NSConfidential

 NSConfidential

In this era of widespread surveillance, diminishing privacy, and ubiquitous connectivity, security is no longer the pet subject of paranoids—it's something everyone would do well to understand. This talk will explore topics ranging from steganography, cryptography, and low-level espionage to Bluetooth LE and APIs new to iOS 7, offering a good mix of high-level philosophizing and geeking out over low-level implementation details.

This talk was presented at CocoaConf San Jose on 4/26/2014

D29bb4d2d2f2ba2c2fb5a329e1e4651f?s=128

Mattt Thompson

April 26, 2014
Tweet

Transcript

  1. 2.
  2. 5.

    I HAVE REASON TO BELIEVE THAT THIS TALK IS BEING

    recorded. (ACTUALLY, I DON'T THINK THIS ONE IS)
  3. 6.

    ...

  4. 8.
  5. 10.
  6. 12.
  7. 17.
  8. 21.

    ▸ I am not a security expert ▸ I do

    not assume to know what I'm doing ▸ Don't take my word for it
  9. 24.

    STEGANOGRAPHY Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed

    do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud ullamco nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor information hiding in plain sight velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id.
  10. 25.

    CRYPTOGRAPHY F2 80 FF 09 F3 F3 E8 00 00

    FF 00 8F A6 A6 80 F2 80 FF 05 F3 F3 D2 00 00 FF 8C 00 00 FF 8C 00 00 FF 8C 00 00 FF 8C 00 08 FF 00 9F 9D 8D 1E 1A 16 A8 84 00 09 FF 00 A4 A4 9C 23 1E 1A F2 AF 83 00 01 FF 00 80 A4 05 26 23 1E FF F2 AB 82 00 01 FF 00 80 6E 06 FF F3 DC FF FF F2 A9 81 00 01 FF 00 80 6E 02 FF FF F3 80 FF 01 F2 AB 80 00 01 FF 00 80 6E 84 FF 05 F2 AD 00 00 FF 00 80 FF 80 6E 09 FE F2 DC 45 3B 3B 00 00 FF 00 80 FF 80 6E 09 FE FE F2 4F 45 3B 00 00 FF 00 80 FF 80 6E 80 FE 06 57 4F 45 00 00 FF 00 80 93 80 F2 80 52 06 8F 88 7D 00 00 FF 00 80 93 80 F2 80 52 09 8F 8F 88 00 00 FF 00 7F 93 93 80 F2 80 52 05 8F 8F 7B 00 00 FF 8C 00 00 FF 8C 00 00 FF 8C 00 00 FF 8C 00 08 FF 00 C4 C1 AE 34 2D 26 A8 84 00 09 FF 00 CA CA C0 3C 34 2D F2 AF 83 00 01 FF 00 80 CA 05 42 3C 34 FF F2 AB 82 00 01 FF 00 80 F1 06 1D 1C 19 FF FF F2 A9 81
  11. 26.
  12. 27.
  13. 33.
  14. 35.
  15. 38.

    for (NSUInteger x = 0; x < bitmap.pixelsWide; x++) {

    for (NSUInteger y = 0; y < bitmap.pixelsHigh; y++) { if ([data length] < (x * bitmap.pixelsWide) + y) { break; } unsigned long pixel[numberOfComponents]; [bitmap getPixel:pixel atX:x y:y]; { // Flip parity bit } [bitmap setPixel:pixel atX:x y:y]; } }
  16. 39.

    const uint8_t byte = bytes[(x * bitmap.pixelsWide) + y]; for

    (NSUInteger c = 0; c < numberOfComponents; c++) { if ((byte & (1 << c) >> c)) { pixel[c] &= 254; // 0b11111110 } else { pixel[c] |= 1; // 0b00000001 } }
  17. 41.
  18. 42.
  19. 43.
  20. 44.
  21. 46.
  22. 47.

