SlideShare une entreprise Scribd logo

Behind the scenes with IOS security

Priyanka Aash
Priyanka Aash

"With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10 HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss. Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor. Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target." (Source: Black Hat USA 2016, Las Vegas)

Technologie
1  sur  80
Télécharger pour lire hors ligne
Black Hat 2016 Behind the Scenes with iOS Security Ivan Krstić Head of Security Engineering and Architecture, Apple
Decrypted Kernel Caches
iOS 10 Component Encryption User data—No change to encryption Image3 (pre-iPhone 5S)—iBoot, kernel caches, boot logos no longer encrypted Image4 kernel caches—No longer encrypted Changes made as part of wider set of performance optimizations Encryption for these objects was no longer adding a lot of value No impact to platform security or encryption of user data
Hardened WebKit JIT Mapping
Just-in-time compilation is necessary for high-performance JavaScript iOS normally requires all executable pages to be signed Code signing policy is relaxed in Safari through dynamic-codesigning entitlement to support JIT compilation Background Hardened WebKit JIT Mapping
iOS 9 Hardened WebKit JIT Mapping 32MB RWX JIT memory region Write-anywhere primitive sufficient for arbitrary code execution Attacker can write shell code into JIT region and jump to it without ROP
Execute-only memory protection Hardened WebKit JIT Mapping Hardware support introduced in ARMv8 Kernel implementation added in iOS 10 Allows us to emit code containing secret data, not readable within the process
Split view Hardened WebKit JIT Mapping Create two virtual mappings to the same physical JIT memory One executable, one writable The location of the writable mapping is secret
Tying it all together Hardened WebKit JIT Mapping Writable mapping to JIT region is randomly located Emit specialized memcpy with base destination address encoded as immediate values Make it execute-only Discard the address of the writable mapping Use specialized memcpy for all JIT write operations
void initializeSeparatedWXHeaps(void* stubBase, size_t stubSize, void* jitBase, 
 size_t jitSize) { mach_vm_address_t writableAddr = 0; // 1. Create a second mapping of the JIT region at a random address. vm_prot_t cur, max; kern_return_t ret = mach_vm_remap(mach_task_self(), &writableAddr, jitSize, 0, VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR, mach_task_self(), (mach_vm_address_t)jitBase, FALSE, &cur, &max, VM_INHERIT_DEFAULT); bool remapSucceeded = (ret == KERN_SUCCESS); if (!remapSucceeded) return; // 2. Assemble specialized memcpy function for writing into the JIT region. MacroAssemblerCodeRef writeThunk = jitWriteThunkGenerator(reinterpret_cast<void*>(writableAddr), stubBase, stubSize); int result = 0; #if USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION) // 3. Prevent reading the memcpy code we just generated. result = mprotect(stubBase, stubSize, VM_PROT_EXECUTE_ONLY); RELEASE_ASSERT(!result); #endif
// 4. Prevent writing into the executable JIT mapping. result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); RELEASE_ASSERT(!result); // 5. Prevent execution in the writable JIT mapping. result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); RELEASE_ASSERT(!result); // 6. Zero out writableAddr to avoid leaking the address of the writable mapping. memset_s(&writableAddr, sizeof(writableAddr), 0, sizeof(writableAddr)); jitWriteFunction = reinterpret_cast<JITWriteFunction>(writeThunk.code().executableAddress()); }
RWX iOS 9
R-X RW- iOS 10 - - X
R-X RW- iOS 10 - - X
iOS 10 R-X RW- - - X mov x0, #0
iOS 10 R-X RW- - - X mov x0, #0mov x0, #0
iOS 10 R-X RW- - - X mov x0, #0mov x0, #0
iOS 10 Hardened WebKit JIT Mapping Write-anywhere primitive now insufficient for arbitrary code execution Attacker must subvert control flow via ROP or other means or find a way to call execute- only JIT write function Mitigation increases complexity of exploiting WebKit memory corruption bugs
Data Protection with the 
 Secure Enclave Processor
Goals Data Protection User data protected by strong cryptographic master key derived from user passcode No offline attack on user passcode—Hardware-bound master key derivation No brute force—Hard limit on number of passcode attempts Hardware keys for master key derivation not directly exposed to any mutable software Secure support for alternative unlock mechanisms (Touch ID, Auto Unlock)
Goals—Sidestep AP attack surface Data Protection Authentication policy enforcement even under adversarial AP Master (long-term) key material never exposed to AP Non-master key material exposed to AP must be ephemeral and session-bound
Secure Enclave Processor
Overview Secure Enclave Processor Dedicated SoC core provides trusted environment for handling cryptographic material Arbitrates all user data access Hardware accelerators for AES, EC, SHA Manages its own encrypted memory and communicates with the AP using mailboxes Factory-paired secure channels to Touch ID sensor and Secure Element
Background Device UID Key Each SEP has reference access to a unique private key (UID) UID generated by SEP itself immediately after fabrication, using its own free-running oscillator TRNG Available for cryptographic operations via commands exposed by the Secure ROM No access to UID key material from SEP or other mutable software after fuses blown
Background User Keybags Sets of keys generated for each user to protect their data at rest Keys wrapped by master key derived from user passcode and SEP UID After 10 incorrect passcode entries, SEP will not process any further attempts Different policy associated with each keybag key—Usage, availability
Class keys User Keybags Class Description A (256-bit AES) Only available while the device is unlocked B (Curve 25519) Public key always available, private key only available when device is unlocked C (256-bit AES) Available after the user unlocked the phone at least once after boot D (256-bit AES) Always available
00000000 44 41 54 41 00 00 05 ca 56 45 52 53 00 00 00 04 |DATA....VERS....| 00000010 00 00 00 04 54 59 50 45 00 00 00 04 00 00 00 00 |....TYPE........| 00000020 55 55 49 44 00 00 00 10 4a 99 c1 fd 7e 55 44 43 |UUID....J...~UDC| 00000030 96 96 30 36 42 3a 42 0c 48 4d 43 4b 00 00 00 28 |..06B:B.HMCK...(| 00000040 49 78 be cb 61 71 ed c8 70 4e fc 3d 01 2b 10 bf |Ix..aq..pN.=.+..| 00000050 4e d4 c4 19 83 dc d1 97 82 3c e1 2f de 9b 51 53 |N........<./..QS| 00000060 d3 d2 be d1 e2 55 ef 40 57 52 41 50 00 00 00 04 |.....U.@WRAP....| 00000070 00 00 00 01 53 41 4c 54 00 00 00 14 7e f0 23 95 |....SALT....~.#.| 00000080 ee 44 89 d1 c8 47 9a d7 75 2f 07 49 54 74 d0 cc |.D...G..u/.ITt..| 00000090 49 54 45 52 00 00 00 04 00 00 c3 50 47 52 43 45 |ITER.......PGRCE| ... 000004e0 47 47 bc 18 6b 92 f3 fa cc 94 43 4c 41 53 00 00 |GG..k.....CLAS..| 000004f0 00 04 00 00 00 02 57 52 41 50 00 00 00 04 00 00 |......WRAP......| 00000500 00 03 4b 54 59 50 00 00 00 04 00 00 00 01 57 50 |..KTYP........WP| 00000510 4b 59 00 00 00 28 a2 dd c7 83 56 45 21 bb 1f 70 |KY...(....VE!..p| 00000520 70 07 79 5f 6e ed 42 05 2e a0 2f e2 6f a5 14 4e |p.y_n.B.../.o..N| 00000530 a2 7f 3c c0 4c 38 bd 5f 1a ce 45 a1 06 ca 50 42 |..<.L8._..E...PB| 00000540 4b 59 00 00 00 20 03 b1 b1 6e aa 7a 59 25 b5 43 |KY... ...n.zY%.C| 00000550 83 7c d1 2c d7 28 f9 d3 48 c1 41 cc 50 47 38 53 |.|.,.(..H.A.PG8S| 00000560 00 ae f7 b5 7b 51 55 55 49 44 00 00 00 10 50 ba |....{QUUID....P.| 00000570 b5 bc cd cb 42 e6 93 ed dd 1a 18 3e fb f4 43 4c |....B......>..CL| 00000580 41 53 00 00 00 04 00 00 00 01 57 52 41 50 00 00 |AS........WRAP..| 00000590 00 04 00 00 00 03 4b 54 59 50 00 00 00 04 00 00 |......KTYP......| 000005a0 00 00 57 50 4b 59 00 00 00 28 45 9c 2c 38 0c f1 |..WPKY...(E.,8..| 000005b0 2a 37 2c 9e 39 b0 90 74 f4 e4 21 f8 b3 c1 48 44 |*7,.9..t..!...HD| 000005c0 eb 36 17 42 16 6b 74 13 15 b2 72 c8 a9 1d 17 f5 |.6.B.kt...r.....| 000005d0 af aa 53 49 47 4e 00 00 00 14 db 7a 1e 3c 39 56 |..SIGN.....z.<9V| 000005e0 b4 f8 70 88 b1 8a c4 cc 4b ea a6 fb df 65 |..p.....K....e| 000005ee Keybag version 4 KDF Salt Iteration Count Key Identifier: Class B Key Type: Curve25519 Wrapped Private Key Bytes Public Key Bytes Key Identifier: Class A Key Type: AES Wrapped Private Key Bytes
