Releases: Katya-Incorporated/Auditor
Release
Our System Auditor app, which is built into the Katya ® 👽 System by default, uses hardware security features to verify the authenticity of the device and the authenticity and integrity of the operating system. It will check that the device is running a standard operating system with a locked bootloader and that no tampering has occurred with the operating system. A downgrade to a previous version will also be detected. It relies on hardware-based verification of the operating system by linking the verification to an application to perform software health checks and collect additional information about the device's health and configuration beyond what the hardware can confirm directly. The basis of the System Auditor application is to create a persistent key in a hardware-backed key store to verify the authenticity of the device and provide assurance that the operating system has not been modified or updated through an authenticated boot. It performs the pairing process between the device performing the verification and the device being verified to implement the Trust at First Use (TOFU) model. The device performing the check can be either another device with Android support on board running this application. A verified boot verifies the integrity and authenticity of the firmware and the entire operating system (both kernel and user space) from an immutable hardware root of trust. The results are sent to a hardware-backed key store and used to protect the keys.
The key attestation feature provided by the hardware key store provides direct support for device property attestation and bootstrapping the Trust On First Use model of System Auditor with a basic bootstrap verification tied to a known root certificate. The latest version of key attestation provides a signed result with the verified boot state, the verified boot key, a hash of all data protected by the verified boot, and the version of the operating system partitions, among other properties. It also supports application trust binding that performs attestation checks, which is used by the System Auditor application to perform bootstrap checks at the software level.
Devices shipping with Android 9 or later may ship with a StrongBox Keymaster implementation, allowing the System Auditor app to store keys used by the attestation protocol in a dedicated hardware security module (HSM) (such as Titan M in Pixel phones) rather than using Trusted Execution Environment (TEE) on the main processor. This can provide a significant reduction in the attack surface.
These projects will carefully monitor the security improvements offered by future generations of hardware and future releases of Android. The core workflow and feature set are already implemented, but the foundation will be improved regularly along with significant improvements to the user interface and documentation. The application and service are designed to be both forward and backward compatible via a versioning protocol, allowing for significant changes in the future.