Straightforward question: what's the minimum version of Android that will generate remotely-verifiable attestations to the OS integrity, the voting app's integrity, and the absence of apps trying to draw above the voting app? I think what you'd want is a "SafetyNet attestation".
Conversation
SafetyNet attestation is not meaningfully verified. It's a much different thing than hardware-based attestation. Devices launched with Android 8 or later have the necessary hardware support for hardware-based attestation. SafetyNet doesn't build on it but rather is pure theatre.
1
If you verify solely based on the attestation root of trust, that would mean compromising the hardware keystore on a single device is a full compromise of the entire attestation system. It's not a solution to this problem since you need do pairing for it to provide good security.
1
Even if you had a way to securely bootstrap, vast majority of devices don't have a secure element providing a StrongBox keystore but rather only a TrustZone-based keystore. TrustZone security is not great. Also, checking patch level in the attestation will rule out most devices.
1
See attestation.app/about if you're interested in it. I built github.com/GrapheneOS/Aud and github.com/GrapheneOS/Att to provide a way for users to use hardware-based attestation with Trust-On-First-Use pairing. It does bootstrap with the root, but that's an incredibly weak check.
1
Verification based on the attestation root is essentially only useful for implementing anti-cheat / DRM. It can be fooled by anyone able to compromise a single TEE / SE on any device, including one without updated firmware. Bunch of companies also have access to valid batch keys.
1
I don't see another way of doing it for use cases like this with the current implementation. It would certainly be better than not using any hardware-based attestation at all, but unless the devices are going to have pairing done before being distributed to users it's very weak.
1
Thanks for this thread. What I think I'm hearing is that the sort of attestation that would be a meaningful lower bar for a voting app isn't going to happen any time soon for most Android devices.
1
1
In a less unpopular opinion than I initially expressed, I’d argue that SafetyNet / DeviceCheck may be Good Enough (TM) in practice.
What is an individual jailbreaking/rooting their phone able to achieve?
2
1
You want to know:
. No app is overdrawing the voting app (switching candidates), or otherwise compromising integrity or privacy
. The real app is running on a real phone (not some attacker in the cloud)
Separately, you to authenticate the voter, maybe bind to the phone.
4
If the device was paired using hardware-based attestation when it wasn't compromised, it gives a very strong assurance that it has the latest security patch level and isn't compromised. The inclusion of the patch level is a big deal. Chained trust to the app allows other checks.
Even ignoring the bootstrapping issue, I don't think it's good enough for serious voting. Even 0.1% of devices being compromised in a widespread attack is a massive problem. There are other problems beyond the actual security of devices too. Voting has more to it than just this.
1
1
The *perception* of security and *trust* in the system matters. The public needs to believe in the system and have a full understanding of why it's trustworthy. Think about a president refusing to give up power because they claim that the election results were compromised.
1
1
1
Show replies