Master Key Derivation SEPUserland KDFPasscode Timed Iterations (100-150ms)Salt Master KeyMki = KDF2(E(UID, MKi-1))
Overview Filesystem Data Protection File blocks are encrypted using AES-XTS with 128-bit keys Each file on the user partition is encrypted using a unique random key chosen by SEP Raw file keys are never exposed to the AP • Wrapped with a key from the user keybag for long-term storage • Wrapped with an ephemeral key while in use, bound to boot session
Filesystem Data Protection SEPKernelUser Hardware HFS NVME Driver Key Store AES Engine Storage Controller NAND open(“foo.txt”, …) Ephemeral Key established on boot Cipher Text Clear Text 1. Fetch wrapped file_key from metadata 4. Send IO command with ephemerally wrapped 
 file_key 2. Unwrap file_key using keybag key 3. Wrap file_key using ephemeral_key, return ephemerally wrapped file_key 
 to kernel
SEP UIDclass D class D master key + SEP UID SKS memory class A
 class B (priv)
 class C class B (public)
 class D SKS keyring 10) class keys cannot be decrypted until we get the passcode 11) launchd permits userspace to start loading 9) keybag loaded into sks memory, class B public loaded into keyring3) decrypt class D key, load into keyring 1) kernel boots (system partition) 4) decrypt HFS metadata with media key 5) launchd mounts user partition 6) launchd starts keybagd 2) AppleKeyStore loads D key (before user partition is mounted) 8) decrypts keybag with prot key from effaceable 7) keybagd loads system keybag (class D key available) contains the device keybag HFS SEP endpoint to SKS AppleKeyStore Effaceable media key
 keybag prot key
 Class D SKS Userspace XNU (Kernel) SEP gets prot key from effaceable loads device keybag into SEP keybagd systembag.kb /var/keybags/systembag.kb encrypted with the keybag prot key boot
SKS SBIO MobileKeybag.framework SpringBoard first unlock 7) first unlock notification sent 1) SpringBoard acquires the passcode master key + SEP UID SKS memory class A
 class B (priv)
 class C master key class A
 class B (priv)
 class B (public)
 class C
 class D SKS keyring 2) generate master key random secret master key random secret SBIO memory 4) encrypt master key with random secret – this encrypted master key never leaves SKS 6) securely destroy raw master key bio unlock token only created if bio unlock is enabled steps 4 & 5 5) send random secret to SBIO, destroy it in SKS 3) decrypt class keys, add to keyring Userspace XNU (Kernel) SEP SEP Endpoint to SKS AppleKeyStore Darwin lock/unlock Notifications UserEventAgent
SEP Endpoint to SKS AppleKeyStore Darwin lock/unlock Notifications UserEventAgent lock 3) send lock notification 1) device locks 2) purge class A and class B priv keys master key + SEP UID SKS memory class A
 class B (priv)
 class C class B (public)
 class C
 class D SKS keyring Userspace XNU (Kernel) SEP SKS MobileKeybag.framework SpringBoard
Darwin lock/unlock Notifications UserEventAgent random secret master key SKS SBIO Touch ID Sensor SEP endpoint to SKS AppleKeyStore Touch ID unlock 7) send unlock notification 4) decrypt master key master key master key + SEP UID SKS memory class A
 class B (priv)
 class C class A
 class B (priv)
 class B (public)
 class C
 class D SKS keyring random secret bio memory SEP endpoint to SBIO AppleMesa 5) decrypt class keys, add to keyring 6) securely destroy master key 2) template match sent to SBIO 1) pressing home button starts Touch ID sensor 3) upon successful match send random secret to SKS Userspace XNU (Kernel) SEP MobileKeybag.framework SpringBoard
Unattended Update—Install Later Boot 20 min commit timer 8 hr persist timer First Unlock prompt for passcode OTUT creation enabled 1:00 PM Notify Update Lock OTUT created Last Unlock Before Update 10:00 PM OTUT persist enabled Software Update 10:15 PM OTUT persisted Lock 10:30 PM OTUT committed reboot Update Window 3:00 AM
Demotion SoC Security Mode Production devices can be“demoted”to enable some debugging features like JTAG and loading development software on the AP (but not the SEP) Requires full OS erase and device explicitly authorized by the personalization server Forces a different UID on the SEP, no access to existing user data after demotion SoC mode AP status SEP status SEP UID Development fused Development Development Development Production fused Production Production Production AP demoted Development Production Development
Goals Data Protection User data protected by strong cryptographic master key derived from user passcode No offline attack on user passcode—hardware-bound master key derivation Hardware keys for master key derivation not directly exposed to any mutable software Secure support for alternative unlock mechanisms (Touch ID, Auto Unlock) Sidesteps AP attack surface, SEP policy enforced under adversarial AP
Synchronizing Secrets
Uses Synchronizing Secrets Passwords and credit card information available on all of a user’s devices Auto Unlock cryptographic keys shared between Apple Watch and Mac HomeKit cryptographic keys available on all devices
Traditional approaches Synchronizing Secrets Wrap user secrets with strong random key • User has to take care of a printed“sock drawer key”and enter it on each device • If printed key is lost, losing devices means loss of secrets Wrap user secrets with KDF-derived key from their password • Account provider backend is privileged, can intercept or brute-force account password • If user resets their account password, must prompt for old password to recover secrets • Anyone else in possession of wrapped user secrets can launch a brute-force attack
“Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations.” C. Kaufman, R. Perlman, M. Speciner
Goals—Inspired by Data Protection Synchronizing Secrets Selected user secrets available on all of the user’s devices Synchronization protected with strong cryptographic keys User can recover secrets even if they lose all their devices User secrets not exposed to Apple No brute-force—backend not in a privileged position
Approach iCloud Keychain Each device locally generates iCloud Keychain synchronization key pair User explicitly approves new devices joining the sync circle from a device already in it Sync circle uses Apple cloud backend for storage and message passing • No data is accessible to Apple • Backend not in a privileged position since key pair is strong and random What if all devices are lost, or need to configure new device without access to old one?
