SlideShare uma empresa Scribd logo

IOS Encryption Systems

Peter Teufl
Peter Teufl

This presentation was given at SECRYPT 2013 and describes the various encryption systems deployed on the iOS platform.

Tecnologia
1 de 36
Baixar para ler offline
IAIK iOS Encryption Systems SECRYPT 2013 Peter Teufl, Thomas Zefferer, Christof Stromberger, Christoph Hechenblaikner
IAIK TOC Analysis iOS Encryption Systems: Device encryption (file-system) Data Protection (files, credentials) Backup (iTunes plain, iTunes encrypted, iCloud) Workflow
IAIK Encryption on Smartphones Why do we need it? Data protection (application files and credentials) Remote Wiping: without encryption not feasible (takes too much time) Where to place the encryption system? Operating system: iOS, Windows Phone, QNX, Android Smartphone applications: container applications, BYOD!
IAIK Encryption support: iOS, Blackberry OS, Android (>= 3.x), Windows Phone Every platform supports it... Done?
IAIK There is More Than Marketing Purpose: What’s the purpose of the encryption system? Encryption scope: Which data is encrypted, and how many keys are used? Key details: Where is the key, and how is it derived? Locked state: How does the encryption system behave when the phone is locked? How does the system handle incoming data? Implementation: Hardware? Software? Attacks: How can the system be attacked? Where are the weak points? MDM: Mobile Device Management: enforce encryption, manage its PINs Security: Complex systems, many mistakes can be made, key escrow???
IAIK Analysis Scope Security officer’s perspective Deploying the iOS platform in a security-critical environment Main threat: theft (targeted attack) MDM rules, selected applications BYOD? Criteria: developer, configuration, key derivation Workflow for the security officer
IAIK iOS - Encryption Two encryption systems: Device encryption (file-system): Introduced with IOS 3 and the iPhone 3GS, based on a chip Data protection (individual files and credentials): Introduced with IOS 4, is an addition to the first one, improved in IOS 5 (new classes, better keychain protection) Backup: iTunes, iCloud: Encrypting backups and its consequences
IAIK iOS - Encryption Secure Element AES Key Filesystem Key File system Operating system Application 1 File 1 JailBreak Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 Data protection class keys File system encryption Not dependent on PIN/Passcode Data Protection Per-file, dependent on PIN/Passcode and Secure Element key Key Derivation Developer's Choice!!! file system encryption Data Protection system Details
IAIK iOS - Device Encryption First system: file-system encryption File-system encryption keys protected via key that is stored on hardware chip PIN/Passcode is NOT used for key derivation When the phone is stolen: apply jailbreak to circumvent PIN protection, system decrypts the data for you Thus: Only makes sense for fast remote wiping Details
IAIK iOS - Device Encryption - Attacks Developer, Configuration: no Influence, system is always active Key Derivation: not tied to the screen lock passcode (only protected via key in hardware element) Jailbreaking allows direct access to file-system Attacks
IAIK iOS - Encryption Secure Element AES Key Filesystem Key File system Operating system Application 1 File 1 JailBreak Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 Data protection class keys File system encryption Not dependent on PIN/Passcode Data Protection Per-file, dependent on PIN/Passcode and Secure Element key Key Derivation Developer's Choice!!! file system encryption Data Protection system Details
IAIK iOS - Data Protection - Files Second system: Data Protection In addition to device encryption Protecting specific application files (e.g. emails, the PDF files within a PDF reader application etc.) Unique file keys, stored encrypted in the extended attributes of the file Different protection classes defined by the developer (!) Details
IAIK iOS - Data Protection - Files Protection classes: NSProtection{None}: File encryption keys protected with “Device Encryption keys”, thus no real protection For all the others: File encryption keys encrypted with a key that is derived from the UID key and from the PIN/passcode NSProtection: {Complete, UntilFirstUserAuthentication, UnlessOpen} Details
IAIK iOS - Data Protection - Files Problem: Protection class defined by the developer. The user/admin does not know which apps encrypt their data Consider: Getting an email with a PDF (email app uses data protection), and opening the email in an PDF reader that does not encrypt the data... Details
IAIK iOS - Data Protection - Files Developer needs to chose correct protection class (better than NONE!) Configuration: strength of passcode (MDM rule) admin/user do not know which application files are protected correctly! Attacks
IAIK iOS - Data Protection - Files Attacks Data Protection analysis tool Analyzes iOS backups and extracts the protection classes Allows an administrator/user to determine whether the application uses the Data Protection system Available at: https://github.com/ciso/ios-dataprotection/ ++++ easy to use, protection classes can be extracted - - - - only those files that are in the backup are analyzed
IAIK iOS - Data Protection - Files Attacks
IAIK iOS - Data Protection - Files Attacks Key Derivation: tied to the screen lock passcode and the hardware element on-device brute-force attack (after jailbreaking - if possible...) for files protected with NONE: same security level as file-system only Data encryption key Key derivation Derived key Hardware element Passcode Salt
IAIK iOS - Data Protection - FilesLock-Screen Type Length Chars Number of passcodes Brute-Force Days Numerical 4 10 10000 0.0 5 10 100000 0.1 6 10 1000000 0.9 7 10 10000000 9.3 8 10 100000000 92.6 10 10 10000000000 9,259.3 Alphanum 4 36 1679616 1.6 5 36 60466176 56.0 10/26 letters 6 36 2176782336 2,015.5 7 36 78364164096 72,559.4 8 36 2.82111E+12 2,612,138.8 9 36 1.0156E+14 94,036,996.9 Alphanum 4 62 14776336 13.7 5 62 916132832 848.3 10/52 letters 6 62 56800235584 52,592.8 7 62 3.52161E+12 3,260,754.3 8 62 2.1834E+14 202,166,764.4 9 62 1.35371E+16 12,534,339,394.7 Complex 4 107 131079601 121.4 5 107 14025517307 12,986.6 6 107 1.50073E+12 1,389,565.1 7 107 1.60578E+14 148,683,470.0 8 107 1.71819E+16 15,909,131,294.7 Attacks Data encryption key Key derivation Derived key Hardware element Passcode Salt 80 ms per derivation
