a (not-so-quick) primer on ios encryption david schuetz - ncc group
TRANSCRIPT
A(not-so-quick)PrimeroniOSEncryptionDavidSchuetz-NCCGroup
Introduction
• DavidSchuetz• SeniorConsultant,NCCGroup• FocusonwebandiOSapplicationtesting• Cryptopuzzles(ShmooCon,VZDBIR,etc.)
• Volunteerconferencesupporttocommunity
NCCGroup
• BasedinManchester,UK
• ConsultingbusinessmostlyNorthAmerica
• Webandmobileapptesting,pentesting
• RMG,dedicatedCryptographypractice
• Alwayshiring• Stronginternprogram
• NYC,Chicago,Seattle,SanFrancisco,Austin• Evenremote!
Background
AncientHistory• CNET,May2013,claims“Applecanbypassthesecuritysoftware”:
• Bigbacklog(7weeks,onecasetook4months)
AncientHistory
• October2014:“Apple’scommitmenttoyourprivacy”
• ChangesiniOS8
• “Applecannotbypassyourpasscode”• “…nottechnicallyfeasible…torespondtogovernmentwarrants”
• Raisedlotsofquestions:
• Whatdoesthatmean?Whatdidtheydobefore?
• Whataboutotherattacks?Forensics?
• Suddenlygotalotmoreimportant
WhatdoesitMEAN?!?
• Backlogimplies:
• Can’tjustpluginanduseamagickey
• Couldbruteforcepasscodes,conceivably
• “ApplecanaffordaLOTofGPUcrackers…”• Itdoesn’tworkthatway
SohowdoesiOSencryptionwork?
• It’scomplicated,butalsofairlycomprehensive
• Someearlydetailsfiguredoutbyresearchers
• ExaminingandunderstandingpublishedAPIs
• Reverseengineering,breaking• Applepublishesan“iOSSecurity”paper• BeginninginMay2012
• Updatedannuallyorbetter• Coversencryption,ApplePay,lotsofotherthings
• ThistalkfocusesonEncryption
BasicsofiOSEncryption
HowiOSencryptionworksEffaceable
Storage
UIDKey 0x89B
Key 0x835
Stored in Hardware
Dkey
EMF
BAG1
Data Partition
Data FileFile KeyFile Data
Keybag
Class 11 Key
Class 1 KeyClass 2 KeyClass 3 Key
Passcode
Class 4 Key
Entered by User
Keychain File
Keychain Item
Data FileFile KeyFile Data
Passcode Key
Fulldiskencryption
• iPhone3GS/iOS3• DedicatedAESprocessor• LocatedinDMAchannelbetweenCPUandDisk
• Generatearandomkey(EMFkey)
• EncryptEMFkeyusingahardware-derivedkey(0x89b)
• StoreencryptedEMFkeyinspecialdiskarea
• Usethistoencryptfilesystemmetadata
iOS3-FDEEffaceable
Storage
UIDKey 0x89BStored in
HardwareEMF
Data Partition
Data File
Advantages
• Advantages• Fastwipe• Can’taccess/modifydatadirectly(withoutOS)
• Can’ttransferchipstoanotherdevice• Limitations
• Filesystemaccessgrantsaccesstoeverything
• Noadditionalprotectionswhenlocked
File-levelencryption
• DataProtectionAPIintroducediniOS4• Randomencryptionkeycreatedforeachfile
• Filekeyisencryptedusingaclasskey• Encryptedfilekeystoredwithfilemetadata
iOS4-DataProtectionAPI
Data Partition
Data FileFile KeyFile Data
Class 1 Key
Multipleclasses
• Defaultclass:• iOS4-6is“noprotection”• iOS7-9:CompleteuntilFirstAuthentication
• MostsystemappsthroughiOS7stillusedNone
Protection Class Description
None No additional encryption
Complete Unless Open Asymmetric, for locking while writing
Complete Until First User Authentication
Encrypted after reboot, until first time unlocked
Complete Encrypted whenever device is locked
Classkeysinthekeybag
Data Partition
Data FileFile KeyFile Data
Keybag
Class 11 Key
Class 1 KeyClass 2 KeyClass 3 KeyClass 4 Key