Premise iCloud Keychain Backup New credential—iCloud Security Code (commonly device passcode), 
 unknown to Apple Generate strong random backup (“escrow”) key, wrap with KDF-derived key from iCSC Back up copy of iCloud Keychain secrets to the Apple cloud, encrypted with escrow key Send wrapped escrow key to Apple In case of device loss or new device, user can recover secrets with their iCloud password and the iCSC
Goals—Inspired by Data Protection Synchronizing Secrets Selected user secrets (passwords, credit cards, …) available on all of the user’s devices Synchronization protected with strong cryptographic keys User can recover secrets even if they lose all their devices User secrets not exposed to Apple Backend not in a privileged position to brute-force keys protecting user secrets
Backend attack surface iCloud Keychain Backup In naive implementation, backend could brute force the iCSC to access escrow key Just like with SEP, need to enforce policy over escrow key No brute–force—Want hard limit on escrow recovery attempts under adversarial cloud What if escrow key unwrapping only took place in Hardware Security Modules?
Overview Cloud Key Vault HSMs running custom secure code connected to Apple cloud Key vault fleet operates its own CA, private key never leaves the hardware Each iOS device hardcodes key vault fleet CA cert
Unit Cloud Key Vault HSMHost
HSM keys Cloud Key Vault Key Description CSCIK RSA-2048, allows signing custom secure code to run on the HSM AK 256-bit for HMAC-SHA-256, to authenticate messages between vault units CA RSA-2048, to certify service key (SK) SK RSA-2048, allows unwrapping escrow records
Escrow record generated on iOS device Cloud Key Vault SRP verifier for iCSC Maximum failure count User’s escrow key 🔐 encrypted to public service key
Understanding the design Cloud Key Vault A kind of SEP Data Protection approach for escrow records Vault service private key material not available to mutable software, just like SEP UID key User attempting escrow recovery sends previous escrow record, establishes SRP session Vault unwraps escrow record, SRP with user device against iCSC verifier in the record, return escrow key if successful If SRP fails due to incorrect iCSC, vault unit bumps a secure counter • If maximum failure count (10) is exceeded for the record, record is marked terminal
Redundancy and attack surface Cloud Key Vault Users can’t escrow to only a single vault unit, need redundancy Escrowing to multiple units means multiplying the maximum failure count providing more opportunity for brute force attack
Club Cloud Key Vault HSMHost HSMHost HSMHost HSMHost HSMHost
Club Cloud Key Vault Group of five vault units that share a single SK—Service Key User generates escrow record for a particular club, certified by the fleet CA Solves redundancy, but not the brute force limiting problem Club members would still be subject to partitioning attacks
Quorum commit Cloud Key Vault Each club member maintains its own failure count for each escrow record Escrow recovery prompts a vote, majority quorum required to proceed Provides redundancy and breaks membership partitioning attacks
Fleet Cloud Key Vault … Authenticated object storage HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost iCloud escrow service
Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “I propose an update. Please give me your failure count for this record.”
Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “My counter is 4. I vote yes to update since I’m not in another transaction.”
Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “We have majority quorum and no one’s record is terminal, 
 prepare to update failure count to 5.”
Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “OK, I’ve verified majority quorum and stand ready to increase failure count to 5.”
Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “Please proceed with increasing failure count to 5 for this record.”
Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “OK, my failure count is now 5 for this record.”
Who watches the watchers? Cloud Key Vault A given vault fleet runs code signed by its CSCIK (custom secure code signing key) Use of this signing key requires a quorum of physical vault admin smart cards Admin cards are created in a secure ceremony when fleet is commissioned, stored in separate physical safes in custody of three different organizations at Apple in tamper- proof evidence bags
Who watches the watchers? Cloud Key Vault If someone got their hands on all the admin cards… Couldn’t they sign a malicious custom secure code image that can brute-force iCSC for arbitrary escrow records?
No.
Before a fleet goes into production Cloud Key Vault Members of all three admin card-carrying organizations meet in a secure facility Cross-check serial numbers on evidence bags and on cards Attestations • Card carriers present at creation of the admin cards • No other cards were created • Evidence bags remained sealed since creation • Cards present today are the ones originally created
Physical One-Way Hash Function
(We Run the Cards Through a Blender)
Final attestation Cloud Key Vault All admin cards originally created are now destroyed The cards were not used to sign any other custom secure code that can be loaded No other mechanism is known for changing custom secure code or loading new code This enables us to make the unequivocal commitment that user secrets are not exposed to Apple
Some News
Apple Security Bounty
Apple Security Bounty Great help from researchers in improving iOS security all along iOS security mechanisms continue to get stronger Feedback from Apple Red Team and external researchers:as iOS security has advanced, increasingly difficult to find the most critical security issues
Apple Security Bounty Rewards researchers who share critical issues with Apple We make it a priority to resolve confirmed issues as quickly as possible Provide public recognition, unless asked otherwise
Initial Categories Category Max. Payment Secure boot firmware components $200,000 Extraction of confidential material protected by the Secure Enclave Processor $100,000 Execution of arbitrary code with kernel privileges $50,000 Unauthorized access to iCloud account data on Apple servers $50,000 Access from a sandboxed process to user data outside of that sandbox $25,000
Payments Apple Security Bounty We require a clear report and working proof of concept Vulnerability must affect latest shipping iOS, and where relevant, latest hardware Exact payment amount determined after review by engineering team, criteria include novelty and likelihood of exposure/degree of user interaction required Researcher can elect to donate reward to charity of their choice, Apple will consider matching 1:1
Apple Security Bounty Few dozen initially invited researchers If vulnerabilities that would be covered under the program are submitted by researchers outside of the program, we will review the submission and, if the work merits it, invite researcher into the program and reward the vulnerability
September
product-security@apple.com Thank You!
TM and © 2016 Apple Inc. All rights reserved.