IAIK iOS - Data Protection - Keychain Keychain: used to store credentials (passwords, private keys, certificates etc.) Protection Classes: Always (!) (similar to NONE for files) AfterFirstUnlock (UntilFirstUserAuthentication) WhenUnlocked (Complete) also in a “ThisDeviceOnly” version (not included in backups) IOS 4: only the secret was protected, not the usernames etc. since IOS 5: every aspect is encrypted Details
IAIK iOS - Data Protection - Keychain Developer needs to chose correct protection class (better than NONE!) needs to consider whether credential should be transferable to another device (more on that later) Configuration: strength of passcode (MDM rule) admin/user do not know which application credentials are protected correctly! Key derivation: same considerations as for files Attacks
IAIK iOS - Backups ITunes encrypted backups, plain backups iCloud somehow encrypted... How to mark a file for Backup? Default is “yes” Marked files are transferred to iTunes, iCloud backups when activated How to mark a credential for backup? Protection class Details
IAIK iTunes - Plain Backups Files stored in plain Credentials are also stored encrypted! Encryption key is stored on the iOS device Thus: Credentials in plain backups cannot be restored on other devices As a result: credentials are better protected in unencrypted iTunes backups than in encrypted ones! Files Credentials Encryption Key Plain iTunes BackupiOS Device Files Credentials marked for backup Details
IAIK iTunes - Plain Backups Developer files: needs to choose whether files are in backup Keychain entries: needs to chose right protection class Configuration: Backup device security! Key derivation: Does not apply to files Keychain entries cannot be decrypted without iOS device Attacks
IAIK iTunes - Encrypted Backups User passcode (no MDM influence), derived key Files and credentials protected via the derived key Credentials can be restored on other iOS devices (protection class!) Problem: Brute-force attack on weak passwords, when backup is stolen Protection for keys is acutally weaker than in plain iTunes Backups (!!!) Files Credentials Plain iTunes BackupiOS Device Files Credentials marked for backup Backup Encryption Key User Password Derived Encryption Key KDF Details
IAIK iTunes - Encrypted Backups Developer files: needs to choose whether files are in backup Keychain entries: needs to chose right protection class Configuration: Backup device security! Can be enforced, but no influence on backup passcode! Key derivation: Off-device brute-force attack on backup passcode Files AND Keychain entries can be decrypted Attacks
IAIK iCloud - Backups iCloud backups and iCloud sync Protection via passcode selected by the user (no MDM influence, except for deactivating iCloud backups and sync) If attacker gains access to this account, the backup can be restored Details about the iCloud encryption process are not known Data on iCloud: similar to security considerations required as for other cloud providers (DropBox etc.) Details
IAIK iCloud - Backups Developer files: needs to choose whether files are in backup Keychain entries: needs to chose right protection class Configuration: Can be deactivated! Otherwise no influence on iCloud account passcode! Key derivation: iCloud account passcode... Attacks
IAIK Workflow Application File protection class analysis KeyChain protection class analysis Files with class NsFileProtectionNone Files with other classes Passcode circumvention via Jailbreaking/ Rooting KeyChain entries with Always/ AlwaysDeviceOnly Passcode circumvention via Jailbreaking/ Rooting On-device brute-force attack No-off device attacks possible KeyChain entries with safe classes On-device brute-force attack File backup state analysis Files in backupNo files in backup No-off device attacks possible KeyChain backup state analysis All credentials with thisDeviceOnly classes Credentials with transferable classes ApplicationApplication System Security Analysis Passcode selection based on brute- force times Passcode selection based on brute- force times Minor risk Medium risk High risk Analysis/Tool
IAIK Workflow Files in backup iCloud account security Standard iTunes backup? iCloud backup? Encrypted iTunes backup? Critical data at cloud provider Off-device brute-force attack Direct file access on backup device
IAIK Workflow Credentials with transferable classes iCloud account security Standard iTunes backup? iCloud Backup? Encrypted iTunes backup? Off-device brute-force attack Critical data at cloud provider No access to credentials
IAIK
IAIKpeter.teufl@iaik.tugraz.at
IAIK Android - Device Encryption Filesystem Key File system Operating system Application 1 File 1 Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 File system encryption Key Derivation Differences to iOS file-system encryption: PIN/passcode during boot process But no hardware chip is involved
IAIK iOS standard iOS data protection Android > 3.x Blackberry Windows Phone Purpose? remote wipe data, credentials prot. data, cred. pr. data cred. pr. ? Scope? filesystem files filesystem ? WP7: files WP8: file-system Key storage? SE, RAM SE, RAM disk, RAM disk, RAM (?) ? (no) Encrytion keys available during lock? yes no yes no ? Key derivation? SE SE, PIN PIN PIN (?) ? Brute-Force? - on device off device off device ? Activated by? always developer/user (PIN) user (settings) policies, user developer ? User/admin? - no yes yes ? Issues jailbreak danger only for remote wipe developer decides! user does not know state manual activation keys remain in RAM no classes ? ? Encryption Overview
IAIK IOS - Data Protection

