Posted by Max Bires, Software program Engineer
Attestation as a characteristic has been mandated since Android 8.0. As releases have come and gone, it has more and more change into increasingly central to belief for a wide range of options and companies akin to SafetyNet, Id Credential, Digital Automotive Key, and a wide range of third celebration libraries. In mild of this, it’s time we revisited our attestation infrastructure to tighten up the safety of our belief chain and enhance the recoverability of machine belief within the occasion of identified vulnerabilities.
Beginning in Android 12.0, we will likely be offering an choice to switch in-factory personal key provisioning with a mix of in-factory public key extraction and over-the-air certificates provisioning with short-lived certificates. This scheme will likely be mandated in Android 13.0. We name this new scheme Distant Key Provisioning.
Who This Impacts?
Gadget producers will now not be provisioning attestation personal keys on to gadgets within the manufacturing facility, eradicating the burden of getting to handle secrets and techniques within the manufacturing facility for attestation.
Relying Events, Doubtlessly
Described additional down beneath, the format, algorithms, and size of the certificates chain in an attestation will likely be altering. If a relying celebration has arrange their certificates validation code to very strictly match the legacy certificates chain construction, then this code will have to be up to date.
The 2 main motivating components for altering the best way we provision attestation certificates to gadgets are to permit gadgets to be recovered post-compromise and to tighten up the attestation provide chain. In in the present day’s attestation scheme, if a tool mannequin is discovered to be compromised in a method that impacts the belief sign of an attestation, or if a secret is leaked by means of some mechanism, the important thing have to be revoked. As a result of growing variety of companies that depend on the attestation key sign, this could have a big influence on the buyer whose machine is affected.
This transformation permits us to cease provisioning to gadgets which might be on known-compromised software program, and take away the potential for unintentional key leakage. This may go a good distance in decreasing the potential for service disruption to the consumer.
How Does This Work?
A singular, static keypair is generated by every machine, and the general public portion of this keypair is extracted by the OEM of their manufacturing facility. These public keys are then uploaded to Google servers, the place they function the idea of belief for provisioning later. The personal key by no means leaves the safe setting through which it’s generated.
When a tool is unboxed and related to the web, it can generate a certificates signing request for keys it has generated, signing it with the personal key that corresponds to the general public key collected within the manufacturing facility. Backend servers will confirm the authenticity of the request after which signal the general public keys, returning the certificates chains. Keystore will then retailer these certificates chains, assigning them to apps each time an attestation is requested.
This movement will occur recurrently upon expiration of the certificates or exhaustion of the present key provide. The scheme is privateness preserving in that every utility receives a unique attestation key, and the keys themselves are rotated recurrently. Moreover, Google backend servers are segmented such that the server which verifies the machine’s public key doesn’t see the connected attestation keys. This implies it’s not potential for Google to correlate attestation keys again to a specific machine that requested them.
What’s Altering from a Technical Standpoint?
Finish customers gained’t discover any adjustments. Builders that leverage attestation will wish to be careful for the next adjustments:
- Certificates Chain Construction
- As a result of nature of our new on-line provisioning infrastructure, the chain size is longer than it was beforehand, and is topic to vary.
- Root of Belief
- The foundation of belief will ultimately be up to date from the present RSA key to an ECDSA key.
- RSA Attestation Deprecation
- All keys generated and attested by KeyMint will likely be signed with an ECDSA key and corresponding certificates chain. Beforehand, uneven keys have been signed by their corresponding algorithm.
- Quick-Lived Certificates and Attestation Keys
- Certificates provisioned to gadgets will usually be legitimate for as much as two months earlier than they expire and are rotated.