HSM & Android Using keys more securely dive deeper Location, DD/MM/YYYY Name Surname, job title Title of the talk Support for HSM-like capabilities in Android January 6th, 2020 HOW TO BETTER SECURE ENCRYPTION AND SIGNING KEYS, OR 

HSM & Android Using keys more securely A HSM is a physical device that provides key storage and cryptoprocessing “in the hardware”. Hardware Security Module 02 

HSM & Android Using keys more securely ● Provides standardised interfaces and operations ○ Cryptographic key storage (creation and import) ○ Cryptographic key usage (encryption, singing, attestation) ○ Cryptographic key restrictions (device state, user biometrics) ○ Cryptographic key protection (against tampering, rollbacks) ○ Cryptographic destruction (by expiration, by tampering) ● Less costly to develop for. More costly to attack. ○ Security provided and vetted by a 3rd party Benefits of HSM 03 

HSM & Android Using keys more securely ● Mobile-id SIM ● Micro-SD card HSMs ● Google’s Titan M chip in Google Pixel devices ● Android’s Trusty TEE (Trusted Execution Environment) hardware ● Google’s Cloud HSM service ● Rackable HSM boxes for servers to secure certificate authorities’ (CAs) root keys ● ~ Google Titan Security Key ● ~ A bank “PIN calculator” Examples of HSM 04 

HSM & Android Using keys more securely 1. Key generation and import 2. Signing and encryption 3. User based restrictions 4. Key attestation 5. Device attestation HSM & ANDROID - ANDROID KEY STORE SYSTEM 05 

HSM & Android Using keys more securely 1. Keys never leave the key store. 2. All supported cryptographic operations are executed by the key store. HSM & ANDROID - ANDROID KEY STORE SYSTEM 06 

HSM & Android Using keys more securely Support heavily depends on: - What is your API level? - What is your device hardware*? (* Yes, you are probably screwed) HSM & ANDROID - ANDROID KEY STORE SYSTEM 07 

HSM & Android Using keys more securely ● API < 18 No key store available ● API >= 18 Key store provides asymmetric key pairs. For signing and verification. ● API >= 23 Key store provides symmetric keys. Supports AES and HMAC. Allows for an advanced access control system for keys. ● API >= 24 Key store provides key attestation and version binding. ● API >= 26 Key store provides device ID attestation. ● API >= 28 Key store allows to import encrypted keys in ASN.1. API LEVELS - SOFTWARE SIDE OF THE COIN 08 

HSM & Android Using keys more securely ● Keymaster 0.2 & 0.3 (API >= 18) Only software (op sys level protection) Keymaster supported ● Keymaster 1 (API >= 23) Trusty TEE (Trusted Execution Environment) Keymaster hardware supported. If included by the device manufacturer, software based Keymaster otherwise. ● Keymaster 4 (API >= 28) StrongBox Keymaster hardware supported. And previous two options, depending on the hardware manufacturer. KEYMASTER VERSION - HARDWARE SIDE OF THE COIN 09 

HSM & Android Using keys more securely KEYMASTER VERSION - HARDWARE SIDE OF THE COIN - VOL 2 010 (API >= 23) Trusty TEE keymaster (API >= 28) StrongBox Keymaster “Separate smart chip on-board” ● Runs in parallel on the same main CPU and memory as Android OS. ● Isolated from the rest of the system by additional security measures. ● Has embedded root trust keys. ● Only runs trusted (signed) applications. “Computer within a computer” ● Its own CPU. ● Its own secure storage. ● Its own true random-number generator. ● Has embedded root trust keys. ● Only runs trusted (signed) applications. ● Additional mechanisms to resist package tampering and unauthorized sideloading of apps. 

HSM & Android Using keys more securely Quick test the Mobi Lab office SO, SUPPORT? 011 

HSM & Android Using keys more securely 1. Google Pixel 3 API 29 2. Google Pixel 3a API 29 3. OnePlus OnePlus 6T API 29 Samsung? - One would hope, but no, not yet. Should have secure hardware, hopefully will support official standards soon. SO, STRONGBOX KEYMASTER SUPPORT? 012 

HSM & Android Using keys more securely 1. Google Pixel 1 API 29 2. Huawei Nexus 6P API 27 3. Samsung Galaxy Tab S3 API 28 4. Samsung Samsung Galaxy S9 API 28 5. Samsung Samsung Galaxy S9 API 24 SO, TRUSTY TEE KEYMASTER SUPPORT? 013 

HSM & Android Using keys more securely 1. Samsung Galaxy A5 API 26 SO, SOFTWARE-ONLY KEYMASTER SUPPORT? 014 

HSM & Android Using keys more securely Will hopefully have more stats in a few months (from ~ 2 million users) SO, SUPPORT? 015 

HSM & Android Using keys more securely NB: Hardware is not as standard as hoped .. ● API responses ● Algorithms in hardware SO, SUPPORT? 016 

HSM & Android Using keys more securely Use the key store to make it even harder to clone application state. FUTURE PLANS FOR THE PROJECT: 017 

HSM & Android Using keys more securely Comments? Questions? THANKS! January 6th, 2020