1. Field
Embodiments disclosed herein generally relate to techniques for preventing the cloning of cryptographic secrets, particularly on mobile devices. More specifically, techniques are disclosed for encrypting shared secrets using file system attributes.
2. Description of the Related Art
Protecting encrypted data is a well-known issue in numerous contexts. For instance, a server application and the client device may possess a shared secret, such as a data credential or a symmetric key. The server application and client device may use this shared secret in authentication transactions to validate the identity of the client device or of an associated user of the device. For example, a server application and a client device may later use the shared secret to generate a one-time password or create another unique key during a login session. Alternatively, the client and the server may use the shared secret in a challenge-response method of authentication. Thus, because the shared secret is used in these secure authentications, it is important to protect it from being compromised by a malicious user. As one approach to protect the shared secret, the client device generates an encryption key using various sources of entropy (the randomness collected by an operating system or application for use in cryptography), such as the device ID, the CPU ID, keyboard timings, and the like. The client device uses the encryption key to secure the shared secret. If a client device later requires access to the shared secret for logical computation, the device reconstructs the key using the same sources used and decrypts the data.
However, in some cases, a malicious user can access the shared secret by reconstructing the key. The malicious user may do this by using a cloning application to copy data from the client device (including the encrypted shared secret and the sources used to secure the shared secret) and mimic the client device. Because all of the sources of entropy used to create the key are present in the cloning device, the malicious user has all of the required items to recreate the encryption key. Thereafter, the malicious user may use the reconstructed key to decrypt the shared secret. Alternatively, instead of reconstructing the key directly, in addition to copying the encrypted shared secret data from the client device, the cloning application may copy the code used to generate the key (in addition to the shared secret data) and run the code to reconstruct the key. At any rate, once the shared secret has been compromised, the malicious user may be able to use the data in server transactions. Such breaches in security result in weak device and user authentication, and therefore, approaches that prevent a malicious user from decrypting shared secrets through cloning are necessary to maintain strong authentication.