    IF THE SOLUTION TO A PROBLEM CAN BE QUICKLY verified

    BY A COMPUTER, CAN THE COMPUTER ALSO solve THAT PROBLEM QUICKLY?
  23. 48.

    e.g. DIVIDE THE ROOM UP INTO 2 GROUPS, SUCH THAT

    EACH GROUP HAS THE SAME COMBINED AGE IN YEARS. THIS IS AN EXAMPLE OF THE Partition Problem, WHICH IS REFERRED TO AS "THE EASIEST HARD PROBLEM"
  24. 49.

    e.g. FIND THE SHORTEST ROUTE TO VISIT ALL OF THE

    COFFEE SHOPS IN SAN FRANCISCO EXACTLY ONCE. THIS IS A VERSION OF THE Traveling Salesman Problem, A CLASSIC PROBLEM IN COMPUTER SCIENCE.
  25. 53.
  26. 54.
  27. 56.
  28. 58.
  29. 59.
  30. 60.

    ENCRYPTION TECHNOLOGIES COMMON TO IOS AND OS X ▸ Keychain

    Services API ▸ Cryptographic Message Syntax ▸ Certificate, Key, and Trust Services
  31. 61.

    KEYCHAIN SERVICES API SECURE STORAGE OF CREDENTIALS (PASSWORDS, KEYS, ETC.)

    BUILT ON THE COMMON DATA SECURITY ARCHITECTURE (CDSA) AND ITS PROGRAMMING INTERFACE, COMMON SECURITY SERVICES MANAGER (CSSM)
  32. 62.

    CRYPTOGRAPHIC MESSAGE SYNTAX SERVICES DIGITAL SIGNATURES AND ENCRYPTION FOR S/MIME

    MESSAGES. CMS IS THE IETF'S STANDARD FOR CRYPTOGRAPHICALLY PROTECTED MESSAGES
  33. 63.

    CERTIFICATE, KEY, AND TRUST SERVICES AUTHENTICATE AND AUTHORIZE USERS AND

    PROCESSES USING KEYS AND CERTIFICATES MANY OF THE FUNCTIONS IN THIS API MUST BE USED IN CONJUNCTION WITH KEYCHAIN SERVICES API.
  34. 67.

    CREATING A SHA-1 CHECKSUM NSData *data = ...; uint8_t output[CC_SHA1_DIGEST_LENGTH];

    CC_SHA1(data.bytes, data.length, output); NSData *checksum = [NSData dataWithBytes:output length:CC_SHA1_DIGEST_LENGTH];
  35. 68.
  36. 69.

    CREATING SHA-1 HMAC NSData *data, *key; unsigned int length =

    CC_SHA1_DIGEST_LENGTH; unsigned char output[length]; CCHmac(kCCHmacAlgSHA1, key.bytes, key.length, data.bytes, data.length, output);
  37. 70.

    WRITING DATA TO KEYCHAIN NSString *key, service; NSData *data; NSMutableDictionary

    *mutableQuery = [NSMutableDictionary dictionary]; mutableQuery[(__bridge id)kSecClass] = (__bridge id)kSecClassGenericPassword; mutableQuery[(__bridge id)kSecAttrService]= service; mutableQuery[(__bridge id)kSecAttrGeneric]= key; mutableQuery[(__bridge id)kSecAttrAccount]= key; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)mutableQuery, NULL);
  38. 71.

    if (status == errSecSuccess) { NSMutableDictionary *attributesToUpdate = [[NSMutableDictionary alloc]

    init]; [attributesToUpdate setObject: forKey:]; NSDictionary *updatedAttributes = @{(__bridge id)kSecValueData: data}; SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)updatedAttributes); }
  39. 72.

    else { NSMutableDictionary *mutableAttributes = [NSMutableDictionary dictionary]; mutableAttributes[(__bridge id)kSecClass] =

    (__bridge id)kSecClassGenericPassword; mutableAttributes[(__bridge id)kSecAttrService] = service; mutableAttributes[(__bridge id)kSecAttrGeneric] = key; mutableAttributes[(__bridge id)kSecAttrAccount] = key; mutableAttributes[(__bridge id)kSecAttrAccessible] = (__bridge id)kSecAttrAccessibleAfterFirstUnlock; mutableAttributes[(__bridge id)kSecValueData] = data; SecItemAdd((__bridge CFDictionaryRef)attributes, NULL); }
  40. 74.

    VERIFYING SSL CERTIFICATE SecTrustRef trust; SecPolicyRef X509Policy = SecPolicyCreateBasicX509(); SecTrustSetPolicies(serverTrust,

    (__bridge CFArrayRef)@[(__bridge id)X509Policy]); SecTrustResultType result; __Require_noErr(SecTrustEvaluate(trust, &result), exit);
  41. 75.

