3.2 Key Management
3.2.1 Key Management Functions
The MIUI's key management function is used primarily to manage the life cycles of the keys and certificates used by application developers, while also providing remote certification for device certificates in the TEE environment. Key management has the following functions:
1) Generation and storage
MIUI's key management provides a key storage mechanism protected by hardware. The key generated in the application is encrypted and can only be used by the corresponding device.
2) Encryption and decryption
When it is necessary for an application to use the key, the previously generated encrypted key and the data to be encrypted are sent back to the TEE of the corresponding device. The key can only be used to perform encryption and decryption operations in the TEE of the corresponding device.
3) Key Authentication
As every Xiaomi smartphone is injected with a Google-issued certificated at the time of its manufacturing, any generated key can therefore be authenticated with Google's certificate. The key authentication function allows the network service to authenticate MIUI devices.
3.2.2 Technical basis
The technical basis of MIUI's key management is Android Keystore which prevents the unauthorized use of key material outside of and on the device through measures such as key extraction prevention and key use authorization:
1) Extraction prevention
Key material can be protected against unauthorized use outside of MIUI devices. When an application performs encryption operations using an Android Keystore key, the plaintext, ciphertext and messages to be signed or verified are fed to a system process to perform the encryption operations—as opposed to an application process. Therefore, even if an application process is compromised, the attacker cannot extract the key material.
At the same time, MIUI also links key material to the secure hardware (e.g., TEE) of the Mi device to ensure key material is never exposed outside of the secure hardware. Even if the MIUI OS is compromised or an attacker can read the device's storage area, key material linked to the secure hardware cannot be extracted from the device.
2) Key use authorization
To mitigate the unauthorized use of keys on MIUI devices, Android Keystore lets applications specify methods of authorized use for their keys when the keys are generated or imported. Once a key is generated or imported, its authorization cannot be changed. Authorizations are then enforced by the Android Keystore whenever the key is used. Supported key use authorizations in MIUI fall into the following categories:
Encryption: authorized key algorithms, operations or purposes (encryption, decryption, signatures, verification), padding schemes, block modes, and digests with which the key can be used.
Temporal validity interval: interval of time during which the key is authorized for use.
User authentication: the key can only be used if the user has authenticated recently.