Cryptology ePrint Archive: Report 2016/677

Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore

Mohamed Sabt and Jacques Traoré

Abstract: We analyze the security of Android KeyStore, a system service whose purpose is to shield users credentials and cryptographic keys. The KeyStore protects the integrity and the confidentiality of keys by using a particular encryption scheme. Our main results are twofold. First, we formally prove that the used encryption scheme does not provide integrity, which means that an attacker is able to undetectably modify the stored keys. Second, we exploit this flaw to define a forgery attack breaching the security guaranteed by the KeyStore. In particular, our attack allows a malicious application to make mobile apps to unwittingly perform secure protocols using weak keys. The threat is concrete: the attacker goes undetected while compromising the security of users. Our findings highlight an important fact: intuition often goes wrong when security is concerned. Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity. We show, once again, that this is not a good choice, since it usually results in severe consequences for the whole underlying system.

Category / Keywords: secret-key cryptography / Android KeyStore, authenticated encryption, integrity

Original Publication (with minor differences): ESORICS 2016

Date: received 5 Jul 2016

Contact author: sabt mohamed at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20160706:055348 (All versions of this report)

Short URL: ia.cr/2016/677

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]