Upgrade to Pro — share decks privately, control downloads, hide ads and more …

S stands for security in WWDC

CocoaHeads Ukraine
June 14, 2019
Programming
0
55

S stands for security in WWDC

Talk by Anastasiia Vixentael

Originally posted here: https://speakerdeck.com/vixentael/security-privacy-and-cryptography-at-wwdc19

Это будет обзорная лекция, посвященная нововведениям в сфере security, представленным на WWDC, в частности фреймворку CryptoKit, с точки зрения опытного security-инженера.

This talk was made for CocoaFriday #4 ( https://cocoaheads.org.ua/cocoafriday/4 ) which took place Jun 14, 2019

Video: https://youtu.be/61BUVpDBdZQ

CocoaHeads Ukraine

June 14, 2019
Tweet

More Decks by CocoaHeads Ukraine

See All by CocoaHeads Ukraine
Hacking iOS Simulator
cocoaheadsukraine
1
160
Dig into Value types. It's really obvious when to use them. Or not?!
cocoaheadsukraine
0
410
Классифицируем текст в iOS без CoreML: как и зачем?
cocoaheadsukraine
0
110
Managed side effects
cocoaheadsukraine
3
140
10 lines of encryption, 1500 lines of key management
cocoaheadsukraine
1
100
Мифический full-stack разработчик
cocoaheadsukraine
2
210
Анализ текста на скриншотах с Vision и CoreML
cocoaheadsukraine
0
98
Автоматизация регрессии аналитики
cocoaheadsukraine
0
68
Implementation of Clean Architecture using FRP
cocoaheadsukraine
0
74

Other Decks in Programming

See All in Programming
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
210
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
Anthropic Cookbook のおすすめレシピ
schroneko
7
980
Git Rebase
bkuhlmann
11
1.6k
Elm Form Validation
bkuhlmann
0
510
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
380
コーンフレークから始める モデリング会話入門
ogurotakayuki
0
370
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
350
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
210
[技育CAMPアカデミア]アイディアを形に!【超入門】スマホアプリ開発〜リリースまでの流れをご紹介
teamlab
PRO
0
380
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
770
VSCodeでのDatabricks開発もお勧めしたい/I would also recommend Databricks development with VSCode.
kazumain
0
260

Featured

See All Featured
Facilitating Awesome Meetings
lara
42
5.6k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
Side Projects
sachag
451
41k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Navigating Team Friction
lara
178
13k
Git: the NoSQL Database
bkeepers
PRO
422
63k
Designing for Performance
lara
601
67k
Making Projects Easy
brettharned
108
5.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Debugging Ruby Performance
tmm1
70
11k
A Modern Web Designer's Workflow
chriscoyier
689
190k

Transcript

  1. Security, privacy and crypto @vixentael at #wwdc19

  2. @vixentael product engineer in security and cryptography OSS maintainer: Themis,

    Acra cryptographic tools, security engineering, datasec training

  3. Bespoke data security solutions and security engineering.

  4. @vixentael

  5. @vixentael PRIVACY

  6. @vixentael

  7. developer.apple.com/app-store/review/rejections/ @vixentael apple.com/ios/app-store/principles-practices/

  8. @vixentael PRIVACY POLICY UPDATE https://developer.apple.com/news/?id=06032019j

  9. @vixentael PRIVACY POLICY UPDATE https://developer.apple.com/news/?id=06032019j

  10. @vixentael PRIVACY POLICY UPDATE https://developer.apple.com/news/?id=06032019j new apps – now existing

    apps – 3 September

  11. @vixentael WATCHOS

  12. @vixentael NOISE

  13. @vixentael SIGN IN, SIGN UP developer.apple.com/documentation/watchkit/ authenticating_users_on_apple_watch

  14. @vixentael HOMEKIT

  15. @vixentael

  16. @vixentael theverge.com/2019/6/3/18646453/apple-homekit-support-smart- home-security-routers-wwdc-2019

