Android System Securing, Hardening, & Privacy

StrongBox vs. Software Keymaster: Performance Benchmarking and Latency Analysis

By Antigravity Research Published May 29, 2026 ⏱️ 7 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction to Android Keymaster and Secure Storage

The Android Keystore system is a fundamental component of Android’s security architecture, providing a secure container for cryptographic keys. It allows applications to store and use cryptographic keys in a way that makes them more difficult to extract from the device. At its core, Keystore relies on the Keymaster Hardware Abstraction Layer (HAL), which defines how cryptographic operations are performed.

The Android Keystore System

The Android Keystore is designed to prevent unauthorized use of cryptographic keys. Applications request keys from the Keystore, and the system handles key generation, storage, and cryptographic operations. Critically, keys never leave the secure environment once generated, meaning the application only receives a handle to the key, not the key material itself.

Software Keymaster vs. Hardware-Backed Keymaster

Historically, Android devices have implemented the Keymaster HAL in two primary ways:

  • Software Keymaster (Type A): Implemented entirely in software, typically within the Android OS. While it offers a degree of isolation from application processes, it still runs within the rich execution environment (REE) and is vulnerable to attacks that compromise the entire Android OS.
  • Hardware-Backed Keymaster (Type B): Implemented in a Trusted Execution Environment (TEE). This provides stronger security guarantees, as cryptographic operations occur in an isolated environment separate from the main Android OS. If the Android OS is compromised, the keys in the TEE remain protected.

Deep Dive into StrongBox Keymaster

Building upon the concept of hardware-backed security, Android 9 (Pie) introduced StrongBox Keymaster. StrongBox takes hardware-backed key security a step further by requiring keys to be generated and stored in a dedicated, physically separate secure element (SE) or a secure chip, distinct from the TEE. This provides an even higher level of tamper resistance and isolation.

Security Guarantees of StrongBox

StrongBox Keymaster offers enhanced security features:

  • Isolated Execution: Cryptographic operations are performed within the StrongBox secure element, which is isolated from both the Android OS and the TEE.
  • Tamper Resistance: The secure element is designed to be physically tamper-resistant, making it significantly harder for attackers to extract key material even with physical access to the device.
  • Side-Channel Attack Mitigation: StrongBox implementations often incorporate countermeasures against side-channel attacks, which aim to infer key data by analyzing power consumption, electromagnetic emissions, or timing variations.
  • Independent OS: The secure element often runs its own minimal operating system, further reducing the attack surface.

Architectural Overview

When an application requests a StrongBox-backed key, the request goes through the Android Keystore API, then the Keymaster HAL, and finally to the StrongBox secure element. The secure element performs the cryptographic operation and returns the result, never exposing the raw key material to the Android OS or TEE.

Benchmarking Methodology and Tools

While StrongBox offers superior security, the overhead of communicating with an external secure element can introduce latency. Benchmarking helps quantify this performance impact.

Key Operations to Benchmark

We’ll focus on common cryptographic operations:

  • Key Generation: Generating an RSA key pair (2048-bit) and an AES key (256-bit).
  • Encryption/Decryption: Encrypting and decrypting a moderate-sized payload (e.g., 1KB) using AES-GCM.
  • Signing/Verification: Signing a SHA-256 hash with an RSA key and verifying the signature.

Measuring Latency

For measuring latency, we’ll use System.nanoTime() in our application code to capture the elapsed time for each operation. This provides a high-resolution timestamp for performance analysis.

long startTime = System.nanoTime();KeyStore.getInstance("AndroidKeyStore").load(null);long endTime = System.nanoTime();long duration = (endTime - startTime) / 1_000_000; // millisecondsSystem.out.println("KeyStore load duration: " + duration + "ms");

Setting up the Test Environment

  • Devices: At least two devices are ideal – one with StrongBox Keymaster (e.g., Pixel 3 or newer) and one with only Software or TEE-backed Keymaster.
  • Android Version: Ensure consistent Android versions if possible to minimize OS-level variability.
  • Battery/CPU State: Perform tests on fully charged devices with minimal background activity. Consider running multiple iterations and averaging results to account for system fluctuations.

Code Examples for Benchmarking

Here’s a conceptual Java/Kotlin snippet demonstrating how to generate keys and perform operations with both StrongBox and non-StrongBox attestation, then measure performance.

