On the Security of the iCloud Keychain

ON THE SECURITY OF THE
ICLOUD KEYCHAIN
Andrey Belenko
viaForensics

View Slide

ICLOUD
• Introduced in 2011
• iOS 5 and OS X 10.7
• 320M accounts (July 2013)

View Slide

ICLOUD

View Slide

ICLOUD STORAGE

View Slide

ICLOUD KEYCHAIN

View Slide

MOTIVATION
http://support.apple.com/kb/HT4865

View Slide

ICLOUD KEYCHAIN
• Introduced in 2013
• iOS 7.0.3 and OS X 10.9
• Two different services:
• iCloud Keychain Sync
• iCloud Keychain (Escrow and) Recovery

View Slide

INTERCEPTING COMMS
iCloud.com certiﬁcate
is not pinned

View Slide

FIRST STEPS

View Slide

FIRST STEPS
GET /authenticate
AppleID, password

View Slide

FIRST STEPS
DsID, mmeAuthToken, fmipAuthToken
GET /authenticate
AppleID, password

View Slide

FIRST STEPS
GET /authenticate
AppleID, password
GET /get_account_settings
AppleID, password

View Slide

FIRST STEPS
GET /authenticate
AppleID, password
Account information
Account settings
GET /get_account_settings
AppleID, password

View Slide

ACCOUNT SETTINGS

View Slide

SETUP

View Slide

THE BIG PICTURE
escrowproxy.icloud.com
keyvalueservice.icloud.com

View Slide

THE BIG PICTURE
Keychain
(encrypted)
Keybag
(encrypted)

View Slide

THE BIG PICTURE
Keychain
(encrypted)
Keybag
(encrypted)
Keychain
sync

View Slide

THE BIG PICTURE
Keychain
(encrypted)
Keybag
(encrypted)
Master
Secret
Keychain
sync

View Slide

KEY-VALUE STORE
• Not new
• Many apps use it to keep in sync across devices
• iCloud Keychain uses two stores:
• com.apple.security.cloudkeychainproxy3
• Syncing between devices
• com.apple.sbd3 (securebackupd3)
• Restore if no other devices

View Slide

ICLOUD KEYCHAIN SYNC
com.apple.security.cloudkeychainproxy3
Sign(usrPwd, Bpub)
Sign(Bpriv, (Apub, Bpub))
Sign(Apriv, Apub)
Sign(userPwd, Apub)
Sign(Apriv, (Apub, Bpub))
Sign(userPwd, (Apub, Bpub))

View Slide

KEY-VALUE STORE
com.apple.sbd3
Key Description
com.apple.securebackup.enabled Is Keychain data saved in KVS?
com.apple.securebackup.record Keychain records, encrypted
SecureBackupMetadata iCSC complexity, timestamp, country
BackupKeybag Keybag protecting Keychain records
BackupUsesEscrow Is keybag password escrowed?
BackupVersion Version, currently @“1”
BackupUUID UUID of the backup

View Slide

ESCROW PROXY
• New, designed to store precious secrets
• MFA to recover escrowed data
• Must be signed into iCloud
• Must provide 6-digit code sent via SMS
• Must prove knowledge of iCSC via SRP
• Data destroyed after ~10 failed attempts
• User-Agent: com.apple.lakitu (iOS/OS X)

View Slide

DATA ESCROW

View Slide

DATA ESCROW
iCloud Security Code
1234

View Slide

DATA ESCROW
Backup Keybag
Key 1
Key 2
Key 3
1234

View Slide

DATA ESCROW
Backup Keybag
Key 1
Key 2
Key 3
1234
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
AES-GCM
256 bit
Encrypted Keychain

View Slide

DATA ESCROW
Random Password
BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
Backup Keybag
Key 1
Key 2
Key 3
1234
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
AES-GCM
256 bit
Encrypted Keychain

