Paper 2016/677

Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore

Mohamed Sabt and Jacques Traoré


We analyze the security of Android KeyStore, a system service whose purpose is to shield users credentials and cryptographic keys. The KeyStore protects the integrity and the confidentiality of keys by using a particular encryption scheme. Our main results are twofold. First, we formally prove that the used encryption scheme does not provide integrity, which means that an attacker is able to undetectably modify the stored keys. Second, we exploit this flaw to define a forgery attack breaching the security guaranteed by the KeyStore. In particular, our attack allows a malicious application to make mobile apps to unwittingly perform secure protocols using weak keys. The threat is concrete: the attacker goes undetected while compromising the security of users. Our findings highlight an important fact: intuition often goes wrong when security is concerned. Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity. We show, once again, that this is not a good choice, since it usually results in severe consequences for the whole underlying system.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ESORICS 2016
Android KeyStoreauthenticated encryptionintegrity
Contact author(s)
sabt mohamed @ gmail com
2016-07-06: received
Short URL
Creative Commons Attribution


      author = {Mohamed Sabt and Jacques Traoré},
      title = {Breaking Into the {KeyStore}: A Practical Forgery Attack Against Android {KeyStore}},
      howpublished = {Cryptology ePrint Archive, Paper 2016/677},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.