Recommandé

MouthMouse
MouthMouseMouthMouse
MouthMouseRuben Flores
 
G41 m vs2
G41 m vs2G41 m vs2
G41 m vs2ruisuv
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Samsung pay: tokenized numbers flaws and issues
Samsung pay: tokenized numbers flaws and issuesSamsung pay: tokenized numbers flaws and issues
Samsung pay: tokenized numbers flaws and issuesPriyanka Aash
 
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsBad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsPriyanka Aash
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios systemJamil S. Alagha
 
ppt based on android technology with great animations
ppt based on android technology with great animationsppt based on android technology with great animations
ppt based on android technology with great animationsHriday Garg
 

Recommandé

MouthMouse
MouthMouseMouthMouse
MouthMouseRuben Flores
 
G41 m vs2
G41 m vs2G41 m vs2
G41 m vs2ruisuv
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Samsung pay: tokenized numbers flaws and issues
Samsung pay: tokenized numbers flaws and issuesSamsung pay: tokenized numbers flaws and issues
Samsung pay: tokenized numbers flaws and issuesPriyanka Aash
 
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsBad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsPriyanka Aash
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios systemJamil S. Alagha
 
ppt based on android technology with great animations
ppt based on android technology with great animationsppt based on android technology with great animations
ppt based on android technology with great animationsHriday Garg
 
Lattice yapc-slideshare
Lattice yapc-slideshareLattice yapc-slideshare
Lattice yapc-slideshareGwenn Etourneau
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...Priyanka Aash
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
Apple iOS
Apple iOSApple iOS
Apple iOSChetan Gowda
 
iOS platform
iOS platformiOS platform
iOS platformmaya_slides
 
Unified Reactive Platform
Unified Reactive PlatformUnified Reactive Platform
Unified Reactive PlatformAmitabha Karmakar
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversSatpal Parmar
 
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Jagadisha Maiya
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -evechiportal
 
Exploring Thermal Related Stuff in iDevices using Open-Source Tool
Exploring Thermal Related Stuff in iDevices using Open-Source ToolExploring Thermal Related Stuff in iDevices using Open-Source Tool
Exploring Thermal Related Stuff in iDevices using Open-Source ToolKoan-Sin Tan
 
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacketCsw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacketCanSecWest
 
Computer network
Computer networkComputer network
Computer networkmaruthi vardhan
 
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3Raahul Raghavan
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part IIIAlkin Tezuysal
 
Web Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfWeb Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfSamHoney6
 
Broom not included curling the modern way
Broom not included curling the modern wayBroom not included curling the modern way
Broom not included curling the modern wayDanielStenberg7
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 

Contenu connexe

En vedette

How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...Priyanka Aash
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 

En vedette (9)

Lattice yapc-slideshare
Lattice yapc-slideshareLattice yapc-slideshare
Lattice yapc-slideshare
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious Profiles
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in Fail
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security Testing
 
Apple iOS
Apple iOSApple iOS
Apple iOS
 
iOS platform
iOS platformiOS platform
iOS platform
 
Unified Reactive Platform
Unified Reactive PlatformUnified Reactive Platform
Unified Reactive Platform
 

Similaire à Behind the scenes with IOS security

44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversSatpal Parmar
 
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Jagadisha Maiya
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -evechiportal
 
Exploring Thermal Related Stuff in iDevices using Open-Source Tool
Exploring Thermal Related Stuff in iDevices using Open-Source ToolExploring Thermal Related Stuff in iDevices using Open-Source Tool
Exploring Thermal Related Stuff in iDevices using Open-Source ToolKoan-Sin Tan
 
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacketCsw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacketCanSecWest
 
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3Raahul Raghavan
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part IIIAlkin Tezuysal
 
Web Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfWeb Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfSamHoney6
 
