Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securely Storing Secrets (on iOS)

Securely Storing Secrets (on iOS)

A talk about my experience with storing secrets (such as tokens or user identities) on iOs, using the Tiqr (tiqr.org) project as an example of the technologies discussed. Delivered at iosdevuk 2012 in Aberystwyth.

Ivo Jansch

July 10, 2012

More Decks by Ivo Jansch

Other Decks in Technology


  1. About Egeniq Mobile Development Knowledge Geeks Distributed Mdevcon (subliminal message:

    by the time you are wondering if your current job is still right for you, remember that at Egeniq we do awesome things with mobile technology and we don’t really care where you live as long as you are very talented.) 3
  2. Why is Mobile Security Important? ‣We deal with data ‣Apps

    run on our user’s hardware • Out of our control ‣Our users deal with third party services • Even more out of our control 5
  3. Sandboxing ‣Apps only have access to their own data ‣Access

    is based on OS user ID ‣Further protected by application signature 10
  4. So we don’t have to worry, right? ‣Can I securely

    store data? • Is sandboxing a solution? -> Not when device is rooted 11
  5. Other Encryption gotchas ‣AppStore is US based: Encryption export •

    Requires NSA approval, basically • Process is documented, but time consuming • Unless it’s only for “authentication purposes” ‣Two flavours of US gov approval: • Self classification (if you use standard stuff for standard things) • Agency classification (non standard stuff and/or non standard things) 22
  6. KeyChain Aspects ‣Hardware based encryption for secrets ‣Good: • Not

    too much code • No extra key/password required (device passcode) • Works well with (encrypted) iTunes Backup ‣Bad: • Not every user has a passcode set • Lower level functions, lots of C (complexity) • Doesn’t work across iCloud backup/restore 24
  7. More KeyChain So if I use the KeyChain and have

    a passcode, I’m safe, right? RIGHT? ‣4 digit passode can be brute forced in 9 minutes ‣6 digit passcode takes 1.5 years Source: Fraunhofer’s “iOS KeyChain Weakness FAQ” http://sit4.me/ios-keychain-faq 25
  8. What are we doing in Tiqr? ‣ Tiqr secrets are

    encrypted • The encryption key is a pincode • There’s no plain text to compare against, so breaking it is hard ‣ Encrypted identities are stored in keychain • So also protected by passcode lock, if present ‣ Secret is not communicated • Challenge/response for ‘proof of posession’ ‣ Requires server validation of decrypted secret • Server enforces temporary and permanent blocks to stop brute force 31
  9. Recommended Reading ‣ ISBN: 2147483647 ‣ Authors: • Himanshu Dwivedi

    • Chris Clark • David Thiel ‣ Covers: • Android • Apple • WinMo 36
  10. Credits ‣ ‘Tege in Sandbox’ by Judi Cox - http://www.flickr.com/photos/madaise/3406217980/

    ‣ ‘Locker (KHS up close) by Travis Hymas - http://www.flickr.com/photos/ travishasphotos/3481640534/ ‣ ‘Mask’ by Ben Fredericson - http://www.flickr.com/photos/xjrlokix/3932488768/