Discussion:
[android-security-discuss] Is there are any mechanism available for remote attestation?
Karthik k
2015-10-15 15:26:27 UTC
Permalink
Hey,

I recently read about PC/Desktops which comes with TPM chips which is used
for
remote attestation
<https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation>.

So following are my questions:

1. Does any Android smartphone comes with TPM chip?

2. Is there any way for a service provider to check whether the user is
accessing their service from a compromised Android OS?
(i.e., Does Android platform provide any mechanism for remote
attestation?)


Thank you,
Karthik
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
To post to this group, send email to android-security-***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
'Alex Klyubin' via Android Security Discussions
2015-10-16 15:49:19 UTC
Permalink
On devices with Google Play Services, SafetyNet provides a form of remote
attestation. See https://developer.android.com/training/safetynet/index.html
.
Post by Karthik k
Hey,
I recently read about PC/Desktops which comes with TPM chips which is
used for
remote attestation
<https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation>.
1. Does any Android smartphone comes with TPM chip?
2. Is there any way for a service provider to check whether the user is
accessing their service from a compromised Android OS?
(i.e., Does Android platform provide any mechanism for remote
attestation?)
Thank you,
Karthik
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an
To post to this group, send email to
Visit this group at
http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
To post to this group, send email to android-security-***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
Blibbet
2015-10-16 16:10:45 UTC
Permalink
Post by Karthik k
1. Does any Android smartphone comes with TPM chip?
Intel has a flavor of Android called Android-IA, on 01.org, some of
those boxes are TPM-capable. Android-IA uses UEFI, and UEFI can also
use TPM. They have TVs and tables, but I'm not sure about a smartphone,
but there might be, not hard to research.
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
To post to this group, send email to android-security-***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
Bryan Buckley
2015-10-16 20:02:39 UTC
Permalink
Trusted Execution Environment's are more common on Android smartphones than
TPMs. Trustonic's TEE has attestation API accessible from the Trusted
Application [pdf
<https://wiki.helsinki.fi/download/attachments/117218151/SP-2013-06-0097.R1_Kostiainen.pdf>
]
Post by Karthik k
Hey,
I recently read about PC/Desktops which comes with TPM chips which is
used for
remote attestation
<https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation>.
1. Does any Android smartphone comes with TPM chip?
2. Is there any way for a service provider to check whether the user is
accessing their service from a compromised Android OS?
(i.e., Does Android platform provide any mechanism for remote
attestation?)
Thank you,
Karthik
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an
To post to this group, send email to
Visit this group at
http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
To post to this group, send email to android-security-***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
'Shawn Willden' via Android Security Discussions
2015-10-20 15:20:47 UTC
Permalink
One of the features I'm working on adding to Android TEEs for N is an
attestation API. It will be implemented in our TEE, Qualcomm's,
Trustonic's, etc. However, that will only assure the relying party that the
device attesting has an officially-blessed TEE, and that the Android OS
that was booted was an officially-blessed image as well. It can't say
anything about the state of Android, whether or not it has been compromised
in some way that doesn't involve modifying the boot images. The SafetyNet
attestation can theoretically provide some level of assurance that the
device is not compromised, though at the moment I believe it really only
validates that the device is not an emulator and that it hasn't been rooted
in an obvious way.
Post by Bryan Buckley
Trusted Execution Environment's are more common on Android smartphones
than TPMs. Trustonic's TEE has attestation API accessible from the Trusted
Application [pdf
<https://wiki.helsinki.fi/download/attachments/117218151/SP-2013-06-0097.R1_Kostiainen.pdf>
]
Post by Karthik k
Hey,
I recently read about PC/Desktops which comes with TPM chips which is
used for
remote attestation
<https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation>.
1. Does any Android smartphone comes with TPM chip?
2. Is there any way for a service provider to check whether the user is
accessing their service from a compromised Android OS?
(i.e., Does Android platform provide any mechanism for remote
attestation?)
Thank you,
Karthik
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an
To post to this group, send email to
Visit this group at
http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an
To post to this group, send email to
Visit this group at
http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
Shawn Willden | Software Engineer | ***@google.com | 303-709-2258
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
Loading...