Behind the Scenes with iOS Security

Recommendations

Info

Master Key Derivation Userland SEP Passcode KDF Mki = KDF2(E(UID, MKi-1)) Master Key Salt Timed Iterations (100-150ms)
Filesystem Data Protection Overview File blocks are encrypted using AES-XTS with 128-bit keys Each file on the user partition is encrypted using a unique random key chosen by SEP Raw file keys are never exposed to the AP • Wrapped with a key from the user keybag for long-term storage • Wrapped with an ephemeral key while in use, bound to boot session
Page 1 and 2: Behind the Scenes with iOS Security
Page 3 and 4: Component Encryption iOS 10 User da
Page 5 and 6: Hardened WebKit JIT Mapping Backgro
Page 7 and 8: Hardened WebKit JIT Mapping Execute
Page 9 and 10: Hardened WebKit JIT Mapping Tying i
Page 11 and 12: 4. Prevent writing into the executa
Page 13 and 14: iOS 10 - - X R-X RW-
Page 15 and 16: iOS 10 - - X R-X RW- mov x0, #0
Page 17 and 18: iOS 10 - - X R-X RW- mov x0, #0 mov
Page 19 and 20: Data Protection with the Secure En
Page 21 and 22: Data Protection Goals—Sidestep AP
Page 23 and 24: Secure Enclave Processor Overview D
Page 25 and 26: User Keybags Background Sets of key
Page 27: 00000000 44 41 54 41 00 00 05 ca 56
Page 31 and 32: 7) keybagd loads system keybag (cla
Page 33 and 34: Userspace UserEventAgent Darwin loc
Page 35 and 36: Unattended Update—Install Later 1
Page 37 and 38: Data Protection Goals User data pro
Page 39 and 40: Synchronizing Secrets Uses Password
Page 41 and 42: “Humans are incapable of securely
Page 43 and 44: iCloud Keychain Approach Each devic
Page 45 and 46: Synchronizing Secrets Goals—Inspi
Page 47 and 48: Cloud Key Vault Overview HSMs runni
Page 49 and 50: Cloud Key Vault HSM keys Key Descri
Page 51 and 52: Cloud Key Vault Understanding the d
Page 53 and 54: Cloud Key Vault Club Host HSM Host
Page 55 and 56: Cloud Key Vault Quorum commit Each
Page 57 and 58: Cloud Key Vault Escrow Recovery Tra
Page 63 and 64: Cloud Key Vault Who watches the wat
Page 65 and 66: No.
Page 67 and 68: Physical One-Way Hash Function
Page 69: Cloud Key Vault Final attestation A
Page 72 and 73: Apple Security Bounty
Page 74 and 75: Apple Security Bounty Rewards resea
Page 76 and 77: Apple Security Bounty Payments We r
Page 78 and 79:
September
Page 80:
TM and © 2016 Apple Inc. All right
show all

Behind the Scenes with iOS Security

Create successful ePaper yourself

Delete template?

Save as template?