  17. @vixentael SIGN IN WITH APPLE

  18. @vixentael

  19. @vixentael

  20. @vixentael

  21. @vixentael https://developer.apple.com/news/?id=06032019j https://twitter.com/hybridcattt/status/1139253619637854208

  22. @vixentael MACOS

  23. @vixentael https://developer.apple.com/documentation/authenticationservices/ asauthorizationsinglesignonprovider ASAuthorizationSingleSignOnProvider

  24. @vixentael https://developer.apple.com/documentation/localauthentication/lapolicy/ lapolicydeviceownerauthenticationwithwatch?language=objc LAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch

  25. @vixentael TLS CERTIFICATES https://twitter.com/BasileBailey/status/1136017729842962432 https://support.apple.com/en-us/HT210176 • TLS 1.3 welcome •

    RSA keys >= 2048 bits • no SHA-1 anymore • ExtendedKeyUsage required • max 825 days

  26. @vixentael • Endpoint security framework • App notarization, Gatekeeper, quarantine

    • new permissions 701: Advances in macOS Security FOR MACOS DEVS

  27. @vixentael https://theevilbit.github.io/posts/getting_root_with_benign_appstore_apps/ @patrickwardle THREE WORDS TO RUIN AN APPLE ENGINEER'S

    DAY: 'PATRICK WARDLE DISCLOSURE'

  28. @vixentael PRIVACY

  29. @vixentael IOS & MACOS PRIVACY UPDS • prevents macApps from

    taking screenshots https://krausefx.com/blog/mac-privacy-sandboxed-mac-apps-can-take- screenshots • prevents iOS apps from tracking location https://krausefx.com/blog/ios-privacy-detectlocation-an-easy-way-to-access-the- users-ios-location-data-without-actually-having-access

  30. @vixentael IOS & MACOS PRIVACY UPDS

  31. @vixentael FIND MY

  32. @vixentael wired.com/story/apple-find-my-cryptography-bluetooth/

  33. @vixentael blog.cryptographyengineering.com/2019/06/05/how-does-apple- privately-find-your-offline-devices/ wired.com/story/apple-find-my-cryptography-bluetooth/

  34. @vixentael CRYPTO

  35. @vixentael developer.apple.com/documentation/cryptokit/

  36. @vixentael https://speakerdeck.com/vixentael/use-cryptography-dont-learn-it

  37. @vixentael developer.apple.com/documentation/cryptokit/

  38. @vixentael https://twitter.com/veorq/status/660028363449454592

  39. @vixentael

  40. @vixentael

  41. @vixentael wired.com/story/apple-find-my-cryptography-bluetooth/

  42. @vixentael developer.apple.com/documentation/cryptokit/ - CryptoKit is based on corecrypto (C, FIPS

    140-2 compliant) - should be fast on ARM - high level API - modern crypto (AES GCM, Chacha20, ECC) CRYPTOKIT

  43. @vixentael https://speakerdeck.com/vixentael/use-cryptography-dont-learn-it

  44. @vixentael developer.apple.com/documentation/cryptokit/ - crypto-library, you need to work hard to

    make entire app - key management is still dev’s pain CRYPTOKIT

  45. @vixentael https://github.com/cossacklabs/themis

  46. @vixentael

  47. @vixentael

  48. • 708: Designing for Privacy • 709: Cryptography and Your

    Apps • 703: All About Notarization • 706: Introducing Sign In with Apple • 701: Advances in macOS Security • 702: System Extensions and DriverKit • 504: What’s New in Authentication, Safari, and WebKit

  49. @vixentael product engineer in security and cryptography OSS maintainer: Themis,

    Acra cryptographic tools, security engineering, datasec training github.com/vixentael/my-talks wwdcbysundell.com/2019/ anastasiia-voitova-on-security/

  50. Security Basics SECURITY WORKSHOPS Enterprise Secure Architecture Secure Web apps

    Secure Software Development Secure Mobile apps