    X.509 CERTIFICATE $ openssl x509 -in freesoft-certificate.pem -noout -text Certificate:

    Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:... Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:...
  42. 84.

    #pragma mark - MCNearbyServiceAdvertiserDelegate - (void)advertiser:(MCNearbyServiceAdvertiser *)advertiser didReceiveInvitationFromPeer:(MCPeerID *)peerID withContext:(NSData

    *)context invitationHandler:(void(^)(BOOL accept, MCSession *session))invitationHandler { if ([context isEqualToData:self.secret) { MCSession *session = [[MCSession alloc] initWithPeer:localPeerID securityIdentity:identity encryptionPreference:MCEncryptionRequired]; session.delegate = self; if (invitationHandler) { invitationHandler(YES, session); } } else { if (invitationHandler) { invitationHandler(NO, nil); } } }
  43. 85.

    NSString *message = @"Hello, World!"; NSData *data = [message dataUsingEncoding:NSUTF8StringEncoding];

    NSError *error = nil; if (![self.session sendData:data toPeers:peers withMode:MCSessionSendDataReliable error:&error]) { NSLog(@"[Error] %@", error); }
  44. 86.

    #pragma mark - MCSessionDelegate - (void)session:(MCSession *)session didReceiveData:(NSData *)data fromPeer:(MCPeerID

    *)peerID { NSString *message = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; NSLog(@"%@", message); }
  45. 87.
  46. 88.

    SECURELY GETTING RANDOM BYTES NSUInteger length = 1024; NSMutableData *mutableData

    = [NSMutableData dataWithLength:length]; OSStatus success = SecRandomCopyBytes(kSecRandomDefault, length, mutableData.mutableBytes); __Require_noErr(success, exit);
  47. 89.
  48. 90.
  49. 93.

    BASE64-ENCODING DATA SecTransformRef transform = SecEncodeTransformCreate(kSecBase64Encoding, NULL); SecTransformSetAttribute(transform, kSecTransformInputAttributeName, (__bridge

    CFDataRef)data, NULL); NSData *encodedData = (__bridge_transfer NSData *)SecTransformExecute(transform, NULL); CFRelease(transform);
  50. 95.

    AVCaptureSession *session = [[AVCaptureSession alloc] init]; AVCaptureDevice *device = [AVCaptureDevice

    defaultDeviceWithMediaType:AVMediaTypeVideo]; NSError *error = nil; AVCaptureDeviceInput *input = [AVCaptureDeviceInput deviceInputWithDevice:device error:&error]; if (input) { [session addInput:input]; } else { NSLog(@"Error: %@", error); } AVCaptureMetadataOutput *output = [[AVCaptureMetadataOutput alloc] init]; [session addOutput:output]; [output setMetadataObjectsDelegate:self queue:dispatch_get_main_queue()]; [output setMetadataObjectTypes:@[AVMetadataObjectTypeQRCode]]; [session startRunning];
  51. 96.

    - (void)captureOutput:(AVCaptureOutput *)captureOutput didOutputMetadataObjects:(NSArray *)metadataObjects fromConnection:(AVCaptureConnection *)connection { NSString *QRCode

    = nil; for (AVMetadataObject *metadata in metadataObjects) { if ([metadata.type isEqualToString:AVMetadataObjectTypeQRCode]) { QRCode = [(AVMetadataMachineReadableCodeObject *)metadata stringValue]; break; } } NSLog(@"QR Code: %@", QRCode); }
  52. 97.

    BASE64-DECODING DATA SecTransformRef transform = SecEncodeTransformCreate(kSecBase64Decoding, NULL); NSData *data =

    [QRCode dataUsingEncoding:NSUTF8StringEncoding]; SecTransformSetAttribute(transform, kSecTransformInputAttributeName, (__bridge CFDataRef)data, NULL); NSData *decodedData = (__bridge_transfer NSData *)SecTransformExecute(transform, NULL); CFRelease(transform);
  53. 100.

    RESOURCES ▸ Apple's "Introduction to Secure Coding Guide" ▸ Stanford

    University Cryptography I on Coursera ▸ ChatSecure & OTRKit