Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys.
The researchers – Alon Shakevsky, Eyal Ronen, and Avishai Wool – describe their work in a paper titled, “Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design,” which is scheduled for presentation at Real World Crypto and USENIX Security, 2022.
Android smartphones, which pretty much all use Arm-compatible silicon, rely on a Trusted Execution Environment (TEE) supported by Arm’s TrustZone technology to keep sensitive security functions isolated from normal applications. These TEEs run their own operating system, TrustZone Operating System (TZOS), and it’s up to vendors to implement the cryptographic functions within TZOS.
The Android Keystore, the researchers explain, offers hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer (HAL). Samsung implemented the HAL through a Trusted Application running in the TrustZone called Keymaster TA, to carry out cryptographic operations like key generation, encryption, attestation, and signature creation in a secure environment. The results of these TEE crypto calculations can then be used in apps operating in the less secure Android environment.
The Keymaster TA stores cryptographic keys as blobs – the keys are wrapped (encrypted via AES-GCM) so they can be stored in the file system of the Android environment. In theory, they should only be readable within the TEE.
However, Samsung failed to implement Keymaster TA properly in its Galaxy S8, S9, S10, S20, and S21 phones. The researchers reverse engineered the Keymaster app and showed they could conduct an Initialization Vector (IV) reuse attack to obtain the keys from the hardware-protected key blobs.
The IV is supposed to be a unique number each time, which ensures the AES-GCM encryption operation produces a different result even when the same plain text is encrypted. But when the IV – referred to by the researchers as “salt” – and encryption key remain the same, the same output gets generated. And that sort of predictability is the bane of encryption.
“So they could have derived a different key-wrapping key for each key they protect,” observed Matthew Green, associate professor of computer science at the Johns Hopkins Information Security Institute in the US, via Twitter. “But instead Samsung basically doesn’t. Then they allow the app-layer …….