Recomendados

Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption SystemsPeter Teufl
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataMichael Smith
 
iOS Forensics: Overcoming iPhone Data Protection
iOS Forensics: Overcoming iPhone Data ProtectioniOS Forensics: Overcoming iPhone Data Protection
iOS Forensics: Overcoming iPhone Data ProtectionAndrey Belenko
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applicationsn|u - The Open Security Community
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systemsBirju Tank
 
iOS and BlackBerry Forensics
iOS and BlackBerry ForensicsiOS and BlackBerry Forensics
iOS and BlackBerry ForensicsAndrey Belenko
 
ios device protection review
ios device protection reviewios device protection review
ios device protection reviewnlog2n
 

Recomendados

Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption SystemsPeter Teufl
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataMichael Smith
 
iOS Forensics: Overcoming iPhone Data Protection
iOS Forensics: Overcoming iPhone Data ProtectioniOS Forensics: Overcoming iPhone Data Protection
iOS Forensics: Overcoming iPhone Data ProtectionAndrey Belenko
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applicationsn|u - The Open Security Community
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systemsBirju Tank
 
iOS and BlackBerry Forensics
iOS and BlackBerry ForensicsiOS and BlackBerry Forensics
iOS and BlackBerry ForensicsAndrey Belenko
 
ios device protection review
ios device protection reviewios device protection review
ios device protection reviewnlog2n
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
Ios file management
Ios file managementIos file management
Ios file managementRajeev Venkata
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
 
