Re: [Opensc-devel] Android 4.3 Hardware-Backed Security Features

[Jean-Michel P. - G. <jm...@go...>]

Le mardi 27 août 2013 à 08:13 +0200, Anders Rundgren a écrit :
> http://nelenkov.blogspot.com/2013/08/credential-storage-enhancements-android-43.html

Very interesting article, thank you.  

Let's focus on the article, before drawing any conclusion.

Quoting the article:
****
An interesting detail is that, the QSEE keystore trusted app (which may
not be a dedicated app, but part of more general purpose trusted
application) doesn't return simple references to protected keys, but
instead uses proprietary encrypted key blobs (not unlike nCipher Thales
HSMs). In this model, the only thing that is actually protected by
hardware is some form of 'master' key-encryption key (KEK), and
user-generated keys are only indirectly protected by being encrypted
with the KEK.

[...]

To sum this up, while TrustZone secure applications might provide
effective protection against Android malware running on the device,
given physical access, they, as well as the TrustZone kernel, are
exploitable themselves. 
***

Here is what Android 4.3 does :

* Only master key is backed-up in QSEE keystore hardware (when crypto
chip available). Otherwize, master key is backed-up in software (when no
crypto chip is available). Therefore only a tiny portion of 4.3 Android
systems are secure.

* QSEE Slave keys are encrypted using master key. There are no real
details given on master key and we don't know to which extent it is safe
(crypto chip security level not described in article). 

* TrustZone secure applications are encrypted using QSEE slave keys
(sounds reasonable to believe so).

* Therefore if master key is compromised, QSEE Slave keys and TrustZone
secure applications may be compromised.

* If kernel is compromised, it may be possible to bypass QSEE and
TrustZone.

Please correct me if I am wrong.

Kind regards,
-- 
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu