SlideShare ist ein Scribd-Unternehmen logo

Mobile Device Encryption Systems

Peter Teufl
Peter Teufl

The talk was given at SEC 2013 by my colleague Bernd Zwattendorfer.

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
IAIK Mobile Device Encryption Systems SEC 2013 Bernd Zwattendorfer, Peter Teufl
IAIK TOC Smartphone Encryption Encryption Scope iOS Encryption Systems: Device encryption (file-system) Data Protection (files, credentials) Backup (iTunes plain, iTunes encrypted, iCloud) Android Encryption Systems
IAIK Encryption on Smartphones Why do we need it? Data protection (application files and credentials) Remote Wiping: without encryption not feasible (takes too much time) Where to place the encryption system? Operating system: iOS, Windows Phone, QNX, Android Smartphone applications: container applications, BYOD!
IAIK Encryption support: iOS, Blackberry OS, Android (>= 3.x), Windows Phone Well fine, every platform supports it... Done?
IAIK There is More Than Marketing Purpose: What’s the purpose of the encryption system? Encryption scope: Which data is encrypted, and how many keys are used? Key details: Where is the key, and how is it derived? Locked state: How does the encryption system behave when the phone is locked? How does the system handle incoming data? Implementation: Hardware? Software? Attacks: How can the system be attacked? Where are the weak points? MDM: Mobile Device Management: enforce encryption, manage its PINs Security: Complex systems, many mistakes can be made, key escrow???
IAIK iOS - Encryption Two encryption systems: Device encryption (file-system): Introduced with IOS 3 and the iPhone 3GS, based on a chip Data protection (individual files and credentials): Introduced with IOS 4, is an addition to the first one, improved in IOS 5 (new classes, better keychain protection) Backup: iTunes, iCloud: Encrypting backups and its consequences
IAIK iOS - Encryption Secure Element AES Key Filesystem Key File system Operating system Application 1 File 1 JailBreak Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 Data protection class keys File system encryption Not dependent on PIN/Passcode Data Protection Per-file, dependent on PIN/Passcode and Secure Element key Key Derivation Developer's Choice!!! file-system encryption Data Protection system
IAIK iOS - Device Encryption First system: file-system encryption File-system encryption keys protected via key that is stored on hardware chip PIN/Passcode is NOT used for key derivation When the phone is stolen: apply jailbreak to circumvent PIN protection, the system decrypts the data for you Thus: Only makes sense for fast remote wiping
IAIK iOS - Data Protection - Files Second system: Data Protection In addition to device encryption Protecting specific application files (e.g. emails, the PDF files within a PDF reader application etc.) Unique file keys, stored encrypted in the extended attributes of the file Different protection classes defined by the developer (!)
IAIK iOS - Data Protection - Files Protection classes: NSProtectionNone: File encryption keys protected with “Device Encryption keys”, thus no real protection For all the others: File encryption keys are encrypted with a key that is derived from the UID key and from the PIN/passcode: Thus, without the PIN, jailbreaking etc. does not reveal the encrypted data NSProtection: Complete, UntilFirstUserAuthentication, UnlessOpen
IAIK iOS - Data Protection - Files Problem: Protection Class choice is handled by the developer. The user/admin does not know which apps encrypt their data Consider: Getting an email with a PDF (email app uses data protection), and opening the email in an PDF reader that does not encrypt the data...
IAIK iOS - Data Protection - Keychain Keychain: used to store credentials (passwords, private keys, certificates etc.) Protection Classes: Always (!) (similar to NONE for files) AfterFirstUnlock (UntilFirstUserAuthentication) WhenUnlocked (Complete) also in a “ThisDeviceOnly” version (not included in backups) IOS 4: only the secret was protected, not the usernames etc. since IOS 5: every aspect is encrypted
IAIK iOS - Data Protection - Brute Force PIN plays a vital role for Data Protection Keys are derived from hardware chip and PIN code Properties: PIN length Brute force attacks: Rely on the availability of a jailbreak Estimated time for brute-force attacks?
IAIK iOS - Data Protection - Brute ForceTime to derive the key from the password (ms) 80 1 Lock-Screen Type Time to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodes Standard numerical Passcode length Number of symbols Number of passcodes Minutes Hours Days Years 4 10 10000 13.3 0.2 0.0 0.0 Extended numerical 4 10 10000 13.3 0.2 0.0 0.0 5 10 100000 133.3 2.2 0.1 0.0 6 10 1000000 1,333.3 22.2 0.9 0.0 7 10 10000000 13,333.3 222.2 9.3 0.0 8 10 100000000 133,333.3 2,222.2 92.6 0.3 9 10 1000000000 1,333,333.3 22,222.2 925.9 2.5 10 10 1E+10 13,333,333.3 222,222.2 9,259.3 25.4 Alphanumerical 4 36 1679616 2,239.5 37.3 1.6 0.0 lowercase letters and numbers 5 36 60466176 80,621.6 1,343.7 56.0 0.2 10 numbers and 26 letters 6 36 2176782336 2,902,376.4 48,372.9 2,015.5 5.5 7 36 7.8364E+10 104,485,552.1 1,741,425.9 72,559.4 198.8 8 36 2.82111E+12 3,761,479,876.6 62,691,331.3 2,612,138.8 7,156.5 9 36 1.0156E+14 135,413,275,557.9 2,256,887,926.0 94,036,996.9 257,635.6 10 36 3.6562E+15 4,874,877,920,084.0 81,247,965,334.7 3,385,331,888.9 9,274,881.9 Alphanumerical 4 62 14776336 19,701.8 328.4 13.7 0.0 lower/uppercase letters and numbers 5 62 916132832 1,221,510.4 20,358.5 848.3 2.3 10 numbers and 52 letters 6 62 5.6800E+10 75,733,647.4 1,262,227.5 52,592.8 144.1 7 62 3.5216E+12 4,695,486,141.6 78,258,102.4 