Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What did 👮 want from 🍏?

Johannes Weiss
March 31, 2016
Programming
0
190

What did 👮 want from 🍏?

A brief look into some technical details of the FBI/Apple case covering bits of iOS encryption.

Johannes Weiss

March 31, 2016
Tweet

More Decks by Johannes Weiss

See All by Johannes Weiss
Finding the Algebra in Algebraic Data Types
johannesweiss
1
180
Further Leveraging the Type System
johannesweiss
5
5.6k
Type Driven Development in Swift
johannesweiss
2
880
Swift London Meetup -- Introduction to Haskell
johannesweiss
1
240
NSLondon 10 -- Introduction to Functional Programming / Haskell
johannesweiss
1
420

Other Decks in Programming

See All in Programming
Creative coding starting with Ruby
chobishiba
1
600
Kubernetesソースコードリーディング入門
bells17
15
2.8k
アジャイルのライトウィングとレフトウィングはひとりで両方できなくてもいいんじゃない? - “ひとりでできるもん”から“みんなでできるもん”への道のり
psj59129
0
230
OSSにPull Requestを送ってみて
osatoh
1
310
新卒研修でNext.js AppRouterを導入した 学びと反省
iuchimasatoshi
1
210
たのしいドメイン駆動設計: 序 / Enjoy domain driven design : ZYO
jpt_corp_official
8
4k
リアーキテクチャによってどうなりたいか/re-architecture
suzukihoge
2
310
ブラウザで「今すぐ」gemを読み込む方法 / Load-gem-from-browser-JUST-NOW
lnit
0
490
第4回 AWSとGitHub勉強会 - GitHub Actionsを使ったCD環境の構築 -
ogiwarat
0
120
第3回 AWSとGitHub勉強会 - GitHub Actionsを使ったCI環境の構築 -
ogiwarat
0
130
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
290
Chatwork プロダクト本部 紹介資料(エンジニア向け)
chatwork_hr
1
590

Featured

See All Featured
It's Worth the Effort
3n
179
27k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
Writing Fast Ruby
sferik
615
59k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
870
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.2k
Typedesign – Prime Four
hannesfritz
35
1.8k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Building Effective Engineering Teams - LeadDev
addyosmani
20
940
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
130
9k
Become a Pro
speakerdeck
PRO
8
3.5k
Stop Working from a Prison Cell
hatefulcrawdad
265
18k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k

Transcript

  1. What did !
    want from !
    ?

    View Slide

  2. View Slide

  3. Disclaimer
    All the information is my interpretation of the iOS Security Guide

    View Slide

  4. Effaceable Storage
    • how to truly erase something from an SSD?
    (source: http:/
    /lwn.net)
    • Apple's solution: small chunk of memory not subject to wear leveling

    View Slide

  5. Metadata
    • encrypted with random key created on install
    • not for confidentiality
    • in Effaceable Storage
    • !
    • ✅ FBI knows that one

    View Slide

  6. Files
    The content of a file is encrypted with a per-file key, which is wrapped
    with a class key and stored in a file’s metadata
    — iOS Security Guide
    FBI needs the file key ( )
    1. ✅ — the file they want to decrypt
    2. ✅ — the file system key
    3. ❌ — the mysterious class key

    View Slide

  7. Class Key
    The class key is protected with the hardware UID and, for some classes,
    the user’s passcode.
    — iOS Security Guide
    • hardware UID: AES 256-bit key fused into the application processor
    • No software or firmware can read them directly
    • see only the results of encryption or decryption operations
    performed by dedicated AES engines

    View Slide

  8. Class Key, contd.
    1. ❌ ❌ — !"
    2. #
    3. ❌
    4. , , ..., ? 10000 possibilities — !$
    5. how to we access the AES engine?

    View Slide

  9. iOS Kernel*
    ✅ ✅ ❌
    So the only protection* is that the FBI can't easily run code in kernel
    mode.
    *) on older devices (up until iPhone 5C)

    View Slide

  10. So why
    !"?

    View Slide

  11. Ways to get around it
    • jail break
    • prevent SSD from being erased & try
    • crypto vulnerability
    • acid + focussed ion beam ?
    • reboot early & try ?
    • ???

    View Slide

  12. Thank you! !
    Questions❓
    @johannesweiss !

    View Slide

  13. Links
    • iOS Security Guide — https:/
    /goo.gl/DJvK0F — https:/
    /
    www.apple.com/business/docs/iOSSecurityGuide.pdf
    • Crypto Stack Question — http:/
    /goo.gl/4oN1rY — http:/
    /
    crypto.stackexchange.com/questions/32886/why-does-the-fbi-
    ask-apple-for-help-to-decrypt-an-iphone

    View Slide