Ch11
Ch11Ch11
Ch11Raja Waseem Akhtar
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 
The state of the art in iOS Forensics
The state of the art in iOS ForensicsThe state of the art in iOS Forensics
The state of the art in iOS ForensicsReality Net System Solutions
 
Gregynog2011 swis lite - gareth ayres (1)
Gregynog2011 swis lite - gareth ayres (1)Gregynog2011 swis lite - gareth ayres (1)
Gregynog2011 swis lite - gareth ayres (1)gregynog
 
SecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureSecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureBlackBerry
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
SECUDRIVE USB Personal V SD200
SECUDRIVE USB Personal V SD200SECUDRIVE USB Personal V SD200
SECUDRIVE USB Personal V SD200secudrive1
 
Rootkit
RootkitRootkit
Rootkittech2click
 
4SO customer presentation
4SO customer presentation4SO customer presentation
4SO customer presentationDedi Ben-Natan
 
Android N Security Overview - Mobile Security Saturday at Ciklum
Android N Security Overview - Mobile Security Saturday at CiklumAndroid N Security Overview - Mobile Security Saturday at Ciklum
Android N Security Overview - Mobile Security Saturday at CiklumConstantine Mars
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...Alexander Decker
 
Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000... Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000...Alexander Decker
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and EncryptionUrvashi Kataria
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupEC-Council
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 

Mais conteúdo relacionado

Mais procurados

Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 
Gregynog2011 swis lite - gareth ayres (1)
Gregynog2011 swis lite - gareth ayres (1)Gregynog2011 swis lite - gareth ayres (1)
Gregynog2011 swis lite - gareth ayres (1)gregynog
 
SecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureSecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureBlackBerry
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
SECUDRIVE USB Personal V SD200
SECUDRIVE USB Personal V SD200SECUDRIVE USB Personal V SD200
SECUDRIVE USB Personal V SD200secudrive1
 
4SO customer presentation
4SO customer presentation4SO customer presentation
4SO customer presentationDedi Ben-Natan
 
Android N Security Overview - Mobile Security Saturday at Ciklum
Android N Security Overview - Mobile Security Saturday at CiklumAndroid N Security Overview - Mobile Security Saturday at Ciklum
Android N Security Overview - Mobile Security Saturday at CiklumConstantine Mars
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...Alexander Decker
 
Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000... Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000...Alexander Decker
 

Mais procurados (19)

Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
Mobile security
Mobile securityMobile security
Mobile security
 
Ios file management
Ios file managementIos file management
Ios file management
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testing
 
Ch11
Ch11Ch11
Ch11
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)
 
The state of the art in iOS Forensics
The state of the art in iOS ForensicsThe state of the art in iOS Forensics
The state of the art in iOS Forensics
 
Gregynog2011 swis lite - gareth ayres (1)
Gregynog2011 swis lite - gareth ayres (1)Gregynog2011 swis lite - gareth ayres (1)
Gregynog2011 swis lite - gareth ayres (1)
 
SecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise BrochureSecuSUITE for Enterprise Brochure
SecuSUITE for Enterprise Brochure
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
SECUDRIVE USB Personal V SD200
SECUDRIVE USB Personal V SD200SECUDRIVE USB Personal V SD200
SECUDRIVE USB Personal V SD200
 
Rootkit
RootkitRootkit
Rootkit
 
4SO customer presentation
4SO customer presentation4SO customer presentation
4SO customer presentation
 
Android N Security Overview - Mobile Security Saturday at Ciklum
Android N Security Overview - Mobile Security Saturday at CiklumAndroid N Security Overview - Mobile Security Saturday at Ciklum
Android N Security Overview - Mobile Security Saturday at Ciklum
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
 
11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...
 
Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000... Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000...
 