Broom not included curling the modern way
Broom not included curling the modern wayBroom not included curling the modern way
Broom not included curling the modern wayDanielStenberg7
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
LSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityLSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityBrendan Gregg
 
PG Day'14 Russia, PostgreSQL System Architecture, Heikki Linnakangas
PG Day'14 Russia, PostgreSQL System Architecture, Heikki LinnakangasPG Day'14 Russia, PostgreSQL System Architecture, Heikki Linnakangas
PG Day'14 Russia, PostgreSQL System Architecture, Heikki Linnakangaspgdayrussia
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersMicroEJ
 
A miało być tak... bez wycieków
A miało być tak... bez wyciekówA miało być tak... bez wycieków
A miało być tak... bez wyciekówKonrad Kokosa
 
Persistent BIOS Infection
Persistent BIOS InfectionPersistent BIOS Infection
Persistent BIOS Infectionguest042636
 
Persistent Bios Infection
Persistent Bios InfectionPersistent Bios Infection
Persistent Bios Infectionguest042636
 
Best Practices for performance evaluation and diagnosis of Java Applications ...
Best Practices for performance evaluation and diagnosis of Java Applications ...Best Practices for performance evaluation and diagnosis of Java Applications ...
Best Practices for performance evaluation and diagnosis of Java Applications ...IndicThreads
 

Similaire à Behind the scenes with IOS security (20)

44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device Drivers
 
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eve
 
Exploring Thermal Related Stuff in iDevices using Open-Source Tool
Exploring Thermal Related Stuff in iDevices using Open-Source ToolExploring Thermal Related Stuff in iDevices using Open-Source Tool
Exploring Thermal Related Stuff in iDevices using Open-Source Tool
 
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacketCsw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
 
Computer network
Computer networkComputer network
Computer network
 
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3ARM® Cortex™ M Bootup_CMSIS_Part_2_3
ARM® Cortex™ M Bootup_CMSIS_Part_2_3
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part III
 
Web Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfWeb Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdf
 
Broom not included curling the modern way
Broom not included curling the modern wayBroom not included curling the modern way
Broom not included curling the modern way
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
LSFMM 2019 BPF Observability
LSFMM 2019 BPF ObservabilityLSFMM 2019 BPF Observability
LSFMM 2019 BPF Observability
 
PG Day'14 Russia, PostgreSQL System Architecture, Heikki Linnakangas
PG Day'14 Russia, PostgreSQL System Architecture, Heikki LinnakangasPG Day'14 Russia, PostgreSQL System Architecture, Heikki Linnakangas
PG Day'14 Russia, PostgreSQL System Architecture, Heikki Linnakangas
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for Microcontrollers
 
A miało być tak... bez wycieków
A miało być tak... bez wyciekówA miało być tak... bez wycieków
A miało być tak... bez wycieków
 
Persistent BIOS Infection
Persistent BIOS InfectionPersistent BIOS Infection
Persistent BIOS Infection
 
Persistent Bios Infection
Persistent Bios InfectionPersistent Bios Infection
Persistent Bios Infection
 
Best Practices for performance evaluation and diagnosis of Java Applications ...
Best Practices for performance evaluation and diagnosis of Java Applications ...Best Practices for performance evaluation and diagnosis of Java Applications ...
Best Practices for performance evaluation and diagnosis of Java Applications ...
 

Plus de Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Plus de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Dernier

A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 

Dernier (20)

