iOS Security Data protection January 17, Tokyo iOS Meetup What is? - - PowerPoint PPT Presentation

iOS Security

Data protection

January 17, Tokyo iOS Meetup

What is?

It is a feature to protect data “at rest” and to make offline attacks difficult.

iOS 4 DATA PROTECTION 101

https://media.blackhat.com/bh-us-11/Belenko/BH_US_11_Belenko_iOS_Forensics_WP.pdf

Architecture

iOS Security October 2014

https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf

Data Protection classes

Data Protection classes

Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class.

Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent It By Jonathan Zdziarski

Data Protection classes

NSFileProtectionComplete

Data Protection classes

NSFileProtectionComplete The class key is protected with a key derived from the user passcode and the device UID. Shortly after the device is locked, the decrypted class key is discarded, rendering all data in this class inaccessible until the device is unlocked.

Data Protection classes

NSFileProtectionComplete The class key is protected with a key derived from the user passcode and the device UID. Shortly after the device is locked, the decrypted class key is discarded, rendering all data in this class inaccessible until the device is unlocked.

An AES 256-bit key fused into the application processor during manufacturing. Is unique to each device and is not recorded by Apple or any of its suppliers.

Data Protection classes

NSFileProtectionCompleteUnlessOpen

Data Protection classes

NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.

Data Protection classes

NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background.

Data Protection classes

NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background. Uses ECDH.

Data Protection classes

NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background. Uses ECDH.

Why?

Data Protection classes

NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background. Uses ECDH.

Why? Higher security (more security per bit) Less resources

Data Protection classes

NSFileProtectionCompleteUntilFirstUserAuthentication

Data Protection classes

NSFileProtectionCompleteUntilFirstUserAuthentication Same as NSFileProtectionComplete but the key remains in memory after the device has been locked.

Data Protection classes

NSFileProtectionNone The class key is protected only with the UID.

How it works?

How it works?

• Hierarchy of cryptographic keys

How it works? - Why a hierarchy?

How it works? - Why a hierarchy?

Flexibility and performance

How it works? - Why a hierarchy?

Flexibility and performance

• Changing the passcode just rewraps the classes keys

How it works? - Why a hierarchy?

Flexibility and performance

• Changing the passcode just rewraps the classes keys
• Wiping the device is just deleting the system key

How it works? - Why a hierarchy?

How it works?

• Hierarchy of cryptographic keys
• File system support

How it works?

• Hierarchy of cryptographic keys
• File system support
• AES engine (hardware)

How it works? - Creating a file

encrypt (file, perFileKey)

AES engine

File File

perFilekey

How it works? - Creating a file

encrypt (file, perFileKey)

AES engine

File File

Class key

How it works? - Creating a file

encrypt (file, perFileKey)

AES engine

File File

Metadata Class key

How it works? - Creating a file

encrypt (file, perFileKey)

AES engine

File File

File

encrypted

Metadata Class key

How it works? - Reading a file

File

encrypted

Metadata

Class key

How it works? - Reading a file

File

encrypted

Metadata

Class key

System key

How it works? - Reading a file

File

encrypted

Metadata

Class key

System key Metadata Class key

How it works? - Reading a file

File

encrypted

Metadata

Class key

System key Metadata Class key decrypt (file, perFileKey)

AES engine

How it works? - Reading a file

File

encrypted

Metadata

Class key

System key Metadata Class key decrypt (file, perFileKey)

AES engine

File

Keychain and Data Protection

Keychain and Data Protection

The keychain is implemented as a SQLite database stored on the file system.

Keychain and Data Protection

The keychain is implemented as a SQLite database stored on the file system. There is only one database; the security daemon determines which keychain items each process or app can access.

Keychain and Data Protection

Keychain and Data Protection

The default is kSecAttrAccessibleAfterFirstUnlock .

Keychain and Data Protection

The default is kSecAttrAccessibleAfterFirstUnlock . I recommend using kSecAttrAccessibleWhenUnlocked as default and

• nly if necessary changing it for individual keys that are

need in the background.

Keychain and Data Protection

NSMutableDictionary *attributes = [[NSMutableDictionary alloc] init]; //... [attributes setObject:(__bridge id)kSecAttrAccessibleWhenUnlocked forKey:(__bridge id)kSecAttrAccessible];

What if data protection is not used?

Install the Gmail app.

What if data protection is not used?

Install the Gmail app. Read some emails.

What if data protection is not used?

Install the Gmail app. Read some emails. Lock the device (non-jailbroken).

What if data protection is not used?

Install the Gmail app. Read some emails. Lock the device (non-jailbroken). Browse the device (iFunBox, Xcode).

What if data protection is not used?

How to enable Data Protection in our apps?

How to enable Data Protection in our apps?

S i m p l e !

How to enable Data Protection in our apps? - Xcode

How to enable Data Protection in our apps?

project.pbxproj 9C201A441827FB6F60CC6872 = { DevelopmentTeam = 9XFDAR3CTM; SystemCapabilities = { com.apple.DataProtection = { enabled = 1; }; }; };

How to enable Data Protection in our apps? - App ID

Sum up

Sum up

• What is data protection

Sum up

• What is data protection
• How it works

Sum up

• What is data protection
• How it works
• What is the keychain?

Sum up

• What is data protection
• How it works
• What is the keychain?
• What if data protection is not used?

Sum up

• What is data protection
• How it works
• What is the keychain?
• What if data protection is not used?
• How to enable it in our apps

Q&A, Discussion

Further reading

• iOS Security https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
• iOS 4 DATA PROTECTION 101 https://media.blackhat.com/bh-us-11/Belenko/BH_US_11_Belenko_iOS_Forensics_WP.pdf
• Hacking and Securing iOS Applications Stealing Data, Hijacking Software,

and How to Prevent it http://www.amazon.co.jp/Hacking-Securing-iOS-Applications-Hijacking/dp/1449318746/ref=sr_1_1?

ie=UTF8&qid=1420987300&sr=8-1&tag=tabisty-22&keywords=Hacking+and+Securing+iOS+Applications+Stealing+Data%2C+Hijacking+Software% 2C+and+How+to+Prevent+It

• Diffie-Hellman key exchange http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
• A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography

http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/