Google is upgrading how Android key attestation works starting in Android 12.0. This will provide an option to replace in-factory private key provisioning with a combination of in-factory public key extraction and over-the-air certificate provisioning with short-lived certificates, according to Google. This “Remote Key Provisioning” scheme will be mandated in Android 13.0.
Attestation has been mandated since Android 8.0 and has become more central to trust for a variety of features and services such as SafetyNet, Identity Credential, Digital Car Key, and a variety of third party libraries, according to Google.
“In light of this, it is time we revisited our attestation infrastructure to tighten up the security of our trust chain and increase the recoverability of device trust in the event of known vulnerabilities,” Google said in the March 25 Android Developers Blog.
Why the change?
To date, there has been a software key stored on every Android phone, provided by the device manufacturer when the phone is made, signed by a root key that's provided by Google.
But device manufacturers will no longer be provisioning attestation private keys directly to devices in the factory, removing the burden of having to manage these secrets in the factory, Google said. This will now be done by Remote Key Provisioning.
And there’s a reason for this.
In the current attestation scheme, if an Android device is compromised in a way that affects the trust signal of an attestation, or if a key is leaked, the key must be revoked, according to Google.
“Due to the increasing number of services that rely on the attestation key signal, this can have a large impact on the consumer whose device is affected,” Google said.
The change will allow Google to stop provisioning to devices that are on known-compromised software and remove the potential for unintentional key leakage. “This will go a long way in reducing the potential for service disruption,” according to Google.
“The two primary motivating factors for changing the way we provision attestation certificates to devices are to allow devices to be recovered post-compromise and to tighten up the attestation supply chain.”
--Upgrading Android Attestation: Remote Provisioning, Google Developers Blog, March 25, 2022
This is how Google describes it.
A unique, static keypair is generated by each device, and the public portion of this keypair is extracted by the OEM in their factory. These public keys are then uploaded to Google servers, where they serve as the basis of trust for provisioning later. The private key never leaves the secure environment in which it is generated.
“When a device is unboxed and connected to the internet, it will generate a certificate signing request for keys it has generated, signing it with the private key that corresponds to the public key collected in the factory. Backend servers will verify the authenticity of the request and then sign the public keys, returning the certificate chains. Keystore will then store these certificate chains, assigning them to apps whenever an attestation is requested,” according to Google.
“This flow will happen regularly upon expiration of the certificates or exhaustion of the current key supply. The scheme is privacy preserving in that each application receives a different attestation key, and the keys themselves are rotated regularly. Additionally, Google backend servers are segmented such that the server which verifies the device’s public key does not see the attached attestation keys. This means it is not possible for Google to correlate attestation keys back to a particular device that requested them.”
Pratik Savla, Senior Security Engineer at Venafi, said this will, ostensibly, improve security.
"Short-lived certificates provide a relatively shorter window of opportunity for any malicious actor to abuse certificates and the corresponding infrastructure they support and secure," Savla said.
"That has significant and direct implications on any incident containment and response. This could even affect the actions of opportunistic attackers who prefer to lay low for a sizable period of time. From that standpoint, this move certainly helps in improving security," Savla added.