Open Access Open Access  Restricted Access Subscription Access

SARA: Safe Remote Authorization for Android

Dr. Harish Joshi, Prof. Ashok Bawge, Prof. Uzma Kausar, Md Saqlain Parvez, Mohd Ayaan, Aashish Malage, Mohd Hassan Ali

Abstract


Modern smartphones now come equipped with Trusted Execution Environments (TEEs), which provide robust security—even against attackers with full control over the standard operating system, such as Linux on Android. While both researchers and manufacturers have proposed using TEEs to enhance authorization security, these approaches often fall short due to practical limitations and incomplete security guarantees. To overcome these challenges, this paper introduces SARA (Secure Android Remote Authorization), an Android library that leverages existing TEE-supported Android APIs to provide secure, end-to-end remote authorization. SARA is practical because it uses pre-existing features in modern Android devices without requiring changes to the OS or the TEE's TrustZone code. As a result, it can be seamlessly integrated into current apps on existing smartphones. Additionally, SARA is designed for ease of use, enabling developers—even those without a background in security—to implement strong authorization protocols. To validate its effectiveness, we conducted a user study to evaluate SARA’s usability and formally verified its security guarantees using the ProVerif tool.


Full Text:

PDF

References


[1 YubiKey Bio. https://www.yubico.com/products/

yubikey-bio-series/, 2020.

Android Certificate Revocation List. https://android. googleapis.com/attestation/status, 2021.

Android Compatibility Definition Document. https:

//source.android.com/compatibility/cdd, 2021.

Android Protected Confirmation. https://developer. android.com/training/articles/security-andro id- protected-confirmation, 2021.

Android Security Bulletin-February 2021. https://so

urce.android.com/security/bulletin/2021-02-0 1, 2021.

Biometric Prompt. https://developer.android.co m/reference/android/hardware/biometrics/Biom etricPrompt, 2021.

Hardware-backedKeystore. https://source.android

.com/security/keystore, 2021.

Insulin Pumps using Android Protected Confirmation. https://android- developers.googleblog.com/2 018/10/android-protected- confirmation.html, 2021.

Jadx. https://github.com/skylot/jadx, 2021.

Knox Platform for Enterprise White Paper. https://im ages.samsung.com/is/content/samsung/p5/ ch/bu siness/enterprise- edition/Knox_Platform_for

_Enterprise_Whitepaper_2019.pdf, 2021.


Refbacks

  • There are currently no refbacks.