近日,中国科学院大学密码学院在移动终端密钥安全保护领域取得最新研究进展。由密码学院王跃武研究员指导、博士研究生史昊天作为第一作者撰写的论文《An Android Keystore Scheme with Flash as the Secure Module》被 The 41st ACM/SIGAPP Symposium On Applied Computing(ACM SAC 2026)接收。该研究聚焦Android Keystore密钥安全保护问题,提出了一种基于闪存芯片的安全模块方案FBSM(Flash-based Secure Module),为缺乏可信执行环境或硬件安全模块的智能设备提供了新的密钥保护思路。
ACM SAC 2026于2026年3月23日至27日在希腊塞萨洛尼基举行,由ACM Special Interest Group on Applied Computing(SIGAPP)主办。2026年3月,密码学院特别研究助理马思源代表研究团队参会,并在大会上就该研究工作作了学术报告。
Abstract:The extensive deployment and rapid increase in the number of smart devices have brought security issues to the forefront. Cryptographic techniques are fundamental in addressing these security threats, so the security of cryptographic keys is crucial. To ensure the confidentiality and integrity of cryptographic keys, Android introduces the Keystore subsystem which utilizes Trusted Execution Environments (TEEs) or Hardware Security Modules (HSMs) to protect key materials from extraction by adversaries. However, TEE deployment is tightly controlled by original equipment manufacturers (OEMs). This allows the user's key materials to be easily extracted by the OEMs, and at the same time, the user is unable to verify the trusted applications (TAs) provided by the OEM, which may have security vulnerabilities. Worse yet, many low-cost devices still ship without any TEE or HSM support. To fill this gap, we present FBSM (Flash-based Secure Module), a method that transforms a flash chip into a secure module for the Android Keystore. FBSM leverages the characteristics and computational capabilities of the flash chip to achieve the security functions required by Android Keystore, effectively preventing attackers from extracting key materials. Evaluation of the FBSM prototype system shows that FBSM can effectively provide protection for the cryptographic keys with an acceptable performance overhead.
论文信息:Haotian Shi, Yuewu Wang, Lingguang Lei, Pingjian Wang, Peng Wang and Siyuan Ma: “An Android Keystore Scheme with Flash as the Secure Module,” in The 41st ACM/SIGAPP Symposium On Applied Computing(ACM SAC 2026).
