The Use of Hardware Security Mechanisms (Secure Enclave) for Secure Storage of Cryptographic Keys on Mobile Devices

Pankiv Oleg

Citation: Pankiv Oleg, "The Use of Hardware Security Mechanisms (Secure Enclave) for Secure Storage of Cryptographic Keys on Mobile Devices", Universal Library of Innovative Research and Studies, Volume 03, Issue 01.

Copyright: This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

This article examines the evolution of hardware mechanisms for protecting cryptographic keys in mobile platforms, tracing the progression from ARM TrustZone-based Trusted Execution Environments (TEE) to physically isolated Secure Elements. The relevance of the work is determined by the shift of attack vectors toward microarchitectural components, the emergence of new vulnerabilities, and the limited adoption of StrongBox/Secure Enclave in applications. The objective of the study is to conduct a comparative analysis of the SEP, Knox Vault, and Titan M2 architectures, to assess their resilience to side-channel and fault-injection attacks, and to evaluate the impact of the choice of key-storage environment on the latency and energy profile of cryptographic operations. The scientific contribution lies in combining a detailed architectural survey with empirical data from the KeyDroid project and in formulating a multi-layer model for distributing keys between SE, TEE, and REE, explicitly accounting for preparation for post-quantum migration. It is demonstrated that logical isolation via TrustZone is insufficient. In contrast, physically segregated enclaves provide a more robust root of trust but require transitioning to ECC and asynchronous usage patterns for hardware-backed keystores. The article is intended for researchers and practitioners in mobile security, platform architects, and application developers working with sensitive data.


Keywords: Secure Enclave, Trusted Execution Environment (TEE), ARM TrustZone, Cryptographic Performance, Mobile Security.

Download doi https://doi.org/10.70315/uloap.ulirs.2026.0301014