A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 

Behind the scenes with IOS security

  • 1. Black Hat 2016 Behind the Scenes with iOS Security Ivan Krstić Head of Security Engineering and Architecture, Apple
  • 3. iOS 10 Component Encryption User data—No change to encryption Image3 (pre-iPhone 5S)—iBoot, kernel caches, boot logos no longer encrypted Image4 kernel caches—No longer encrypted Changes made as part of wider set of performance optimizations Encryption for these objects was no longer adding a lot of value No impact to platform security or encryption of user data
  • 5. Just-in-time compilation is necessary for high-performance JavaScript iOS normally requires all executable pages to be signed Code signing policy is relaxed in Safari through dynamic-codesigning entitlement to support JIT compilation Background Hardened WebKit JIT Mapping
  • 6. iOS 9 Hardened WebKit JIT Mapping 32MB RWX JIT memory region Write-anywhere primitive sufficient for arbitrary code execution Attacker can write shell code into JIT region and jump to it without ROP
  • 7. Execute-only memory protection Hardened WebKit JIT Mapping Hardware support introduced in ARMv8 Kernel implementation added in iOS 10 Allows us to emit code containing secret data, not readable within the process
  • 8. Split view Hardened WebKit JIT Mapping Create two virtual mappings to the same physical JIT memory One executable, one writable The location of the writable mapping is secret
  • 9. Tying it all together Hardened WebKit JIT Mapping Writable mapping to JIT region is randomly located Emit specialized memcpy with base destination address encoded as immediate values Make it execute-only Discard the address of the writable mapping Use specialized memcpy for all JIT write operations
  • 10. void initializeSeparatedWXHeaps(void* stubBase, size_t stubSize, void* jitBase, 
 size_t jitSize) { mach_vm_address_t writableAddr = 0; // 1. Create a second mapping of the JIT region at a random address. vm_prot_t cur, max; kern_return_t ret = mach_vm_remap(mach_task_self(), &writableAddr, jitSize, 0, VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR, mach_task_self(), (mach_vm_address_t)jitBase, FALSE, &cur, &max, VM_INHERIT_DEFAULT); bool remapSucceeded = (ret == KERN_SUCCESS); if (!remapSucceeded) return; // 2. Assemble specialized memcpy function for writing into the JIT region. MacroAssemblerCodeRef writeThunk = jitWriteThunkGenerator(reinterpret_cast<void*>(writableAddr), stubBase, stubSize); int result = 0; #if USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION) // 3. Prevent reading the memcpy code we just generated. result = mprotect(stubBase, stubSize, VM_PROT_EXECUTE_ONLY); RELEASE_ASSERT(!result); #endif
  • 11. // 4. Prevent writing into the executable JIT mapping. result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); RELEASE_ASSERT(!result); // 5. Prevent execution in the writable JIT mapping. result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); RELEASE_ASSERT(!result); // 6. Zero out writableAddr to avoid leaking the address of the writable mapping. memset_s(&writableAddr, sizeof(writableAddr), 0, sizeof(writableAddr)); jitWriteFunction = reinterpret_cast<JITWriteFunction>(writeThunk.code().executableAddress()); }
  • 15. iOS 10 R-X RW- - - X mov x0, #0
  • 16. iOS 10 R-X RW- - - X mov x0, #0mov x0, #0
  • 17. iOS 10 R-X RW- - - X mov x0, #0mov x0, #0
  • 18. iOS 10 Hardened WebKit JIT Mapping Write-anywhere primitive now insufficient for arbitrary code execution Attacker must subvert control flow via ROP or other means or find a way to call execute- only JIT write function Mitigation increases complexity of exploiting WebKit memory corruption bugs
  • 19. Data Protection with the 
 Secure Enclave Processor
  • 20. Goals Data Protection User data protected by strong cryptographic master key derived from user passcode No offline attack on user passcode—Hardware-bound master key derivation No brute force—Hard limit on number of passcode attempts Hardware keys for master key derivation not directly exposed to any mutable software Secure support for alternative unlock mechanisms (Touch ID, Auto Unlock)
  • 21. Goals—Sidestep AP attack surface Data Protection Authentication policy enforcement even under adversarial AP Master (long-term) key material never exposed to AP Non-master key material exposed to AP must be ephemeral and session-bound
  • 23. Overview Secure Enclave Processor Dedicated SoC core provides trusted environment for handling cryptographic material Arbitrates all user data access Hardware accelerators for AES, EC, SHA Manages its own encrypted memory and communicates with the AP using mailboxes Factory-paired secure channels to Touch ID sensor and Secure Element
  • 24. Background Device UID Key Each SEP has reference access to a unique private key (UID) UID generated by SEP itself immediately after fabrication, using its own free-running oscillator TRNG Available for cryptographic operations via commands exposed by the Secure ROM No access to UID key material from SEP or other mutable software after fuses blown
  • 25. Background User Keybags Sets of keys generated for each user to protect their data at rest Keys wrapped by master key derived from user passcode and SEP UID After 10 incorrect passcode entries, SEP will not process any further attempts Different policy associated with each keybag key—Usage, availability
  • 26. Class keys User Keybags Class Description A (256-bit AES) Only available while the device is unlocked B (Curve 25519) Public key always available, private key only available when device is unlocked C (256-bit AES) Available after the user unlocked the phone at least once after boot D (256-bit AES) Always available
  • 27. 00000000 44 41 54 41 00 00 05 ca 56 45 52 53 00 00 00 04 |DATA....VERS....| 00000010 00 00 00 04 54 59 50 45 00 00 00 04 00 00 00 00 |....TYPE........| 00000020 55 55 49 44 00 00 00 10 4a 99 c1 fd 7e 55 44 43 |UUID....J...~UDC| 00000030 96 96 30 36 42 3a 42 0c 48 4d 43 4b 00 00 00 28 |..06B:B.HMCK...(| 00000040 49 78 be cb 61 71 ed c8 70 4e fc 3d 01 2b 10 bf |Ix..aq..pN.=.+..| 00000050 4e d4 c4 19 83 dc d1 97 82 3c e1 2f de 9b 51 53 |N........<./..QS| 00000060 d3 d2 be d1 e2 55 ef 40 57 52 41 50 00 00 00 04 |.....U.@WRAP....| 00000070 00 00 00 01 53 41 4c 54 00 00 00 14 7e f0 23 95 |....SALT....~.#.| 00000080 ee 44 89 d1 c8 47 9a d7 75 2f 07 49 54 74 d0 cc |.D...G..u/.ITt..| 00000090 49 54 45 52 00 00 00 04 00 00 c3 50 47 52 43 45 |ITER.......PGRCE| ... 000004e0 47 47 bc 18 6b 92 f3 fa cc 94 43 4c 41 53 00 00 |GG..k.....CLAS..| 000004f0 00 04 00 00 00 02 57 52 41 50 00 00 00 04 00 00 |......WRAP......| 00000500 00 03 4b 54 59 50 00 00 00 04 00 00 00 01 57 50 |..KTYP........WP| 00000510 4b 59 00 00 00 28 a2 dd c7 83 56 45 21 bb 1f 70 |KY...(....VE!..p| 00000520 70 07 79 5f 6e ed 42 05 2e a0 2f e2 6f a5 14 4e |p.y_n.B.../.o..N| 00000530 a2 7f 3c c0 4c 38 bd 5f 1a ce 45 a1 06 ca 50 42 |..<.L8._..E...PB| 00000540 4b 59 00 00 00 20 03 b1 b1 6e aa 7a 59 25 b5 43 |KY... ...n.zY%.C| 00000550 83 7c d1 2c d7 28 f9 d3 48 c1 41 cc 50 47 38 53 |.|.,.(..H.A.PG8S| 00000560 00 ae f7 b5 7b 51 55 55 49 44 00 00 00 10 50 ba |....{QUUID....P.| 00000570 b5 bc cd cb 42 e6 93 ed dd 1a 18 3e fb f4 43 4c |....B......>..CL| 00000580 41 53 00 00 00 04 00 00 00 01 57 52 41 50 00 00 |AS........WRAP..| 00000590 00 04 00 00 00 03 4b 54 59 50 00 00 00 04 00 00 |......KTYP......| 000005a0 00 00 57 50 4b 59 00 00 00 28 45 9c 2c 38 0c f1 |..WPKY...(E.,8..| 000005b0 2a 37 2c 9e 39 b0 90 74 f4 e4 21 f8 b3 c1 48 44 |*7,.9..t..!...HD| 000005c0 eb 36 17 42 16 6b 74 13 15 b2 72 c8 a9 1d 17 f5 |.6.B.kt...r.....| 000005d0 af aa 53 49 47 4e 00 00 00 14 db 7a 1e 3c 39 56 |..SIGN.....z.<9V| 000005e0 b4 f8 70 88 b1 8a c4 cc 4b ea a6 fb df 65 |..p.....K....e| 000005ee Keybag version 4 KDF Salt Iteration Count Key Identifier: Class B Key Type: Curve25519 Wrapped Private Key Bytes Public Key Bytes Key Identifier: Class A Key Type: AES Wrapped Private Key Bytes
