Behind the Scenes with iOS Security

Recommendations

Info

Userspace UserEventAgent Darwin lock/unlock Notifications 1) SpringBoard acquires <strong>the</strong> passcode SpringBoard MobileKeybag.framework 7) first unlock notification sent XNU (Kernel) AppleKeyStore SEP Endpoint to SKS bio unlock token only created if bio unlock is enabled steps 4 & 5 2) generate master key master key SKS SBIO SEP SKS keyring class A class B (priv) class B (public) class C class D 3) decrypt class keys, add to keyring SKS memory master key + SEP UID class A class B (priv) class C random secret master key SBIO memory random secret 4) encrypt master key <strong>with</strong> random secret – this encrypted master key never leaves SKS 6) securely destroy raw master key 5) send random secret to SBIO, destroy it in SKS first unlock
Userspace UserEventAgent Darwin lock/unlock Notifications 1) device locks SpringBoard MobileKeybag.framework 3) send lock notification XNU (Kernel) AppleKeyStore SEP Endpoint to SKS SEP SKS 2) purge class A and class B priv keys SKS keyring class B (public) class C class D SKS memory master key + SEP UID class A class B (priv) class C lock
Page 1 and 2: Behind the Scenes with iOS Security
Page 3 and 4: Component Encryption iOS 10 User da
Page 5 and 6: Hardened WebKit JIT Mapping Backgro
Page 7 and 8: Hardened WebKit JIT Mapping Execute
Page 9 and 10: Hardened WebKit JIT Mapping Tying i
Page 11 and 12: 4. Prevent writing into the executa
Page 13 and 14: iOS 10 - - X R-X RW-
Page 15 and 16: iOS 10 - - X R-X RW- mov x0, #0
Page 17 and 18: iOS 10 - - X R-X RW- mov x0, #0 mov
Page 19 and 20: Data Protection with the Secure En
Page 21 and 22: Data Protection Goals—Sidestep AP
Page 23 and 24: Secure Enclave Processor Overview D
Page 25 and 26: User Keybags Background Sets of key
Page 27 and 28: 00000000 44 41 54 41 00 00 05 ca 56
Page 29 and 30: Filesystem Data Protection Overview
Page 31: 7) keybagd loads system keybag (cla
Page 35 and 36: Unattended Update—Install Later 1
Page 37 and 38: Data Protection Goals User data pro
Page 39 and 40: Synchronizing Secrets Uses Password
Page 41 and 42: “Humans are incapable of securely
Page 43 and 44: iCloud Keychain Approach Each devic
Page 45 and 46: Synchronizing Secrets Goals—Inspi
Page 47 and 48: Cloud Key Vault Overview HSMs runni
Page 49 and 50: Cloud Key Vault HSM keys Key Descri
Page 51 and 52: Cloud Key Vault Understanding the d
Page 53 and 54: Cloud Key Vault Club Host HSM Host
Page 55 and 56: Cloud Key Vault Quorum commit Each
Page 57 and 58: Cloud Key Vault Escrow Recovery Tra
Page 63 and 64: Cloud Key Vault Who watches the wat
Page 65 and 66: No.
Page 67 and 68: Physical One-Way Hash Function
Page 69: Cloud Key Vault Final attestation A
Page 72 and 73: Apple Security Bounty
Page 74 and 75: Apple Security Bounty Rewards resea
Page 76 and 77: Apple Security Bounty Payments We r
Page 78 and 79: September
Page 80: TM and © 2016 Apple Inc. All right

Behind the Scenes with iOS Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?