Android Secure Enclaves

# Android Secure Enclaves ## Question to answer asap with sufficient level of confidence: Can we gain enough trust to Android-based key-storages with any particular manufacturers within the zoo of secure hardware units? <img src="https://www.counterpointresearch.com/wp-content/uploads/2020/02/Picture1-2-1024x592.jpg" alt="Picture1-2-1024x592" style="zoom:75%;" /> ## Threat models: 1. Key extraction from stolen/lost device. 2. Remote secrets compromise using insider/supply-chain attacks ## Answer: To solve the problem of information about Android security properties (which is not easisly resolvable even by design), Google peredictable goes with unification and standartization: 1. [Stronbox Keymaster](https://developer.android.com/training/articles/keystore#HardwareSecurityModule) which is stricter (than Global Platform) and standardized approach of Secure Enclave utilization within Security architecture. The bad news is that **there are only 8 devices supporting Strongbox**: https://www.android-device-security.org/client/datatable?sba=true The good news is that latest Samsungs already checked-in! 2. Recent [Android Ready SE](https://developers.google.com//android/security/android-ready-se) announce in attempt to force situation with the support and inertia of european SE suppliers and push Android Strongbox into even wider mass than smartphones. The bad news is that there are predictably still no devices that are Android Ready SE-based. ### So what's with others: <img src="https://www.counterpointresearch.com/wp-content/uploads/2020/02/Picture2-1024x594.jpg" alt="Picture2-1024x594" style="zoom:75%;" /> #### #### Most probably: - **Hisilicon / Huawei** is out of the game with such an attacks until joins Google: `We reviewed Huawei’s TEE, called TC, and uncovered several design flaws... We found several issues in the loader’s design, like protecting a constant key using white-box cryptography, and were able to break the code confidentiality of encrypted TAs distributed to many Huawei devices. Furthermore, we examined the keystore system and revealed considerable design flaws that allowed us to leak export-protected cryptographic keys from the TEE.we were finally able to escalate our privileges to the highest privilege level present on this platform`([LINK](https://www.usenix.org/system/files/woot20-paper-busch.pdf)) - **Samsung** is expectedly going to join Google Strongbox, since current PUFs doesn't solve multi-purpose smartphone TEE. - **Qualcom** most probably will join Google Strongbox / SE too. ## So IMO there are TWO ways: 1. Consider Secure-enough Enclave only on 8 android-devices in the world. 2. Put more efforts in trying to identify more devices secure enough to withstand physical key-extraction, but put a notice that `Insider Attack Resistance is subject to your personal trust to smartphone manufacturer`.