Keychain File
Keychain Item
Data FileFile KeyFile Data
DataProtection:None
• Class4orDisFileProtection“None”class• RandomDkeygenerated
• Encryptedwithkey0x835,derivedfromUID
• Encryptedkeystoredineffaceablestorage
DefaultprotectionkeyEffaceable
Storage
UIDKey 0x89B
Key 0x835
Stored in Hardware
Dkey
EMF
BAG1
Data Partition
Data FileFile KeyFile Data
Keybag
Class 11 Key
Class 1 KeyClass 2 KeyClass 3 KeyClass 4 Key
Keychain File
Keychain Item
Data FileFile KeyFile Data
Classkeyprotection
• Eachclasskeyisalsowrappedorencrypted• Usingtheuser’spasscodekey
• Entirekeybagisencrypted• Usingabagkey(storedineffaceablestorage)
• Whenpasscodeischanged,oldbagkeysdeleted
PasscodeandkeybagEffaceable
Storage
UIDKey 0x89B
Key 0x835
Stored in Hardware
Dkey
EMF
BAG1
Data Partition
Data FileFile KeyFile Data
Keybag
Class 11 Key
Class 1 KeyClass 2 KeyClass 3 Key
Passcode
Class 4 Key
Entered by User
Keychain File
Keychain Item
Data FileFile KeyFile Data
Passcode Key
PasscodeKDF
• PBKDF2,usingPasscode,Salt,UID,variableiterations
• Workfactordependsondevice
• Constanttime—approx.80mS/attempt
• A7onwardadda5seconddelay• DependsonUID,whichcan’tbeextractedfromphone
• Notpossibletobringtoyourcrackingcluster
Bruteforcingpasscode• Mustbeperformedonthedevice
• Signedexternalimage
• Usingabootromvulnerability
• 80mSperattempt
• Nowupto5sec,somultiplytableby~62
• Attemptescalation,auto-wipearepartofUI
• Whenbootedfromexternalimage,nolimitsComplexity Time
4-digit numeric 15 min6-digit numeric 22 hours
6-char lowercase 286 days6-char mixed case 50 years
Locking…
• FileProtectionCompletekeyremovedfromRAM
• AllCompleteprotectionfilesnowunreadable
• Otherkeysremainpresent
• AllowsconnectiontoWi-Fi
• Letsyouseecontactinformationwhenphonerings
• [Ioncefoundanedgecasewherethisdoesn’thappen…]
Changingpasscode…
• Thesystemkeybagisduplicated
• Classkeyswrappedusingnewpasscodekey(encryptedwith0x835key,wrappedwithpasscode)
• NewBAGkeycreatedandstoredineffaceablestorage
• OldBAGkeythrownaway• NewkeybagencryptedwithBAGkey
Rebooting…
• FileProtectionCompletekeylostfromRAM
• CompleteuntilFirstAuthenticationkeyalsolost
• Only“FileProtection:None”filesarereadable• AndthenonlybytheOSonthedevice• BecauseFDE
Wipingdevice…
• Effaceablestorageiswiped,destroying:• DKey:All“Fileprotection:none”filesareunreadable
• Bagkey:Allotherclasskeysareunreadable• EMFkey:Can’tdecryptthefilesystemanyway
Playitagain!
• FileisencryptedwithaFileKey• FileKeyencryptedwithClassKey• ClassKeyencryptedwithPasscodeKey• Passcodekeyderivedfrom:
• UID,0x835,Passcode
• KeybagencryptedwithBagKey• EntirediskencryptedwithEMFKey
• EMFkeyencryptedusing0x89b
• 0x89band0x835derivedfromUID
Data Partition
Keybag
Data File
File KeyFile Data
Class Key
BAG1
UID
Passcode
KDF
Passcode Key
Key 0x89B
EMF
Key 0x835
DKey
Disk
EffaceableStorage
System ona Chip(SoC)
WeaknessandAttacks
BreakingThroughtheCrypto
• Severalwaystogetaroundtheseprotections• Jailbreakingdevices
• Simplebugsinthesoftware
• Forensictoolsusingobscureorbrokenfeatures
• Specialboot-levelcapabilities
• Collectfromotherlocations(“Tothecloud!”)