  • 28. Master Key Derivation SEPUserland KDFPasscode Timed Iterations (100-150ms)Salt Master KeyMki = KDF2(E(UID, MKi-1))
  • 29. Overview Filesystem Data Protection File blocks are encrypted using AES-XTS with 128-bit keys Each file on the user partition is encrypted using a unique random key chosen by SEP Raw file keys are never exposed to the AP • Wrapped with a key from the user keybag for long-term storage • Wrapped with an ephemeral key while in use, bound to boot session
  • 30. Filesystem Data Protection SEPKernelUser Hardware HFS NVME Driver Key Store AES Engine Storage Controller NAND open(“foo.txt”, …) Ephemeral Key established on boot Cipher Text Clear Text 1. Fetch wrapped file_key from metadata 4. Send IO command with ephemerally wrapped 
 file_key 2. Unwrap file_key using keybag key 3. Wrap file_key using ephemeral_key, return ephemerally wrapped file_key 
 to kernel
  • 31. SEP UIDclass D class D master key + SEP UID SKS memory class A
 class B (priv)
 class C class B (public)
 class D SKS keyring 10) class keys cannot be decrypted until we get the passcode 11) launchd permits userspace to start loading 9) keybag loaded into sks memory, class B public loaded into keyring3) decrypt class D key, load into keyring 1) kernel boots (system partition) 4) decrypt HFS metadata with media key 5) launchd mounts user partition 6) launchd starts keybagd 2) AppleKeyStore loads D key (before user partition is mounted) 8) decrypts keybag with prot key from effaceable 7) keybagd loads system keybag (class D key available) contains the device keybag HFS SEP endpoint to SKS AppleKeyStore Effaceable media key
 keybag prot key
 Class D SKS Userspace XNU (Kernel) SEP gets prot key from effaceable loads device keybag into SEP keybagd systembag.kb /var/keybags/systembag.kb encrypted with the keybag prot key boot
  • 32. SKS SBIO MobileKeybag.framework SpringBoard first unlock 7) first unlock notification sent 1) SpringBoard acquires the passcode master key + SEP UID SKS memory class A
 class B (priv)
 class C master key class A
 class B (priv)
 class B (public)
 class C
 class D SKS keyring 2) generate master key random secret master key random secret SBIO memory 4) encrypt master key with random secret – this encrypted master key never leaves SKS 6) securely destroy raw master key bio unlock token only created if bio unlock is enabled steps 4 & 5 5) send random secret to SBIO, destroy it in SKS 3) decrypt class keys, add to keyring Userspace XNU (Kernel) SEP SEP Endpoint to SKS AppleKeyStore Darwin lock/unlock Notifications UserEventAgent
  • 33. SEP Endpoint to SKS AppleKeyStore Darwin lock/unlock Notifications UserEventAgent lock 3) send lock notification 1) device locks 2) purge class A and class B priv keys master key + SEP UID SKS memory class A
 class B (priv)
 class C class B (public)
 class C
 class D SKS keyring Userspace XNU (Kernel) SEP SKS MobileKeybag.framework SpringBoard
  • 34. Darwin lock/unlock Notifications UserEventAgent random secret master key SKS SBIO Touch ID Sensor SEP endpoint to SKS AppleKeyStore Touch ID unlock 7) send unlock notification 4) decrypt master key master key master key + SEP UID SKS memory class A
 class B (priv)
 class C class A
 class B (priv)
 class B (public)
 class C
 class D SKS keyring random secret bio memory SEP endpoint to SBIO AppleMesa 5) decrypt class keys, add to keyring 6) securely destroy master key 2) template match sent to SBIO 1) pressing home button starts Touch ID sensor 3) upon successful match send random secret to SKS Userspace XNU (Kernel) SEP MobileKeybag.framework SpringBoard
  • 35. Unattended Update—Install Later Boot 20 min commit timer 8 hr persist timer First Unlock prompt for passcode OTUT creation enabled 1:00 PM Notify Update Lock OTUT created Last Unlock Before Update 10:00 PM OTUT persist enabled Software Update 10:15 PM OTUT persisted Lock 10:30 PM OTUT committed reboot Update Window 3:00 AM
  • 36. Demotion SoC Security Mode Production devices can be“demoted”to enable some debugging features like JTAG and loading development software on the AP (but not the SEP) Requires full OS erase and device explicitly authorized by the personalization server Forces a different UID on the SEP, no access to existing user data after demotion SoC mode AP status SEP status SEP UID Development fused Development Development Development Production fused Production Production Production AP demoted Development Production Development
  • 37. Goals Data Protection User data protected by strong cryptographic master key derived from user passcode No offline attack on user passcode—hardware-bound master key derivation Hardware keys for master key derivation not directly exposed to any mutable software Secure support for alternative unlock mechanisms (Touch ID, Auto Unlock) Sidesteps AP attack surface, SEP policy enforced under adversarial AP
  • 39. Uses Synchronizing Secrets Passwords and credit card information available on all of a user’s devices Auto Unlock cryptographic keys shared between Apple Watch and Mac HomeKit cryptographic keys available on all devices
  • 40. Traditional approaches Synchronizing Secrets Wrap user secrets with strong random key • User has to take care of a printed“sock drawer key”and enter it on each device • If printed key is lost, losing devices means loss of secrets Wrap user secrets with KDF-derived key from their password • Account provider backend is privileged, can intercept or brute-force account password • If user resets their account password, must prompt for old password to recover secrets • Anyone else in possession of wrapped user secrets can launch a brute-force attack
  • 41. “Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations.” C. Kaufman, R. Perlman, M. Speciner
  • 42. Goals—Inspired by Data Protection Synchronizing Secrets Selected user secrets available on all of the user’s devices Synchronization protected with strong cryptographic keys User can recover secrets even if they lose all their devices User secrets not exposed to Apple No brute-force—backend not in a privileged position
  • 43. Approach iCloud Keychain Each device locally generates iCloud Keychain synchronization key pair User explicitly approves new devices joining the sync circle from a device already in it Sync circle uses Apple cloud backend for storage and message passing • No data is accessible to Apple • Backend not in a privileged position since key pair is strong and random What if all devices are lost, or need to configure new device without access to old one?
