelly-bean-hardware-backed-credenti%al.html.Google Scholar
- EMVCo. EMV Payment Tokenization Specification. Technical Framework (version 1.0), 2014.Google Scholar
- W. Enck, M. Ongtang, and P. McDaniel. Understanding Android security. IEEE Security & Privacy, 7(1):50--57, 2009. Google ScholarDigital Library
- Trusted User Interface API Specification v1.0. Technical report, Global Platform, 2013.Google Scholar
- R. Hay and A. Dayan. Android KeyStore stack buffer overflow - CVE-2014--3100, 2014.Google Scholar
- J. Lerr. Android pin/password cracking: Halloween isn't the only scary thing in October, October 2012. http://linuxsleuthing.blogspot.nl/2012/10/android-pinpassword-cracking-%halloween.html.Google Scholar
- J. Mick. ARM to bake on-die security into next gen smartphone, tablet, PC cores, april 2012. http://www.dailytech.com/ARM to bake on-die security into next gen smartphone, tablet, PC cores, April 2012. http://www.dailytech.com/ARM+to+Bake+OnDie+Security+Into+Next+Gen+Smartphone+Tablet+PC+Cores/article24372.htm.Google Scholar
- C. Miller, J. Honoroff, and J. Mason. Security evaluation of Apple's iPhone. Independent Security Evaluators, 19, 2007.Google Scholar
- Industry leaders announce open platform for mobile devices, 2007. Press release.Google Scholar
- D. Ortiz-Yepes. A critical review of the EMV Payment Tokenisation Specification. Computer Fraud and Security, 2014. To appear.Google ScholarCross Ref
- A. T. Othman, S. Khan, M. Nauman, and S. Musa. Towards a high-level trusted computing API for Android software stack. In Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, ICUIMC '13, pages 17:1--17:9. ACM, 2013. Google ScholarDigital Library
- D. Rosenberg. Unlocking the Motorola bootloader, 2013. http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.h%tml.Google Scholar
- RSA Laboratories. PKCS#12 v1.0: Personal information exchange syntax, 1999.Google Scholar
- A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer. Google Android: A comprehensive security assessment. IEEE Security and Privacy, 8(2):35--44, March 2010. Google ScholarDigital Library
- P. Teufl, A. G. Fitzek, D. Hein, A. Marsalek, A. Oprisnik, and T. Zefferer. Android encryption systems. In International Conference on Privacy & Security in Mobile Systems, 2014. To appear.Google ScholarCross Ref
- P. Teufl, T. Zefferer, C. Stromberger, and C. Hechenblaikner. iOS encryption systems - deploying iOS devices in security-critical environments. In SECRYPT, pages 170--182, 2013.Google Scholar
Index Terms
- Analysis of Secure Key Storage Solutions on Android
Recommendations
Vulnerability analysis of Qualcomm Secure Execution Environment (QSEE)
AbstractTrustZone technology is used to implement Trusted Execution Environment (TEE) in mobile devices. TEE is responsible for isolating and protecting the Trusted Computing Base (TCB) of the device. There are several TrustZone-based TEE ...
TruZ-Droid: Integrating TrustZone with Mobile Operating System
MobiSys '18: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and ServicesMobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the ...
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Comments