Jailbreaking
• Exploitsbugsintheoperatingsystem
• Bypassescodesigning,sandboxes,etc.• Needstomodifyfilesystemtomaintainpersistence
• Jailbreakprocesscannotbypasscryptoonalockeddevice
• Butmayweakenit
• Generallyneedtounlock,install,rebootdevice:
• Jailbreakershavemuchlargerattacksurface
• Anyapporsystemprocessonunlockeddevice
Bugs
• Lockscreenbypasses• Reallyjustmovingfromoneapptoanother
• Cryptoprotectionsarestillinplace
• Limiteddataaccessibility
• Usuallyfixedquickly
• Maliciousapps
• Fromappstore
• Side-loadedwithenterprisecerts
• OS-levelproblems
ForensicCapabilities
• Nomagicchannelsjustforforensicstools
• Frequentlyusingsamebugsfoundbycommunity
• Methodsandcapabilitiesoftencloselyheld
• Difficulttofullyascertain
• Lockeddevice
• Facesameobstaclesaseveryoneelse
• Unlockeddevice
• Hiddenorlittle-understoodfeatures
• Specialdatabases,logs,etc.
• Treasuretroveofinfo
BootANewOS
• Multi-stepbootprocess
• LLB(low-levelboot)
• iBoot
• OSboot
• Signaturechecksateachstage
• OSimageencryptedforeachdeviceclass
• Keyderivedfrom“GID”codeinSoC
• Bugsonearlydevicesallowedbypassingsignature
• FixediniPhone4S,iPad2
TheCloud• Server-sidedatastorageverycommon
• Generous“basic”app-datastorageforfreefromApple
• User-paidiClouddata
• Third-partycloudstorage
• Appvendorservers
• Can’tgetdataonphone?Gotothenet
• ExamplesofiOSdatastoredoniCloud:
• Backups
• Notes,calendarentries,contacts
• App-specificdata
• iClouddrive-iWorkdata,etc.
MDMorDesktopSync
• SynctoiTunesgetslotsofdata• Butnokeychain,unlessthebackupisencrypted
• USBaccessontrusteddesktop• Usedtoallowaccesstomostalldata
• Nowonlyworksonbetaversionsofsoftware
• Couldcomebackwithoutwarning(bydesignornot)
• MobileDeviceManagement
• Ifenrolledandconfigured,canremotelyunlock• NeedsWi-Fiaccess
• Ifrebootedandnocellulardata—noMDM.
PrivacyTakesCenterStage
NewPublicFocus
• EncryptionfeaturesfairlystablesinceiOS4• Whyisthisabigdealnow?
• Softwarechanges• Newhardwarefeatures• Strongerpublicstanceonprivacy• Somewhatdrivenbypost-Snowdenconcerns
NewDataProtectionDefaults
• iOS7defaults:• 3rdpartyapps:CompleteUntilFirstUnlock
• Systemapps:None(exceptMail)
• NowSystemAppsdefaulttoUntilFirstUnlock
• Mostdataunreadableafterareboot
• AlsolimitedsandboxaccessoverUSB
• Cannolongeraccessallofapp’sfiles• Evenwhenunlocked• Evenwithtrustedcomputer
Seeforyourself
• iOS7phone:• Reboot,Callfromlandline
• Seefullcontactinformation(name,picture,etc.)
• iOS8or9:• Reboot,callfromlandline,justseephonenumber
• Unlock,lockagain,callagain• Nowyouseeeverything
SecureEnclave
• IntroducedwithiPhone5SandiOS7in2013• Specialsub-processorandstorage
• SeparatehardenedOS• Speciallyencryptedareaondisk
• Handlesmanyofthepasscodefeatures
• Notsurewhetherfailurecountsstoredthere
• Hardcoded5seconddelay
• Additionalfeaturesaddedovertime• Encryptionandpublickeys
• Notverywellunderstoodatthispoint
PublicCommitmenttoPrivacy
• Drawsalineinthesand• “Wesellproducts,notyourinformation”
• Wantscustomerstobeincontroloftheirdata
• Technicaladviceforstrongsecuritychoices• Promiseoftransparencyregardinggovernmentaccess
(Intense)SpotlightonSecurity
TheRoadtoSanBernardino
• Gradualsecurityimprovementsoveryears
• Snowdenrevelations• Publiccommitmenttoprivacyandsecurity
• Beginningsofpushbackfromlawenforcement
• SanBernardinoattack• FBIrequestscourttoorderassistancefromApple
• Strangersaskingmeaboutthecase
WhatFBIaskedfor
• Awaytobypasspasscodeguessinglimits
• “Customversionofoperatingsystem”
• “Tailoredtojustthisphone”
• Possible?Maybe.Probably.