Destaque

iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and EncryptionUrvashi Kataria
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupEC-Council
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
flashcache原理及改造
flashcache原理及改造flashcache原理及改造
flashcache原理及改造Hao(Robin) Dong
 
Device mapper multipathing
Device mapper multipathingDevice mapper multipathing
Device mapper multipathingAnand Loganathan
 
Semantic Pattern Transformation
Semantic Pattern TransformationSemantic Pattern Transformation
Semantic Pattern TransformationPeter Teufl
 
B6 obtenção de matéria (parte ii)
B6 obtenção de matéria (parte ii)B6 obtenção de matéria (parte ii)
B6 obtenção de matéria (parte ii)Nuno Correia
 
Smlatam Analysis V1
Smlatam Analysis V1Smlatam Analysis V1
Smlatam Analysis V1Jesus Hoyos
 
ASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And RepresentationASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And RepresentationRandy Connolly
 
Marketing News 04
Marketing News 04Marketing News 04
Marketing News 04ekonomistak
 
Joyful Mysteries 2: Visitation
Joyful Mysteries 2: VisitationJoyful Mysteries 2: Visitation
Joyful Mysteries 2: VisitationQualityWebDesign
 
Locsateli. Control y Gestion de flotas. Tracking fleet.
Locsateli. Control y Gestion de flotas. Tracking fleet.Locsateli. Control y Gestion de flotas. Tracking fleet.
Locsateli. Control y Gestion de flotas. Tracking fleet.locsateli
 
La inclusión es un verbo.
La inclusión es un verbo.La inclusión es un verbo.
La inclusión es un verbo.José María
 
Apache license
Apache licenseApache license
Apache license7410963
 

Destaque (20)

iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
flashcache原理及改造
flashcache原理及改造flashcache原理及改造
flashcache原理及改造
 
Device mapper multipathing
Device mapper multipathingDevice mapper multipathing
Device mapper multipathing
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹
 
Semantic Pattern Transformation
Semantic Pattern TransformationSemantic Pattern Transformation
Semantic Pattern Transformation
 
B6 obtenção de matéria (parte ii)
B6 obtenção de matéria (parte ii)B6 obtenção de matéria (parte ii)
B6 obtenção de matéria (parte ii)
 
Difusores de Gran Caudal de Aire y Conos de Alta Inducción - Serie DCH y CI
Difusores de Gran Caudal de Aire y Conos de Alta Inducción - Serie DCH y CIDifusores de Gran Caudal de Aire y Conos de Alta Inducción - Serie DCH y CI
Difusores de Gran Caudal de Aire y Conos de Alta Inducción - Serie DCH y CI
 
Ygj 02-adhesive-tape-roller
Ygj 02-adhesive-tape-rollerYgj 02-adhesive-tape-roller
Ygj 02-adhesive-tape-roller
 
Smlatam Analysis V1
Smlatam Analysis V1Smlatam Analysis V1
Smlatam Analysis V1
 
La retórica en el lenguaje visual
La retórica en el lenguaje visualLa retórica en el lenguaje visual
La retórica en el lenguaje visual
 
ASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And RepresentationASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And Representation
 
Marketing News 04
Marketing News 04Marketing News 04
Marketing News 04
 
Joyful Mysteries 2: Visitation
Joyful Mysteries 2: VisitationJoyful Mysteries 2: Visitation
Joyful Mysteries 2: Visitation
 
Locsateli. Control y Gestion de flotas. Tracking fleet.
Locsateli. Control y Gestion de flotas. Tracking fleet.Locsateli. Control y Gestion de flotas. Tracking fleet.
Locsateli. Control y Gestion de flotas. Tracking fleet.
 
Haushalt 2015 Bergisch Gladbach - Entwurf
Haushalt 2015 Bergisch Gladbach - EntwurfHaushalt 2015 Bergisch Gladbach - Entwurf
Haushalt 2015 Bergisch Gladbach - Entwurf
 
La inclusión es un verbo.
La inclusión es un verbo.La inclusión es un verbo.
La inclusión es un verbo.
 
