Google introduces new features of & Key; to keep user data safe


A recent Google blog post details how the new Android Keystore features keep your pie slice safer.

Part of this is linked to Google's Titan M security chip installed on Pixel 3 devices, but other parts of the Keystore are at the operating system level. In other words, some of the new Keystore features help anyone using Android 9.0 Pie.

Keystore provides application developers with a set of cryptographic tools designed to protect users' data. One of Keystore's benefits is that it moves the tools available on the Android operating system to secure hardware on the device. This adds extra security, as applications can only use these cryptographic keys on secure hardware, protecting them from multiple attacks.

One of the new Keystore features introduced in the Android Pie are the keyboard protection keys.

Mobile applications generally receive data, but do not need immediate access to them. This data must remain secure until the user has to access it. This is where the Keyguard protection keys come in.

Applications can not use these keys for decryption or signature when the screen is locked. However, when a user unlocks the device, keys linked to the Keyguard are available for use.

Although this Keyguard binding works similarly to another security tool, authentication binding, there is an important distinction. The keyguard binding is bound directly to the screen lock state, while the authentication binding has a constant timeout.

It is also important to note that binding of keyguards happens at an operating system level because the hardware chips would not know when the screen was locked. However, using the Keyguard connection with the hardware-based authentication connection creates a more secure environment for storing critical cryptographic data. In addition, any Android Pie device has access to the Keyguard connection as an operating system-level feature.

Secure key import

The other new feature allows devices to import keys safely. First, a source keypoint, such as a remote server, data center, or other cloud-based storage system, can use a public key to encrypt the security keys. This public encapsulation key comes from the user's device and this device is the only one that can decrypt it.

In addition, the tunneling key keeps its contents hidden during transit and from the operating system, which means that only the secure hardware can see the key contained in the enclosure.

An example application that uses this is Google Pay, which provides some keys in Pixel 3 to prevent them from being intercepted.

Overall, these security features add multiple layers of protection to valuable information sent and received with your phone. Google did a lot with the Pixel 3 chip and Titan M to improve security as well.

Source: Google


Source link