Posted by Rob Barnes & Shawn Willden, Android Safety & Privateness Staff
Billions of individuals depend on their Android-powered gadgets to securely retailer their delicate info. An important element of the Android safety stack is the important thing attestation system. Android gadgets since Android 7.zero are in a position to generate an attestation certificates that attests to the safety properties of the machine’s hardware and software program. OEMs producing gadgets with Android eight.zero or greater should set up a batch attestation key supplied by Google on every machine on the time of producing.
These keys would possibly have to be revoked for numerous causes together with unintentional disclosure, mishandling, or suspected extraction by an attacker. When this happens, the affected keys have to be instantly revoked to guard customers. The safety of any Public-Key Infrastructure system relies on the robustness of the important thing revocation course of.
All the attestation keys issued up to now embody an extension that embeds a certificates revocation record (CRL) URL within the certificates. We discovered that the CRL (and on-line certificates standing protocol) system was not versatile sufficient for our wants. So we got down to exchange the revocation system for Android attestation keys with one thing that’s versatile and easy to keep up and use.
Our answer is a single TLS-secured URL (https://android.googleapis.com/attestation/standing) that returns a listing containing all revoked Android attestation keys. This record is encoded in JSON and follows a strict format outlined by JSON schema. Solely keys which have non-valid standing seem within the record, so it’s not an exhaustive record of all issued keys.
This technique permits us to specific extra nuance in regards to the standing of a key and the rationale for the standing. A key can have a standing of REVOKED or SUSPENDED, the place revoked is everlasting and suspended is non permanent. The explanation for the standing is described as both KEY_COMPROMISE, CA_COMPROMISE, SUPERSEDED, or SOFTWARE_FLAW. A whole, up-to-date record of statuses and causes may be discovered within the developer documentation.
The CRL URLs embedded in present batch certificates will proceed to function. Going ahead, attestation batch certificates will now not comprise a CRL extension. The standing of those legacy certificates can even be included within the attestation standing record, so builders can safely change to utilizing the attestation standing record for each present and legacy certificates. An instance of learn how to appropriately confirm Android attestation keys is included within the Key Attestation pattern.