Apache license
Apache licenseApache license
Apache license
 

Semelhante a IOS Encryption Systems

Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Satish b
 
Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Nagarro
 
iPhone Data Protection in Depth
iPhone Data Protection in Depth iPhone Data Protection in Depth
iPhone Data Protection in DepthSeguridad Apple
 
Synapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapseIndiaiPhoneApps
 
iOS (Vulner)ability
iOS (Vulner)abilityiOS (Vulner)ability
iOS (Vulner)abilitySubho Halder
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app developmentDusan Klinec
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad SecuritySimon Guest
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetAnthony Jose
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 

Semelhante a IOS Encryption Systems (20)

Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)
 
Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)
 
IOS security
IOS securityIOS security
IOS security
 
iPhone Data Protection in Depth
iPhone Data Protection in Depth iPhone Data Protection in Depth
iPhone Data Protection in Depth
 
osi semair.pptx
osi semair.pptxosi semair.pptx
osi semair.pptx
 
Synapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloud
 
iOS (Vulner)ability
iOS (Vulner)abilityiOS (Vulner)ability
iOS (Vulner)ability
 
Security in iOS
Security in iOSSecurity in iOS
Security in iOS
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app development
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics
 
Mbs r33 b
Mbs r33 bMbs r33 b
Mbs r33 b
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H Meet
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

