The Evolution of Password Manager (4/4)
TL;DR
The fourth generation password managers take advantage of security chip on smartphones to protect the stored passwords. These passwords are safe on your phone even if your master password is disclosed.
Since a decade ago, lots of new password managers have been emerging, especially on smartphones. However, there is no significant improvement in how to protect the stored passwords, though the smartphone era brings new security technologies such as sandbox.
Sandbox
Unlike traditional desktop platforms like Windows, all apps installed on iOS or Android are sandboxed. It means one app cannot access the data inside other apps, and the data stored inside that app are inaccessible from other apps as well. Therefore, even a bad app running on iOS/Android cannot steal other apps' private data, unless it can break the sandbox.
Lots of Android apps, unexpectedly, even some of password managers, save data to external storage instead of their internal sandboxed storage. For example, Keepass2Android stores the encrypted database to external storage, and thus any app with external storage permission can read the database.
If a malicious app, for example, an evil input method app(IME), can grab the master password of Keepass2Android, all passwords stored in Keepass2Android can be cracked, though they are encrypted.
Security Chip
Although sandbox provides good protection for app data, internal data is still obtainable by system backup, cloud synchronization, and app clones.
What is more exciting is that security chip is equipped on most smartphones, except some low-end ones. When Android smartphones initially used fingerprint scanners to authenticate user, they did not protect the fingerprint image well. But later, security experts employ a new hardware architecture with the help of a security chip or Trusted Execution Environment (TEE) and secure the biometric data very well. Check this out, Fingerprints On Mobile Devices: Abusing and Leaking.
☝️ Fingerprint HIDL on Android
TEE in this diagram is a system on security chip which is independent on the main application processor and OS. The counterpart in iOS is Secure Enclave. According to Google, the fingerprint scanner hardware must be accessible only to the TEE. Even the OS or an evil app with root privilege must not access the biometric data protected by the TEE.
How does an app authenticate user with fingerprint?
- The app requests the OS to authenticate user.
- The OS sends the request to the TEE for authentication through FingerprintManagement and FingerprintService components.
- The TEE reads fingerprint image data and compares it to the enrolled fingerprint template inside.
- The TEE tells the OS whether it is matched or not, and then the OS sends the result to the app.
The fingerprint image is only accessible to the TEE and will never be exposed to the app or the OS. Some users might worry about their biometric data could be stolen by apps. It was true on some smartphones in the early days, but it has not been a problem since years ago.
The encryption keys stored in the TEE and the runtime memory used by the TEE are both encrypted and can't be accessed from the outside. The main application processor and OS cannot access the encryption keys, and thus they cannot decrypt the data encrypted by those keys.
☝️ Encryption in Security Chip
An app can ask the TEE to create an encryption key and only that app can ask the TEE to do cryptographic operations with the key by a reference. The app can only get the result, but not the key itself.
Let's look back at the second generation password managers. They can neither hard code the encryption key nor save the encryption key with the encrypted database, so the encryption key must be derived from a master password which must never be saved.
Now, the fourth generation password managers utilizing the TEE can achieve comparable security level as hardware password managers. The encrypted database is solid secure because the fourth generation password managers use encryption key secured by the TEE. Any app that steals the encrypted database can never decrypt it to get user's passwords.
Security Analysis
The fourth generation password managers use the encryption keys managed by the security chip/TEE to encrypt data. The passwords vault can only be decrypted on the phone that encrypted it, never on other devices.
-
Your passwords are still safe, even if hackers steal the database and try brute force attacks.
For the second/third generation password managers, if hackers get the database file (and SecretKey for the third generation password managers), they can assemble a large scale of cloud computing resources to crack your master password. If the master password is not strong enough (unfortunately it is true for most cases), the database can be compromised.
In addition to the master password protection, the fourth generation password managers add an extra layer of encryption and the encryption key is managed by security chip. It can stop the hacker from going further after breaking through the master password protection. The non-extractable encryption key contains much more entropy than a master password and is not possible to be cracked theoretically.
-
Your passwords are still safe, even if hackers steal the database and grab your master password.
For the second/third generation password managers, if hackers obtain the database and your master password (and SecretKey for the third generation password managers), they can get all passwords by decrypting the database with the same algorithm as the password managers.
Though hackers can crack the master password protection layer easily, they has to give up decrypting the database of the fourth generation password managers due to the additional layer of encryption performed by the security chip.
-
Your passwords are still safe, even if you do not set a master password.
The second and third generation password managers must rely on a master password to derive encryption key, otherwise, the database can be easily decrypted by other apps.
A master password is not a must for the fourth generation password managers because the encryption key is secured by security chip. Even the OS cannot extract the encryption key, let alone malicious apps.
Everything has its pros and cons. The data, which is stored inside the fourth generation password managers with the protection of security chip, cannot be synchronized to other devices. I mean if you migrate the encrypted data to other devices, they will not be able to be decrypted on those devices. That is because the encryption keys, which are used to encrypt data, are stored in the fixed security chip and cannot be extracted or synchronized to other mobile phones.
Any password manager can be attacked, the fourth generation password managers are no exception. After all, no app can make 100% sure that the user is genuine or not. To break the fourth generation password managers, hackers need to,
- control the smartphone (because the data cannot be decrypted off the device);
- and compromise the security chip.
Conclusion
| Generation | Unlock factors |
|---|---|
| first |
|
| second |
|
| third |
|
| fourth |
|
Demo
Hackers might be able to clone a password manager by using the adb backup tool of android, hacking the phone backup on desktop or in the cloud, or stealing the vault with a malicious program that is able to break the OS sandbox. I am not a hacker, so I do not write malicious programs. In order to demonstrate the concept of app clone attack, I used Xiaomi's official app Mi Mover to migrate apps and their data from an old phone to a new one. And We could see what would happen on the new phone. I recorded this video to show how security chip could help protect the vault of password managers.
Continue to read
-
The Evolution of Password Manager (2/4)
Appendix
-
The Evolution of Password Manager (4/4)