ios security
play

iOS Security Data protection January 17, Tokyo iOS Meetup What is? - PowerPoint PPT Presentation

Aug 29, 2022 •100 likes •713 views

iOS Security Data protection January 17, Tokyo iOS Meetup What is? It is a feature to protect data at rest and to make offline attacks difficult. iOS 4 DATA PROTECTION 101

  1. iOS Security Data protection January 17, Tokyo iOS Meetup

  2. What is? It is a feature to protect data “at rest” and to make offline attacks difficult. iOS 4 DATA PROTECTION 101 https://media.blackhat.com/bh-us-11/Belenko/BH_US_11_Belenko_iOS_Forensics_WP.pdf

  3. Architecture iOS Security October 2014 https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf

  4. Data Protection classes

  5. Data Protection classes Class keys Are encryption keys used to encrypt files and keychains elements depending on their protection class. Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent It By Jonathan Zdziarski

  6. Data Protection classes NSFileProtectionComplete

  7. Data Protection classes NSFileProtectionComplete The class key is protected with a key derived from the user passcode and the device UID. Shortly after the device is locked, the decrypted class key is discarded, rendering all data in this class inaccessible until the device is unlocked.

  8. Data Protection classes NSFileProtectionComplete The class key is protected with a key derived from the user passcode and the device UID . Shortly after the device is locked, the decrypted class key is discarded, rendering all data in this class inaccessible until the device is unlocked. An AES 256-bit key fused into the application processor during manufacturing. Is unique to each device and is not recorded by Apple or any of its suppliers.

  9. Data Protection classes NSFileProtectionCompleteUnlessOpen

  10. Data Protection classes NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded.

  11. Data Protection classes NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background.

  12. Data Protection classes NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background. Uses ECDH.

  13. Data Protection classes NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background. Why? Uses ECDH.

  14. Data Protection classes NSFileProtectionCompleteUnlessOpen The per-file key is accessible while it is open, as soon as the file is closed, the per-file key is discarded. Used to write files while the device is locked, e.g., downloading a file in the background. Why? Higher security ( more security per bit ) Uses ECDH. Less resources

  15. Data Protection classes NSFileProtectionCompleteUntilFirstUserAuthentication

  16. Data Protection classes NSFileProtectionCompleteUntilFirstUserAuthentication Same as NSFileProtectionComplete but the key remains in memory after the device has been locked.

  17. Data Protection classes NSFileProtectionNone The class key is protected only with the UID.

  18. How it works?

  19. How it works? ● Hierarchy of cryptographic keys

  20. How it works? - Why a hierarchy?

  21. How it works? - Why a hierarchy? Flexibility and performance

  22. How it works? - Why a hierarchy? Flexibility and performance ● Changing the passcode just rewraps the classes keys

  23. How it works? - Why a hierarchy? Flexibility and performance ● Changing the passcode just rewraps the classes keys ● Wiping the device is just deleting the system key

  24. How it works? - Why a hierarchy?

  25. How it works? ● Hierarchy of cryptographic keys ● File system support

  26. How it works? ● Hierarchy of cryptographic keys ● File system support ● AES engine (hardware)

  27. How it works? - Creating a file File encrypt (file, perFileKey) AES engine perFilekey File encrypted

  28. How it works? - Creating a file File encrypt (file, perFileKey) Class key AES engine File encrypted

  29. How it works? - Creating a file File Metadata encrypt (file, perFileKey) Class key AES engine File encrypted

  30. How it works? - Creating a file File File encrypted Metadata encrypt (file, perFileKey) Class key AES engine File encrypted

  31. How it works? - Reading a file File encrypted Metadata Class key

  32. How it works? - Reading a file File encrypted Metadata Class key System key

  33. How it works? - Reading a file File encrypted Metadata Metadata Class key Class key System key

  34. How it works? - Reading a file File encrypted Metadata decrypt (file, perFileKey) Metadata AES engine Class key Class key System key

  35. How it works? - Reading a file File encrypted Metadata decrypt (file, perFileKey) Metadata AES engine Class key Class key System key File

  36. Keychain and Data Protection

  37. Keychain and Data Protection The keychain is implemented as a SQLite database stored on the file system.

  38. Keychain and Data Protection The keychain is implemented as a SQLite database stored on the file system. There is only one database; the security daemon determines which keychain items each process or app can access.

  39. Keychain and Data Protection

  40. Keychain and Data Protection The default is kSecAttrAccessibleAfterFirstUnlock .

  41. Keychain and Data Protection The default is kSecAttrAccessibleAfterFirstUnlock . I recommend using kSecAttrAccessibleWhenUnlocked as default and only if necessary changing it for individual keys that are need in the background.