IOS Encryption Systems

  • 1. IAIK iOS Encryption Systems SECRYPT 2013 Peter Teufl, Thomas Zefferer, Christof Stromberger, Christoph Hechenblaikner
  • 2. IAIK TOC Analysis iOS Encryption Systems: Device encryption (file-system) Data Protection (files, credentials) Backup (iTunes plain, iTunes encrypted, iCloud) Workflow
  • 3. IAIK Encryption on Smartphones Why do we need it? Data protection (application files and credentials) Remote Wiping: without encryption not feasible (takes too much time) Where to place the encryption system? Operating system: iOS, Windows Phone, QNX, Android Smartphone applications: container applications, BYOD!
  • 4. IAIK Encryption support: iOS, Blackberry OS, Android (>= 3.x), Windows Phone Every platform supports it... Done?
  • 5. IAIK There is More Than Marketing Purpose: What’s the purpose of the encryption system? Encryption scope: Which data is encrypted, and how many keys are used? Key details: Where is the key, and how is it derived? Locked state: How does the encryption system behave when the phone is locked? How does the system handle incoming data? Implementation: Hardware? Software? Attacks: How can the system be attacked? Where are the weak points? MDM: Mobile Device Management: enforce encryption, manage its PINs Security: Complex systems, many mistakes can be made, key escrow???
  • 6. IAIK Analysis Scope Security officer’s perspective Deploying the iOS platform in a security-critical environment Main threat: theft (targeted attack) MDM rules, selected applications BYOD? Criteria: developer, configuration, key derivation Workflow for the security officer
  • 7. IAIK iOS - Encryption Two encryption systems: Device encryption (file-system): Introduced with IOS 3 and the iPhone 3GS, based on a chip Data protection (individual files and credentials): Introduced with IOS 4, is an addition to the first one, improved in IOS 5 (new classes, better keychain protection) Backup: iTunes, iCloud: Encrypting backups and its consequences
  • 8. IAIK iOS - Encryption Secure Element AES Key Filesystem Key File system Operating system Application 1 File 1 JailBreak Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 Data protection class keys File system encryption Not dependent on PIN/Passcode Data Protection Per-file, dependent on PIN/Passcode and Secure Element key Key Derivation Developer's Choice!!! file system encryption Data Protection system Details
  • 9. IAIK iOS - Device Encryption First system: file-system encryption File-system encryption keys protected via key that is stored on hardware chip PIN/Passcode is NOT used for key derivation When the phone is stolen: apply jailbreak to circumvent PIN protection, system decrypts the data for you Thus: Only makes sense for fast remote wiping Details
  • 10. IAIK iOS - Device Encryption - Attacks Developer, Configuration: no Influence, system is always active Key Derivation: not tied to the screen lock passcode (only protected via key in hardware element) Jailbreaking allows direct access to file-system Attacks
  • 11. IAIK iOS - Encryption Secure Element AES Key Filesystem Key File system Operating system Application 1 File 1 JailBreak Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 Data protection class keys File system encryption Not dependent on PIN/Passcode Data Protection Per-file, dependent on PIN/Passcode and Secure Element key Key Derivation Developer's Choice!!! file system encryption Data Protection system Details
  • 12. IAIK iOS - Data Protection - Files Second system: Data Protection In addition to device encryption Protecting specific application files (e.g. emails, the PDF files within a PDF reader application etc.) Unique file keys, stored encrypted in the extended attributes of the file Different protection classes defined by the developer (!) Details
  • 13. IAIK iOS - Data Protection - Files Protection classes: NSProtection{None}: File encryption keys protected with “Device Encryption keys”, thus no real protection For all the others: File encryption keys encrypted with a key that is derived from the UID key and from the PIN/passcode NSProtection: {Complete, UntilFirstUserAuthentication, UnlessOpen} Details
  • 14. IAIK iOS - Data Protection - Files Problem: Protection class defined by the developer. The user/admin does not know which apps encrypt their data Consider: Getting an email with a PDF (email app uses data protection), and opening the email in an PDF reader that does not encrypt the data... Details
  • 15. IAIK iOS - Data Protection - Files Developer needs to chose correct protection class (better than NONE!) Configuration: strength of passcode (MDM rule) admin/user do not know which application files are protected correctly! Attacks
  • 16. IAIK iOS - Data Protection - Files Attacks Data Protection analysis tool Analyzes iOS backups and extracts the protection classes Allows an administrator/user to determine whether the application uses the Data Protection system Available at: https://github.com/ciso/ios-dataprotection/ ++++ easy to use, protection classes can be extracted - - - - only those files that are in the backup are analyzed
  • 17. IAIK iOS - Data Protection - Files Attacks
  • 18. IAIK iOS - Data Protection - Files Attacks Key Derivation: tied to the screen lock passcode and the hardware element on-device brute-force attack (after jailbreaking - if possible...) for files protected with NONE: same security level as file-system only Data encryption key Key derivation Derived key Hardware element Passcode Salt