  • 44. Premise iCloud Keychain Backup New credential—iCloud Security Code (commonly device passcode), 
 unknown to Apple Generate strong random backup (“escrow”) key, wrap with KDF-derived key from iCSC Back up copy of iCloud Keychain secrets to the Apple cloud, encrypted with escrow key Send wrapped escrow key to Apple In case of device loss or new device, user can recover secrets with their iCloud password and the iCSC
  • 45. Goals—Inspired by Data Protection Synchronizing Secrets Selected user secrets (passwords, credit cards, …) available on all of the user’s devices Synchronization protected with strong cryptographic keys User can recover secrets even if they lose all their devices User secrets not exposed to Apple Backend not in a privileged position to brute-force keys protecting user secrets
  • 46. Backend attack surface iCloud Keychain Backup In naive implementation, backend could brute force the iCSC to access escrow key Just like with SEP, need to enforce policy over escrow key No brute–force—Want hard limit on escrow recovery attempts under adversarial cloud What if escrow key unwrapping only took place in Hardware Security Modules?
  • 47. Overview Cloud Key Vault HSMs running custom secure code connected to Apple cloud Key vault fleet operates its own CA, private key never leaves the hardware Each iOS device hardcodes key vault fleet CA cert
  • 49. HSM keys Cloud Key Vault Key Description CSCIK RSA-2048, allows signing custom secure code to run on the HSM AK 256-bit for HMAC-SHA-256, to authenticate messages between vault units CA RSA-2048, to certify service key (SK) SK RSA-2048, allows unwrapping escrow records
  • 50. Escrow record generated on iOS device Cloud Key Vault SRP verifier for iCSC Maximum failure count User’s escrow key 🔐 encrypted to public service key
  • 51. Understanding the design Cloud Key Vault A kind of SEP Data Protection approach for escrow records Vault service private key material not available to mutable software, just like SEP UID key User attempting escrow recovery sends previous escrow record, establishes SRP session Vault unwraps escrow record, SRP with user device against iCSC verifier in the record, return escrow key if successful If SRP fails due to incorrect iCSC, vault unit bumps a secure counter • If maximum failure count (10) is exceeded for the record, record is marked terminal
  • 52. Redundancy and attack surface Cloud Key Vault Users can’t escrow to only a single vault unit, need redundancy Escrowing to multiple units means multiplying the maximum failure count providing more opportunity for brute force attack
  • 54. Club Cloud Key Vault Group of five vault units that share a single SK—Service Key User generates escrow record for a particular club, certified by the fleet CA Solves redundancy, but not the brute force limiting problem Club members would still be subject to partitioning attacks
  • 55. Quorum commit Cloud Key Vault Each club member maintains its own failure count for each escrow record Escrow recovery prompts a vote, majority quorum required to proceed Provides redundancy and breaks membership partitioning attacks
  • 56. Fleet Cloud Key Vault … Authenticated object storage HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost HSMHost iCloud escrow service
  • 57. Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “I propose an update. Please give me your failure count for this record.”
  • 58. Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “My counter is 4. I vote yes to update since I’m not in another transaction.”
  • 59. Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “We have majority quorum and no one’s record is terminal, 
 prepare to update failure count to 5.”
  • 60. Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “OK, I’ve verified majority quorum and stand ready to increase failure count to 5.”
  • 61. Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “Please proceed with increasing failure count to 5 for this record.”
  • 62. Escrow Recovery Transaction Cloud Key Vault 1. Proposal 2. Vote 3. Schedule 4. Ack 5. Perform 6. Confirm HSMHost HSMHost HSMHost HSMHost HSMHost “OK, my failure count is now 5 for this record.”
  • 63. Who watches the watchers? Cloud Key Vault A given vault fleet runs code signed by its CSCIK (custom secure code signing key) Use of this signing key requires a quorum of physical vault admin smart cards Admin cards are created in a secure ceremony when fleet is commissioned, stored in separate physical safes in custody of three different organizations at Apple in tamper- proof evidence bags
  • 64. Who watches the watchers? Cloud Key Vault If someone got their hands on all the admin cards… Couldn’t they sign a malicious custom secure code image that can brute-force iCSC for arbitrary escrow records?
  • 65. No.
  • 66. Before a fleet goes into production Cloud Key Vault Members of all three admin card-carrying organizations meet in a secure facility Cross-check serial numbers on evidence bags and on cards Attestations • Card carriers present at creation of the admin cards • No other cards were created • Evidence bags remained sealed since creation • Cards present today are the ones originally created
  • 68. (We Run the Cards Through a Blender)
  • 69. Final attestation Cloud Key Vault All admin cards originally created are now destroyed The cards were not used to sign any other custom secure code that can be loaded No other mechanism is known for changing custom secure code or loading new code This enables us to make the unequivocal commitment that user secrets are not exposed to Apple
  • 70.
  • 73. Apple Security Bounty Great help from researchers in improving iOS security all along iOS security mechanisms continue to get stronger Feedback from Apple Red Team and external researchers:as iOS security has advanced, increasingly difficult to find the most critical security issues
  • 74. Apple Security Bounty Rewards researchers who share critical issues with Apple We make it a priority to resolve confirmed issues as quickly as possible Provide public recognition, unless asked otherwise
  • 75. Initial Categories Category Max. Payment Secure boot firmware components $200,000 Extraction of confidential material protected by the Secure Enclave Processor $100,000 Execution of arbitrary code with kernel privileges $50,000 Unauthorized access to iCloud account data on Apple servers $50,000 Access from a sandboxed process to user data outside of that sandbox $25,000
  • 76. Payments Apple Security Bounty We require a clear report and working proof of concept Vulnerability must affect latest shipping iOS, and where relevant, latest hardware Exact payment amount determined after review by engineering team, criteria include novelty and likelihood of exposure/degree of user interaction required Researcher can elect to donate reward to charity of their choice, Apple will consider matching 1:1
  • 77. Apple Security Bounty Few dozen initially invited researchers If vulnerabilities that would be covered under the program are submitted by researchers outside of the program, we will review the submission and, if the work merits it, invite researcher into the program and reward the vulnerability
  • 80. TM and © 2016 Apple Inc. All rights reserved.