Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design

Presented at Black Hat USA 2022, Aug. 10, 2022, 2:30 p.m. (30 minutes)

ARM-based Android smartphones rely on the TrustZone hardware support for a Trusted Execution Environment (TEE) to implement security-sensitive functions. The TEE runs a separate, isolated, TrustZone Operating System (TZOS), in parallel to Android. The implementation of the cryptographic functions within the TZOS is left to the device vendors, who create proprietary undocumented designs.

In this work, we expose the cryptographic design and implementation of Android's Hardware-Backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices. We reverse-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google's Secure Key Import. We discuss multiple flaws in the design flow of TrustZone based protocols. Although our specific attacks only apply to the ~100 million devices made by Samsung, it raises the much more general requirement for open and proven standards for critical cryptographic and security designs.

Presenters:

• Avishai Wool - Faculty Member, School of Electrical Engineering, Tel Aviv University
  Prof. Avishai Wool is a faculty member of Tel Aviv University's School of Electrical Engineering, and co-founder and CTO of AlgoSec, a global high-tech software company providing solutions for business-driven security management in the field of network security policy management.
• Eyal Ronen - Faculty Member, School of Computer Science, Tel Aviv University
  Eyal Ronen is a faculty member at Tel Aviv University's School of Computer Science. His research interests are in cybersecurity and applied cryptography. He is interested in analyzing and designing real-world implementations of cryptographic and security protocols and primitives (both in software and in hardware). His research spans side-channel attacks (e.g., power analysis and cache attacks), cryptographic protocols (e.g., TLS and WPA3), cryptanalysis of cryptographic primitives (e.g., AES), IoT security, and password-based authentication.
• Alon Shakevsky - Graduate Student, Tel Aviv University
  Alon Shakevsky is a computer science graduate student at Tel Aviv University with extensive experience as a security researcher, R&D specialist and software engineer.

Links:

• https://www.blackhat.com/us-22/briefings/schedule/#trust-dies-in-darkness-shedding-light-on-samsungs-trustzone-keymaster-design-26736

Similar Presentations:

• Black Hat USA 2019 / Breaking Samsung's ARM TrustZone
• Black Hat USA 2015 / Attacking Your Trusted Core: Exploiting Trustzone on Android
• Black Hat Asia 2020 Virtual / May the Trust be with You: Empowering TrustZone-M with Multiple Trusted Environments