View Slide

DATA ESCROW
Random Password
Backup Keybag
Key 1
Key 2
Key 3
1234
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
AES-GCM
256 bit
Encrypted Keychain
AES-Wrap Keys
RFC 3394
Encrypted Keybag

View Slide

DATA ESCROW
Random Password
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
Backup Keybag
Key 1
Key 2
Key 3
1234
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
AES-GCM
256 bit
Encrypted Keychain
AES-Wrap Keys
RFC 3394
Encrypted Keybag

View Slide

DATA RECOVERY

View Slide

DATA RECOVERY
1234

View Slide

DATA RECOVERY
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
1234

View Slide

DATA RECOVERY
Random Password
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
1234

View Slide

DATA RECOVERY
Random Password
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
1234
AES-Wrap Keys
RFC 3394
Encrypted Keybag

View Slide

DATA RECOVERY
Random Password
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
Backup Keybag
Key 1
Key 2
Key 3
1234
AES-Wrap Keys
RFC 3394
Encrypted Keybag

View Slide

DATA RECOVERY
Random Password
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
Backup Keybag
Key 1
Key 2
Key 3
1234
AES-GCM
256 bit
Encrypted Keychain
AES-Wrap Keys
RFC 3394
Encrypted Keybag

View Slide

DATA RECOVERY
Random Password
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
1234
AES-GCM
256 bit
Encrypted Keychain
AES-Wrap Keys
RFC 3394
Encrypted Keybag

View Slide

DATA RECOVERY

View Slide

DATA RECOVERY
/get_records
List of escrowed records

View Slide

DATA RECOVERY
/get_records
/get_sms_targets
List of phone numbers

View Slide

DATA RECOVERY
/get_records
/get_sms_targets
/generate_sms_challenge
OK

View Slide

DATA RECOVERY
/get_records
/get_sms_targets
OK
/srp_init [DsID, A, SMS CODE]
[UUID, DsID, SALT, B]

View Slide

DATA RECOVERY
/get_records
/get_sms_targets
OK
/srp_init [DsID, A, SMS CODE]
[UUID, DsID, SALT, B]
/recover [UUID, DsID, M, SMS CODE]
[IV, AES-CBC(KSRP
, Escrowed Record)]

View Slide

SECURE REMOTE PASSWORD
• Zero-knowledge password proof scheme
• Combats sniffing/MITM
• One password guess per connection attempt
• Password verifier is not sufficient for impersonation
• Escrow Proxy uses SRP-6a

View Slide

Key Negotiation
a ← random
A ← gâ
b ← random
B ← kv + g^b
u ← H(A, B) u ← H(A, B)
x ← H(SALT, Password)
S ← (B - kg^x) ^ (a + ux)
K ← H(S)
S ← (Avû) ^ b
K ← H(S)
Key Verification
M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)
(Aborts if M is invalid)
ID, A
SALT, B
M
H(A, M, K)
Password verifier:
SALT ← random
x ← H(SALT,Password)
v ← g^x (mod N)
Agreed-upon parameters:
H – one-way hash function
N, g – group parameters
k ← H(N, g)

View Slide

Key Negotiation
a ← random
A ← gâ
b ← random
B ← kv + g^b
u ← H(A, B) u ← H(A, B)
x ← H(SALT, Password)
S ← (B - kg^x) ^ (a + ux)
K ← H(S)
S ← (Avû) ^ b
K ← H(S)
Key Verification
M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)
(Aborts if M is invalid)
ID, A, SMS CODE
SALT, B
M, SMS CODE
H(A, M, K)
Password verifier:
SALT ← random
x ← H(SALT,Password)
v ← g^x (mod N)
Agreed-upon parameters:
H – SHA-256
N, g – RFC 5054 w. 2048-bit group
k ← H(N, g)