• Agoodidea?• Applespentnearly100pagesexplainingwhynot
• FBIeventually….hiredhackers?….
How’dtheyfinallygetin?
• Manypossibilitieshavebeensuggested
• Mostlyjustspeculation
• Someideasmorelikelythanothers
• Someideasare…outthere.
ProbableAttackSurfaces
• Cryptography• Extensivelyused• Securityhighlydependentuponthisbeing“safe”
• Hardwareattacks• Ifyoucanholdit,youcanownit• Howmuchdoyouwanttospend?
• Softwarebugs• Theyhappentoeveryone• Alot
CryptographicAttacks• Tobootahackedimage:
• BreakintoAppleandstealtheirsecretkeys• OtherAppleservicesusetamper-resistantHSM
• Breaksignatureprocess• RSAsignatures
• SHA1hashes
• BootROMbug
• MajorcryptographicbreakinAES
• AllowderivationofUIDandofflinecracking• Allowdirectdecryptionofdatafiles
HardwareAttacks• De-captheSoC• FindtheUIDandextractit
• CopyencrypteddatafromNAND
• Brute-forcepasscodeonaGPUcluster
• Riskyandexpensive.Norecoverypath.
• Memorychipattacks
• Preventupdatingpasscodefailurecount
• Rollflashbacktopreviouscopywherecount=0
• Racecondition
• DetectfailurebeforeOScanupdatecount
SoftwareAttacks• Racecondition• Enterpasscode,dosomethingelseREALLYFAST
• Lockscreenbypass• Wouldn’tgetmuchdata
• Couldshowspringboard• Mightshowthatphonehadverylittledataanyway
• Otherattacks• Codeinjection• DFUoriTunesRestoreattacks• Wiredorwirelessattacksurfaces
LikelySuspects?
• NewBootROMbug
• Boothackedimagecontainingpasscodecracker
• Lockscreenbypass• Limiteddataextraction,butprovideswindow
• Otherbugsinlockscreen• Allowingforinterruptionoftimeoutorfailurecounting
• Attacharobot• Hardware-levelattacksonmemory
• Interruptingdatawritesorrestoringearliercopy
Howmuchcouldtheyget?
• Everything,rightaway?• Needsamajorcryptobug
• Everything,eventually?
• Passcodefailurecountbypasses
• Hardwareorsoftwareattacks
• Simpleintelandgeneralphoneusage?
• Lockscreenbypass
RemainingQuestions
Questionsfrom2014….
• CanApplebruteforcepasscodes?• Wouldthey?
• Couldtheybeorderedto?• Hasthishappenedalready?
MoreHardwareQuestions
• CantheSecureEnclavesoftwarebeupdated?• Toalterthepasscodefailureprotections?• Doesitrequiredevicebeunlocked?
• AreanyoftheSEfunctionsinROM?
• Whereisthefailurecountlocated?
• OnSoCorflash?• WillSEcodeenforce10-trylimit?
Conclusion
GeneralBestPractices
• GoodadviceonApple’sPrivacyandSecuritypages• SelectnewerdeviceswithSecureEnclave• Selectalongpasscode
• Alphanumericisbest
• Evenwith5-seconddelayinSecureEnclave
• UseTouchIDfor“typical”dailyuse• Butdon’tforgetthepasscode!
• Ifyou’rearrested,turnoffphone• Orquicklytrytounlockwithwrongfinger
• Afterafewtries,fingerprintsdisabled
Conclusion• iOSsecurityhighlydependentuponencryption
• Complexandcomprehensive
• Nopublicly-knownmajordesignflaws
• Bypassingencryptiondependsonbreakingpasscode• Hardwareattacks(potentiallyexpensive)• Softwarebugs(usuallyfixedquickly)• Stillaslowprocess
• Orbreakingcryptoingeneral• WhichbreaksEVERYTHING
• Userscanfightbackwithstrongpasscode
References
• Apple“iOSSecurity”paper• “iPhonedataprotectionindepth”(Sogeti,HITBAmsterdam2011)
• “EvolutionofiOSDataProtectionandiPhoneForensics:fromiPhoneOStoiOS5”,(Elcomsoft,BlackHatAbuDhabi2011)
