Android - Secure storage

18,873

Found out what you need to do to get secure storage on Android:

You need to buy a Secure MicroSD card, one which conforms to the ASSD specification (Advanced Security SD). That is a MicroSD card that contains a Secure Element, often a PKI solution where you can generate a private key on-card so the private key is impossible to extract, but the public key can be extracted and use it to encrypt things that only the MicroSD card can decrypt.

Two examples is CertGate MicroSD (which is available as a consumer version called "SmartCard-HSM Android") and one that is no longer available in consumer version, is the G&D Mobile Security Card.

That makes it a secure storage that CANNOT be hacked by a rooted phone, and it CANNOT be copied, impossible per the definition. Only way is to brute-force the private key using the public key as verification if you hit correctly. But if you use RSA-2048, that is technically impossible too.

The reason is that the Phone Manufacturers seems to lock the built-in Phone Secure Element to manufacturer approved apps, so you cannot use it arbitrarily. Only way is actually add a Secure Element to the phone in the form of a MicroSD card.

(This answer is only valid for Android versions prior to 5.0)

Share:
18,873

Related videos on Youtube

sebastian nielsen
Author by

sebastian nielsen

Updated on May 23, 2022

Comments

  • sebastian nielsen
    sebastian nielsen over 1 year

    How I do to store a secret key in a android device with the only possibility to use the key, not retrieve it. Eg: I import a private/generate a RSA keypair or a symmetric key from a application to this "secure storage". Now, NOBODY should be able to retrieve the secret key, not even the original application. (The non-secret part of key - the public key of a RSA keypair - but no part of a symmetric key - should still be retrieveable, especially if the key is generated in the secure storage)

    The keystore should now act as a black box, providing a input for encrypted data and a output for decrypted data, eg I feed my encrypted values that I want to decrypt, and gets the decrypted values back.

    Its a big plus if this is implemented in a hardware security chip in the android device, like a smart card chip, which is tamper-resistant, which would also keep the keys secure even if the device is rooted & cloned.

    Any ideas which android mobile phones, that has such a tamper-resistant chip? Any ideas on how to use such a storage?

    Found a similiar question: Android Secure Storage but this does not answer my questions.

  • sebastian nielsen
    sebastian nielsen almost 13 years
    Rook: No, it is not impossible. If a specific device has a hardware tamper-resistant security chip inside, like a smartcard chip, but embedded into the actual phone, even a jail-broken phone cannot in any way extract the secret key. Im searching for such devices and the possible to use the security chip from android.
  • rook
    rook almost 13 years
    @sebastian nielsen So what smartcards are also easy to break. youtube.com/watch?v=tnY7UVyaFiQ