  42. Keychain and Data Protection NSMutableDictionary * attributes = [[NSMutableDictionary alloc] init]; //... [attributes setObject:(__bridge id) kSecAttrAccessibleWhenUnlocked forKey:(__bridge id)kSecAttrAccessible];

  43. What if data protection is not used? Install the Gmail app.

  44. What if data protection is not used? Install the Gmail app. Read some emails.

  45. What if data protection is not used? Install the Gmail app. Read some emails. Lock the device (non-jailbroken) .

  46. What if data protection is not used? Install the Gmail app. Read some emails. Lock the device (non-jailbroken) . Browse the device (iFunBox, Xcode).

  47. What if data protection is not used?

  48. How to enable Data Protection in our apps?

  49. How to enable Data Protection in our apps? S i m p l e !

  50. How to enable Data Protection in our apps? - Xcode

  51. How to enable Data Protection in our apps? project.pbxproj 9C201A441827FB6F60CC6872 = { DevelopmentTeam = 9XFDAR3CTM; SystemCapabilities = { com.apple.DataProtection = { enabled = 1; }; }; };

  52. How to enable Data Protection in our apps? - App ID

  53. Sum up

  54. Sum up ● What is data protection

  55. Sum up ● What is data protection ● How it works

  56. Sum up ● What is data protection ● How it works ● What is the keychain?

  57. Sum up ● What is data protection ● How it works ● What is the keychain? ● What if data protection is not used?

  58. Sum up ● What is data protection ● How it works ● What is the keychain? ● What if data protection is not used? ● How to enable it in our apps

  59. Q&A, Discussion

  60. Further reading ● iOS Security https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf ● iOS 4 DATA PROTECTION 101 https://media.blackhat.com/bh-us-11/Belenko/BH_US_11_Belenko_iOS_Forensics_WP.pdf ● Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent it http://www.amazon.co.jp/Hacking-Securing-iOS-Applications-Hijacking/dp/1449318746/ref=sr_1_1? ie=UTF8&qid=1420987300&sr=8-1&tag=tabisty-22&keywords=Hacking+and+Securing+iOS+Applications+Stealing+Data%2C+Hijacking+Software% 2C+and+How+to+Prevent+It ● Diffie-Hellman key exchange http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange ● A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

1/25 The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with Tamarin-Prover Eike Stadtlnder July 12, 2018 2/25 Outline Motivation Tamarin-Prover Overview Multiset Rewriting Tamarin-Prover in Practice

1.32k views • 117 slides
Public Key Infrastructure Taofeeq Olatinwo Harmony Worldwide Inc. www.harmonycanada.com

Public Key Infrastructure Taofeeq Olatinwo Harmony Worldwide Inc. www.harmonycanada.com

Nigeria Computer Society 11 th International Conference Theme: e-Government & National Security 24 th 26 th July, 2013 Public Key Infrastructure Taofeeq Olatinwo Harmony Worldwide Inc. www.harmonycanada.com www.hwwgs.com 25 th July

502 views • 19 slides
Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia

Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia

Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia El Mrabet (1) and Christophe Negre (2) (1) Team Arith/LIRMM, Universit e Montpellier 2 (2) Team DALI/ELIAUS, Universit e de Perpignan

753 views • 49 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
C R P T A L Sammy Tbeile | Jaewan Bahk | Michail Oikonomou Carolina Almirola | Rahul Kapur

C R P T A L Sammy Tbeile | Jaewan Bahk | Michail Oikonomou Carolina Almirola | Rahul Kapur

C R P T A L Sammy Tbeile | Jaewan Bahk | Michail Oikonomou Carolina Almirola | Rahul Kapur Overview Motivation Combined interest in the fields of security and cryptography. No well-documented or straightforward languages/packages

161 views • 14 slides
2018 Annual General Meeting of Shareholders Andrew Harrison Chair WiseTech Global - FY18

2018 Annual General Meeting of Shareholders Andrew Harrison Chair WiseTech Global - FY18

2018 Annual General Meeting of Shareholders Andrew Harrison Chair WiseTech Global - FY18 financial highlights Delivered strong, high quality growth while expanding technology lead and global footprint LOW sales and LOW HIGH innovation HIGH

431 views • 22 slides
Capita The AA Ebay Centrica WPP Group Teradata Sky Lloyds Banking Group Channel 4 By

Capita The AA Ebay Centrica WPP Group Teradata Sky Lloyds Banking Group Channel 4 By

Capita The AA Ebay Centrica WPP Group Teradata Sky Lloyds Banking Group Channel 4 By 2015, 4.4 million IT jobs globally will be created to support Big Data. But there is a challenge. There is not enough talent in the industry. Therefore,

246 views • 14 slides
Investor Presentation PT Solusi Tunas Pratama Tbk May 2016 Disclaimer These materials have been

Investor Presentation PT Solusi Tunas Pratama Tbk May 2016 Disclaimer These materials have been

Investor Presentation PT Solusi Tunas Pratama Tbk May 2016 Disclaimer These materials have been prepared by PT Solusi Tunas Pratama, Tbk ( STP or the Company) and have not been independently verified. No representation or warranty,

386 views • 37 slides

More recommend