Is there an equivalent of an Apple cryptochip in Android devices?
how does Android ensure that the throttling of failed authentication attempts is not by-passed during an offline attack?
Android KeyStores
can be hardware or software based previous to android N, which has made hardware KeyStore
a MUST in the CTS.
EDIT: In the below I am using the term online attack as something with the property
Online entities can perform additional security checks to make a protocol more safe. For example, an online entity can regulate the number and speed of login attempts (from another SO q)
...rather than being conducted over a remote network. Maybe I am not using it in the common way but to me the interesting property about online attacks is that there is a layer between the attacker and the data being attacked which is not under the attackers control. Whether this layer is a remote webserver or some local hardware does not make much difference in this case, as both can perform rate-limiting, unless the physical chip is attacked / inspected, which would be a completely different class of attack.
This SO answer actually has a definition closer to the one I am using
An online attack tries automated routines providing input to a legitimate system. They are not looking to create an exploit in functionality, but to abuse expected functionality.
An offline attack attempts to emulate the encryption/hashing and requires a known output of that process (i.e., you don't attack the system, you already have the hashed/encrypted password)
If hardware based, private keys should be extractable from the KeyStore
without a sophisticated physical attack (maybe an electron microscope or some black box vuln exposed by the TEE/TPM. This is an online attack. You would hope the TEE/TPM implements throttling.
EDIT: I just tested the nexus 6p KeyStore
impl and no throttling takes place for general Cipher
operations (was seeing if a padding oracle was exposed for RSA). I have not tested KeyStore
rate-limiting for the main unlock however.
If software based then with root, the KeyStore
blob can be lifted and potentially bruteforced. This is an offline attack and no throttling can take place.
In answer to your question, it cant ensure throttling of an offline attack, by its very nature.