View Slide

ESCROW PROXY
COMMANDS
Endpoint Description
get_club_cert Obtains some certificate for a user
enroll Escrows a record and returns phoneToken
get_records Lists escrowed records
get_sms_targets Lists phone numbers used for verification
generate_sms_challenge Sends SMS challenge
srp_init First step of SRP protocol
recover Second step of SRP protocol
alter_sms_target
Given a phoneToken, changes phone number
used for verification

View Slide

ALTER_SMS_TARGET
• Changes phone number used for veriﬁcation
• Stricter authentication: requires AppleID password
• Authentication token won’t work
• Requires phoneToken returned at escrow time
• iOS 8 ﬁnally exposes this in the UI

View Slide

ESCROW RECORD
Random Password
1234
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
AES-Wrap Keys
RFC 3394
Encrypted Keychain
Encrypted Keybag

View Slide

ESCROW RECORD
Random Password
1234
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit

View Slide

ESCROW RECORD
Random Password
1234
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
EscrowRecord ← AES-CBC(Key, RandomPassword)
Key ← PBKDF2-SHA256(iCSC, 10’000)

View Slide

ESCROW RECORD
EscrowRecord ← AES-CBC(Key, RandomPassword)
Key ← PBKDF2-SHA256(iCSC, 10’000)
This is stored by Apple
This is 4 digits by default
For default settings access is totally feasible!

View Slide

ESCROW RECORD
• Ofﬂine iCSC guessing is possible
• Almost instant recovery [for default settings]
• iCSC decrypts keybag password
• Keybag password unlocks keybag keys
• Keybag keys decrypt Keychain items

View Slide

Apple, or other adversary with access
to stored data, can near-instantly
decrypt “master” password and
consequently decrypt backed up
iCloud Keychain records
(for default settings)

View Slide

BUT CAN APPLE ACCESS
STORED DATA?

View Slide

HARDWARE SECURITY MODULE
• Apple claims it uses HSMs for storing
escrowed data
• Impossible to verify from outside

View Slide

SETUP

View Slide

DATA ESCROW
Random Password
correct horse battery staple
PBKDF2
SHA-256 x 10’000
AES-CBC
256 bit
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
AES-Wrap Keys
RFC 3394
Encrypted Keychain
Encrypted Keybag

View Slide

COMPLEX ICSC
• Mechanics are the same as with simple iCSC
• Ofﬂine password recovery attack is still possible,
although pointless if password is complex enough

View Slide

SETUP

View Slide

DATA ESCROW
Random Password
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
AES-Wrap Keys
RFC 3394
Encrypted Keychain
Encrypted Keybag
AES-CBC
256 bit
PBKDF2
SHA-256 x 10’000

View Slide

DATA ESCROW
Random Password
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
AES-Wrap Keys
RFC 3394
Encrypted Keychain
Encrypted Keybag

View Slide

RANDOM ICSC
Escrow Proxy is not used

View Slide

SETUP

View Slide

DATA ESCROW
Random Password
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
AES-Wrap Keys
RFC 3394
Encrypted Keychain
Encrypted Keybag
AES-CBC
256 bit
PBKDF2
SHA-256 x 10’000

View Slide

DATA ESCROW

View Slide

NO ICSC
Escrow Proxy is not used
Keychain is not backed up

View Slide

ATTACK SURFACE
iCloud Keychain Services
Master Password Escrow iCloud Keychain Backup iCloud Keychain Sync
No iCloud Security Code
Random iCloud Security Code
Complex iCloud Security Code
Simple iCloud Security Code (default)

View Slide

CONCLUSIONS

View Slide

CONCLUSIONS
• Trust your vendor but verify his claims
• Never use simple iCloud Security Code
• Overall, iCloud Keychain is reasonably well
engineered

View Slide

Q & A

View Slide

THANK YOU!
[email protected]
@abelenko

View Slide

On the Security of the iCloud Keychain

On the Security of the iCloud Keychain

Andrey Belenko

More Decks by Andrey Belenko

Other Decks in Technology

Featured

Transcript