Paper 2016/677

Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore

Mohamed Sabt and Jacques Traoré

Abstract

We analyze the security of Android KeyStore, a system service whose purpose is to shield users credentials and cryptographic keys. The KeyStore protects the integrity and the confidentiality of keys by using a particular encryption scheme. Our main results are twofold. First, we formally prove that the used encryption scheme does not provide integrity, which means that an attacker is able to undetectably modify the stored keys. Second, we exploit this flaw to define a forgery attack breaching the security guaranteed by the KeyStore. In particular, our attack allows a malicious application to make mobile apps to unwittingly perform secure protocols using weak keys. The threat is concrete: the attacker goes undetected while compromising the security of users. Our findings highlight an important fact: intuition often goes wrong when security is concerned. Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity. We show, once again, that this is not a good choice, since it usually results in severe consequences for the whole underlying system.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ESORICS 2016
Keywords
Android KeyStoreauthenticated encryptionintegrity
Contact author(s)
sabt mohamed @ gmail com
History
2016-07-06: received
Short URL
https://ia.cr/2016/677
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/677,
      author = {Mohamed Sabt and Jacques Traoré},
      title = {Breaking Into the {KeyStore}: A Practical Forgery Attack Against Android {KeyStore}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/677},
      year = {2016},
      url = {https://eprint.iacr.org/2016/677}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.