Behind the Scenes with iOS Security

Recommendations

Info

Userspace UserEventAgent Darwin lock/unlock Notifications SpringBoard MobileKeybag.framework 1) pressing home button starts Touch ID sensor 7) send unlock notification XNU (Kernel) AppleKeyStore SEP endpoint to SKS AppleMesa SEP endpoint to SBIO 4) decrypt master key random secret master key SKS SBIO bio memory Touch ID Sensor 2) template match sent to SBIO SEP master key random secret SKS memory master key + SEP UID class A class B (priv) class C SKS keyring class A class B (priv) class B (public) class C class D 3) upon successful match send random secret to SKS 6) securely destroy master key 5) decrypt class keys, add to keyring Touch ID unlock
Unattended Update—Install Later 1:00 PM 10:00 PM 10:15 PM 10:30 PM 3:00 AM First Unlock Notify Update Lock Last Unlock Before Update Software Update 8 hr persist timer Lock Update Window Boot 20 min commit timer prompt for passcode OTUT creation enabled OTUT created OTUT persist enabled OTUT persisted OTUT committed reboot
Page 1 and 2: Behind the Scenes with iOS Security
Page 3 and 4: Component Encryption iOS 10 User da
Page 5 and 6: Hardened WebKit JIT Mapping Backgro
Page 7 and 8: Hardened WebKit JIT Mapping Execute
Page 9 and 10: Hardened WebKit JIT Mapping Tying i
Page 11 and 12: 4. Prevent writing into the executa
Page 13 and 14: iOS 10 - - X R-X RW-
Page 15 and 16: iOS 10 - - X R-X RW- mov x0, #0
Page 17 and 18: iOS 10 - - X R-X RW- mov x0, #0 mov
Page 19 and 20: Data Protection with the Secure En
Page 21 and 22: Data Protection Goals—Sidestep AP
Page 23 and 24: Secure Enclave Processor Overview D
Page 25 and 26: User Keybags Background Sets of key
Page 27 and 28: 00000000 44 41 54 41 00 00 05 ca 56
Page 29 and 30: Filesystem Data Protection Overview
Page 31 and 32: 7) keybagd loads system keybag (cla
Page 33: Userspace UserEventAgent Darwin loc
Page 37 and 38: Data Protection Goals User data pro
Page 39 and 40: Synchronizing Secrets Uses Password
Page 41 and 42: “Humans are incapable of securely
Page 43 and 44: iCloud Keychain Approach Each devic
Page 45 and 46: Synchronizing Secrets Goals—Inspi
Page 47 and 48: Cloud Key Vault Overview HSMs runni
Page 49 and 50: Cloud Key Vault HSM keys Key Descri
Page 51 and 52: Cloud Key Vault Understanding the d
Page 53 and 54: Cloud Key Vault Club Host HSM Host
Page 55 and 56: Cloud Key Vault Quorum commit Each
Page 57 and 58: Cloud Key Vault Escrow Recovery Tra
Page 63 and 64: Cloud Key Vault Who watches the wat
Page 65 and 66: No.
Page 67 and 68: Physical One-Way Hash Function
Page 69: Cloud Key Vault Final attestation A
Page 72 and 73: Apple Security Bounty
Page 74 and 75: Apple Security Bounty Rewards resea
Page 76 and 77: Apple Security Bounty Payments We r
Page 78 and 79: September
Page 80: TM and © 2016 Apple Inc. All right

Behind the Scenes with iOS Security

Create successful ePaper yourself

Delete template?

Save as template?