import android.security.keystore.KeyGenParameterSpec;import android.security.keystore.KeyProperties;import java.security.KeyPairGenerator;import java.security.KeyStore;import java.security.PrivateKey;import java.security.Signature;import javax.crypto.Cipher;import javax.crypto.KeyGenerator;import javax.crypto.SecretKey;import javax.crypto.spec.IvParameterSpec;public class KeymasterBenchmark {    private static final String ALIAS_RSA_STRONGBOX = "my_strongbox_rsa_key";    private static final String ALIAS_AES_STRONGBOX = "my_strongbox_aes_key";    private static final String ALIAS_RSA_TEE = "my_tee_rsa_key";    private static final String ALIAS_AES_TEE = "my_tee_aes_key";    public static void main(String[] args) throws Exception {        KeyStore ks = KeyStore.getInstance("AndroidKeyStore");        ks.load(null);        // Benchmark RSA Key Generation (StrongBox)        System.out.println("--- StrongBox RSA Benchmarking ---");        long rsaStrongboxGenStart = System.nanoTime();        generateRsaKey(ALIAS_RSA_STRONGBOX, true);        long rsaStrongboxGenEnd = System.nanoTime();        System.out.println("StrongBox RSA KeyGen: " + (rsaStrongboxGenEnd - rsaStrongboxGenStart) / 1_000_000 + "ms");        // Benchmark AES Key Generation (StrongBox)        System.out.println("n--- StrongBox AES Benchmarking ---");        long aesStrongboxGenStart = System.nanoTime();        generateAesKey(ALIAS_AES_STRONGBOX, true);        long aesStrongboxGenEnd = System.nanoTime();        System.out.println("StrongBox AES KeyGen: " + (aesStrongboxGenEnd - aesStrongboxGenStart) / 1_000_000 + "ms");        // Perform a sign/verify operation with StrongBox RSA key        PrivateKey strongboxRsaPrivateKey = (PrivateKey) ks.getKey(ALIAS_RSA_STRONGBOX, null);        byte[] dataToSign = "This is some data to sign.".getBytes();        long signStart = System.nanoTime();        Signature s = Signature.getInstance("SHA256withRSA");        s.initSign(strongboxRsaPrivateKey);        s.update(dataToSign);        byte[] signature = s.sign();        long signEnd = System.nanoTime();        System.out.println("StrongBox RSA Sign: " + (signEnd - signStart) / 1_000_000 + "ms");        // Similar benchmarks for TEE-backed keys and encryption/decryption...    }    private static void generateRsaKey(String alias, boolean isStrongBox) throws Exception {        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(                KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(                alias, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)                .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)                .setKeySize(2048);        if (isStrongBox) {            builder.setIsStrongBoxBacked(true);        }        keyPairGenerator.initialize(builder.build());        keyPairGenerator.generateKeyPair();    }    private static void generateAesKey(String alias, boolean isStrongBox) throws Exception {        KeyGenerator keyGenerator = KeyGenerator.getInstance(                KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(                alias, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)                .setKeySize(256);        if (isStrongBox) {            builder.setIsStrongBoxBacked(true);        }        keyGenerator.initialize(builder.build());        keyGenerator.generateKey();    }}

Analyzing Performance Data

When comparing StrongBox-backed operations to TEE-backed or software-backed operations, you will typically observe the following:

  • Higher Latency for StrongBox: Key generation, encryption, decryption, and signing operations will generally take longer when backed by StrongBox. This is due to the additional communication overhead with the physically separate secure element, which often involves slower interfaces and dedicated microcode execution.
  • Variability: Latency can vary based on the specific StrongBox implementation, the load on the device, and the type of cryptographic primitive (RSA operations are typically slower than AES).

Example Latency Observations (Illustrative, actual values vary by device):

  • Key Generation (RSA 2048-bit):
    • Software Keymaster: ~50-150ms
    • TEE Keymaster: ~100-300ms
    • StrongBox Keymaster: ~300-800ms+
  • AES-GCM Encryption (1KB):
    • Software Keymaster: ~1-5ms
    • TEE Keymaster: ~2-10ms
    • StrongBox Keymaster: ~10-50ms+

Factors influencing StrongBox latency include the clock speed of the secure element, the communication protocol used (e.g., SPI, I2C), and the efficiency of the cryptographic routines implemented within the secure element’s firmware.

Conclusion and Best Practices

StrongBox Keymaster represents a significant leap forward in Android device security, offering unparalleled protection for cryptographic keys. However, this enhanced security comes with a measurable performance overhead. For most applications, where keys are generated infrequently and cryptographic operations are not performance-critical (e.g., signing app updates, generating user authentication keys), the latency introduced by StrongBox is negligible and well worth the security benefits.

Recommendations:

  • Prioritize Security: For highly sensitive keys (e.g., those protecting biometric data, payment credentials, or enterprise VPNs), always opt for StrongBox backing if available.
  • Benchmark Critical Paths: If your application performs frequent cryptographic operations, benchmark the performance with StrongBox-backed keys to ensure it meets your performance requirements.
  • Graceful Degradation: Design your application to gracefully handle the absence of StrongBox (e.g., by falling back to TEE-backed keys) on devices that do not support it, while still prioritizing StrongBox where available.

Understanding the trade-offs between the ironclad security of StrongBox and its performance characteristics allows developers to make informed decisions, building more secure and robust Android applications.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #Cryptography #Keymaster #Performance Benchmarking #StrongBox

Related Technical Guides

AVB2 Rollback Protection Demystified: How Android Prevents Downgrades and What It Means for Modders

May 30, 2026

Demystifying Android Binder IPC: Reverse Engineering for Fuzzing Target Identification

May 30, 2026

Automating Android SELinux Auditing: Power Tools for Policy Analysis (audit2allow, sesearch)

May 29, 2026