5

I am trying to piece together some information about the security system in Android. Particularly about how user's password/PIN is connected with encryption keys in file-based encryption mode. I'm doing this for my university project. I've found a lot of useful information on the Android source site. But some things are still unclear to me.

  1. How is passwords/PIN information connected with keys, which are used to encrypt files?

The stretched credential is the user credential after salting and stretching with the scrypt algorithm. The credential is actually hashed once in the lock settings service before being passed to vold for passing to scrypt. This is cryptographically bound to the key in the TEE with all the guarantees that apply to KM_TAG_APPLICATION_ID.

  1. Where does Android store this key: in hardware or some not accessible memory?

The secdiscardable hash is a 512-bit hash of a random 16 KB file stored alongside other information used to reconstruct the key, such as the seed

  1. What algorithm does Android use for reconstruction the key?
Setplus
  • 161
  • 7

1 Answers1

3

File Based Encryption (FBE) keys are cryptographically bound to screen lock authentication. Without screen lock code, keys that decrypt FBE keys cannot be derived. Screen lock authentication and key derivation are executed inside Trusted Execution Environment (TEE) which is a separate secure environment that runs independently of android OS.

TEE has 3 components:

  1. Gatekeeper - It enrolls new screen lock password and authenticates the existing user.

  2. Biometric - It enrolls and authenticates biometrics.

  3. Keymaster - It handles cryptographic operations for the device.

Lockscreen Knowledge Factor Enrollment

LSKF Enrollment

It happens only when the user registers Lockscreen Knowledge Factor (LSKF) on a new device or after factory reset. This is called untrusted enroll. Changing LSKF for the existing user which is called trusted enroll. The difference between them is trusted enroll requires existing LSKF to enroll new LSKF. In both cases, HMAC on Password Handle is generated & stored by the Gatekeeper.

Authentication & FBE Keys Decryption In Before First Unlock State

Biometric authentication doesn't work in this state.

Authentication

Authentication

Start point is PIN pad.

Invalid frequent password attempts are throttled by exponential timeout by Gatekeeper. Each attempt takes 100ms for verification so brute forcing a strong password is not feasible.

After 5th and 10th incorrect authentication attempt, there is a timeout of 30 seconds. Every successive attempt up to the 30th gets the same timeout. Between 30 and 140 attempts, the timeout grows in an exponential manner from 32 seconds to 17 hours 4 minutes. After 140 attempts the timeout for each incorrect attempt is 1 day. A brute force attack against a 4 digit PIN would take around 27 years to complete.

FBE Keys Decryption

Keymaster File Based Decryption

After First Unlock State

Cached FBE keys

FBE keys are re-encrypted by Keymaster using Ephemeral Key which is valid until next reboot. Re-encrypted FBE keys are then cached in vold and in the Linux kernel keyring. When the Linux kernel requires this key to read or write a file, it calls into the secure environment which decrypts FBE keys, derives a 64-byte AES-256-XTS key and programs it in into the Inline Crypto Engine. This ensures that FBE keys are never stored in plain-text when outside of TEE. FBE keys also undergo an additional key derivation step in the kernel in order to generate the subkeys actually used to do the encryption, for example per-file or per-mode keys.

Now user can use biometric to unlock screen.

Is this design secure enough from forensic extraction?

It is secure when the device has not been unlocked after reboot. This is called Before First Unlock state. Once the device is unlocked at least once after reboot, the device goes to After First Unlock state and at some point FBE keys will have to come in memory for reading and writing data. Background apps like messages, emails, contacts, notes, reminders etc. can keep them in memory indefinitely from where they can be extracted.

That's how FBI might be Hacking Into Private Signal Messages

Qualcomm File Based Encryption (pdf)

File Based Encryption

Gatekeeper.cpp

Authentication

Android 7 File Based Encryption and the Attacks Against It

Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

Cryptographic relation between Verified Boot State & FBE keys

defalt
  • 6,231
  • 2
  • 22
  • 37
  • "at some point FBE keys will have to come in memory for reading and writing data" -- doesn't this contradict what you said earlier: "This ensures that FBE keys are never stored in plain-text when outside of TEE." In a software backed TEE, the keys are placed in memory. However, the whole reason behind using Ephemeral Keys is to allow dedicated hardware to "wrap" the raw keys, so that raw key material is never exposed in memory. –  Jul 06 '22 at 07:24
  • I'll update the answer soon to address the use of **Inline Crypto Engine** (ICE) hardware that wraps the FBE keys and store them for data I/O until next reboot. Earlier, without ICE, FBE keys are used to be unwrapped in Linux kernel keyring in memory which was vulnerable to extraction. But they are never stored in plain-text in the flash storage which is what I mean with that line. – defalt Jul 06 '22 at 09:25