Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What did 👮 want from 🍏?

What did 👮 want from 🍏?

A brief look into some technical details of the FBI/Apple case covering bits of iOS encryption.

Johannes Weiss

March 31, 2016
Tweet

More Decks by Johannes Weiss

Other Decks in Programming

Transcript

  1. What did !
    want from !
    ?

    View Slide

  2. View Slide

  3. Disclaimer
    All the information is my interpretation of the iOS Security Guide

    View Slide

  4. Effaceable Storage
    • how to truly erase something from an SSD?
    (source: http:/
    /lwn.net)
    • Apple's solution: small chunk of memory not subject to wear leveling

    View Slide

  5. Metadata
    • encrypted with random key created on install
    • not for confidentiality
    • in Effaceable Storage
    • !
    • ✅ FBI knows that one

    View Slide

  6. Files
    The content of a file is encrypted with a per-file key, which is wrapped
    with a class key and stored in a file’s metadata
    — iOS Security Guide
    FBI needs the file key ( )
    1. ✅ — the file they want to decrypt
    2. ✅ — the file system key
    3. ❌ — the mysterious class key

    View Slide

  7. Class Key
    The class key is protected with the hardware UID and, for some classes,
    the user’s passcode.
    — iOS Security Guide
    • hardware UID: AES 256-bit key fused into the application processor
    • No software or firmware can read them directly
    • see only the results of encryption or decryption operations
    performed by dedicated AES engines

    View Slide

  8. Class Key, contd.
    1. ❌ ❌ — !"
    2. #
    3. ❌
    4. , , ..., ? 10000 possibilities — !$
    5. how to we access the AES engine?

    View Slide

  9. iOS Kernel*
    ✅ ✅ ❌
    So the only protection* is that the FBI can't easily run code in kernel
    mode.
    *) on older devices (up until iPhone 5C)

    View Slide

  10. So why
    !"?

    View Slide

  11. Ways to get around it
    • jail break
    • prevent SSD from being erased & try
    • crypto vulnerability
    • acid + focussed ion beam ?
    • reboot early & try ?
    • ???

    View Slide

  12. Thank you! !
    Questions❓
    @johannesweiss !

    View Slide

  13. Links
    • iOS Security Guide — https:/
    /goo.gl/DJvK0F — https:/
    /
    www.apple.com/business/docs/iOSSecurityGuide.pdf
    • Crypto Stack Question — http:/
    /goo.gl/4oN1rY — http:/
    /
    crypto.stackexchange.com/questions/32886/why-does-the-fbi-
    ask-apple-for-help-to-decrypt-an-iphone

    View Slide