  • 19. IAIK iOS - Data Protection - FilesLock-Screen Type Length Chars Number of passcodes Brute-Force Days Numerical 4 10 10000 0.0 5 10 100000 0.1 6 10 1000000 0.9 7 10 10000000 9.3 8 10 100000000 92.6 10 10 10000000000 9,259.3 Alphanum 4 36 1679616 1.6 5 36 60466176 56.0 10/26 letters 6 36 2176782336 2,015.5 7 36 78364164096 72,559.4 8 36 2.82111E+12 2,612,138.8 9 36 1.0156E+14 94,036,996.9 Alphanum 4 62 14776336 13.7 5 62 916132832 848.3 10/52 letters 6 62 56800235584 52,592.8 7 62 3.52161E+12 3,260,754.3 8 62 2.1834E+14 202,166,764.4 9 62 1.35371E+16 12,534,339,394.7 Complex 4 107 131079601 121.4 5 107 14025517307 12,986.6 6 107 1.50073E+12 1,389,565.1 7 107 1.60578E+14 148,683,470.0 8 107 1.71819E+16 15,909,131,294.7 Attacks Data encryption key Key derivation Derived key Hardware element Passcode Salt 80 ms per derivation
  • 20. IAIK iOS - Data Protection - Keychain Keychain: used to store credentials (passwords, private keys, certificates etc.) Protection Classes: Always (!) (similar to NONE for files) AfterFirstUnlock (UntilFirstUserAuthentication) WhenUnlocked (Complete) also in a “ThisDeviceOnly” version (not included in backups) IOS 4: only the secret was protected, not the usernames etc. since IOS 5: every aspect is encrypted Details
  • 21. IAIK iOS - Data Protection - Keychain Developer needs to chose correct protection class (better than NONE!) needs to consider whether credential should be transferable to another device (more on that later) Configuration: strength of passcode (MDM rule) admin/user do not know which application credentials are protected correctly! Key derivation: same considerations as for files Attacks
  • 22. IAIK iOS - Backups ITunes encrypted backups, plain backups iCloud somehow encrypted... How to mark a file for Backup? Default is “yes” Marked files are transferred to iTunes, iCloud backups when activated How to mark a credential for backup? Protection class Details
  • 23. IAIK iTunes - Plain Backups Files stored in plain Credentials are also stored encrypted! Encryption key is stored on the iOS device Thus: Credentials in plain backups cannot be restored on other devices As a result: credentials are better protected in unencrypted iTunes backups than in encrypted ones! Files Credentials Encryption Key Plain iTunes BackupiOS Device Files Credentials marked for backup Details
  • 24. IAIK iTunes - Plain Backups Developer files: needs to choose whether files are in backup Keychain entries: needs to chose right protection class Configuration: Backup device security! Key derivation: Does not apply to files Keychain entries cannot be decrypted without iOS device Attacks
  • 25. IAIK iTunes - Encrypted Backups User passcode (no MDM influence), derived key Files and credentials protected via the derived key Credentials can be restored on other iOS devices (protection class!) Problem: Brute-force attack on weak passwords, when backup is stolen Protection for keys is acutally weaker than in plain iTunes Backups (!!!) Files Credentials Plain iTunes BackupiOS Device Files Credentials marked for backup Backup Encryption Key User Password Derived Encryption Key KDF Details
  • 26. IAIK iTunes - Encrypted Backups Developer files: needs to choose whether files are in backup Keychain entries: needs to chose right protection class Configuration: Backup device security! Can be enforced, but no influence on backup passcode! Key derivation: Off-device brute-force attack on backup passcode Files AND Keychain entries can be decrypted Attacks
  • 27. IAIK iCloud - Backups iCloud backups and iCloud sync Protection via passcode selected by the user (no MDM influence, except for deactivating iCloud backups and sync) If attacker gains access to this account, the backup can be restored Details about the iCloud encryption process are not known Data on iCloud: similar to security considerations required as for other cloud providers (DropBox etc.) Details
  • 28. IAIK iCloud - Backups Developer files: needs to choose whether files are in backup Keychain entries: needs to chose right protection class Configuration: Can be deactivated! Otherwise no influence on iCloud account passcode! Key derivation: iCloud account passcode... Attacks
  • 29. IAIK Workflow Application File protection class analysis KeyChain protection class analysis Files with class NsFileProtectionNone Files with other classes Passcode circumvention via Jailbreaking/ Rooting KeyChain entries with Always/ AlwaysDeviceOnly Passcode circumvention via Jailbreaking/ Rooting On-device brute-force attack No-off device attacks possible KeyChain entries with safe classes On-device brute-force attack File backup state analysis Files in backupNo files in backup No-off device attacks possible KeyChain backup state analysis All credentials with thisDeviceOnly classes Credentials with transferable classes ApplicationApplication System Security Analysis Passcode selection based on brute- force times Passcode selection based on brute- force times Minor risk Medium risk High risk Analysis/Tool
  • 30. IAIK Workflow Files in backup iCloud account security Standard iTunes backup? iCloud backup? Encrypted iTunes backup? Critical data at cloud provider Off-device brute-force attack Direct file access on backup device
  • 32. IAIK
  • 34. IAIK Android - Device Encryption Filesystem Key File system Operating system Application 1 File 1 Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 File system encryption Key Derivation Differences to iOS file-system encryption: PIN/passcode during boot process But no hardware chip is involved
  • 35. IAIK iOS standard iOS data protection Android > 3.x Blackberry Windows Phone Purpose? remote wipe data, credentials prot. data, cred. pr. data cred. pr. ? Scope? filesystem files filesystem ? WP7: files WP8: file-system Key storage? SE, RAM SE, RAM disk, RAM disk, RAM (?) ? (no) Encrytion keys available during lock? yes no yes no ? Key derivation? SE SE, PIN PIN PIN (?) ? Brute-Force? - on device off device off device ? Activated by? always developer/user (PIN) user (settings) policies, user developer ? User/admin? - no yes yes ? Issues jailbreak danger only for remote wipe developer decides! user does not know state manual activation keys remain in RAM no classes ? ? Encryption Overview
  • 36. IAIK IOS - Data Protection