3,260,754.3 8,933.6 8 62 2.1834E+14 291,120,140,779.9 4,852,002,346.3 202,166,764.4 553,881.5 9 62 1.3537E+16 18,049,448,728,351.4 300,824,145,472.5 12,534,339,394.7 34,340,655.9 10 62 8.3930E+17 1,119,065,821,157,790.0 18,651,097,019,296.4 777,129,042,470.7 2,129,120,664.3 Complex 4 107 131079601 174,772.8 2,912.9 121.4 0.3 lower/uppercase letters and numbers 5 107 1.4026E+10 18,700,689.7 311,678.2 12,986.6 35.6 symbols 6 107 1.5007E+12 2,000,973,802.5 33,349,563.4 1,389,565.1 3,807.0 10 numbers, 52 letters and 45 symbols 7 107 1.6058E+14 214,104,196,863.8 3,568,403,281.1 148,683,470.0 407,352.0 8 107 1.7182E+16 22,909,149,064,425.6 381,819,151,073.8 15,909,131,294.7 43,586,661.1 9 107 1.8385E+18 2,451,278,949,893,540.0 40,854,649,164,892.3 1,702,277,048,537.2 4,663,772,735.7 10 107 1.9672E+20 262,286,847,638,609,000.0 4,371,447,460,643,480.0182,143,644,193,478.0499,023,682,721.9
IAIK iOS - Backups ITunes encrypted backups, plain backups iCloud somehow encrypted... How to mark a file for Backup? Developer’s choice Default is “yes” Marked files are transferred to iTunes, iCloud backups when activated
IAIK iTunes - Plain Backups Files stored in plain Credentials are also stored encrypted! Encryption key is stored on the iOS device Thus: Credentials in plain backups cannot be restored on other devices As a result: credentials are better protected in unencrypted iTunes backups than in encrypted ones! Files Credentials Encryption Key Plain iTunes BackupiOS Device Files Credentials marked for backup
IAIK iTunes - Encrypted Backups Key is derived from a password selected by the user (no MDM influence) Files and credentials in Backup are protected via the derived key Credentials can be restored on other iOS device (with the right protection class) Problem: Brute-force attack on weak passwords, when backup is stolen Protection for keys is acutally weaker than in plain iTunes Backups (!!!) Files Credentials Plain iTunes BackupiOS Device Files Credentials marked for backup Backup Encryption Key User Password Derived Encryption Key KDF
IAIK iCloud - Backups iCloud backups and iCloud sync Protection via passcode selected by the user (no MDM influence, except for deactivating iCloud backups and sync) If attacker gains access to this account, the backup can be restored Details about the iCloud encryption process are not known Data on iCloud: similar to security considerations required as for other cloud providers (DropBox etc.)
IAIK iOS Backups Tool: https://github.com/ciso/ios-dataprotection/ Analyzes the iTunes backup (encrypted and plain) and lists all the contained files and... ...the protection classes of the application files Allows to decide whether the right protection class was chosen by a developer!
IAIK iOS - Summary Good protection by iOS encryption systems However: interactions of the systems is manifold implications for deployments in security-criticial deployment scenarios: In- depth knowledge of the involved systems is required! Developer influence! Outlook: Paper at SECRYPT 2013 (Workflow for Deploying iOS devices)
IAIK iOS - Workflow Application File protection class analysis KeyChain protection class analysis Files with class NsFileProtectionNone Files with other classes Passcode circumvention via Jailbreaking/ Rooting KeyChain entries with Always/ AlwaysDeviceOnly Passcode circumvention via Jailbreaking/ Rooting On-device brute-force attack No-off device attacks possible KeyChain entries with safe classes On-device brute-force attack File backup state analysis Files in backupNo files in backup No-off device attacks possible KeyChain backup state analysis All credentials with thisDeviceOnly classes Credentials with transferable classes iCloud account security Standard iTunes backup? iCloud backup? Encrypted iTunes backup? Critical data at cloud provider iCloud account security Standard iTunes backup? iCloud Backup? Encrypted iTunes backup? Off-device brute-force attack Critical data at cloud provider ApplicationApplication System Security Analysis Passcode selection based on brute- force times Passcode selection based on brute- force times Off-device brute-force attack Minor risk Medium risk High risk Analysis/Tool No access to credentials Direct file access on backup device
IAIK iOS Encryption - Sources http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords-faq.pdf http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates http://esec-lab.sogeti.com/dotclear/public/publications/11- hitbamsterdam-iphonedataprotection.pdf https://media.blackhat.com/bh-us-11/DaiZovi/ BH_US_11_DaiZovi_iOS_Security_WP.pdf http://trailofbits.files.wordpress.com/2011/08/ios-security- evaluation.pdf http://www.elcomsoft.com/eift.html
IAIK Android Two systems: DM-Crypt based file-system encryption system On SD card: depends on version, platform Android KeyChain - for storing credentials: Same PIN/Passcode and key derivation function as for the file- system Stores as file in the file-system
IAIK Android - Device Encryption Android versions: Tablets: Since Android 3.x Smartphones: Since Android ICS (4.x) Even if 4.x, not supported on every platform Not activated by default Uses dm-crypt (Linux) as an encryption layer when data is written/read to the storage device No hardware module used (brute-force attacks!)
IAIK Android - Device Encryption PIN entry before system boot-up, key derivation based on PIN and salt stored in the dm-crypt meta-data When device is booted, system can access every file (no protection classes...) Pattern/Face lock systems deactivated... Passcode for file-encryption is same as used for locking the phone (shoulder surfing)
IAIK Android - Device Encryption Filesystem Key File system Operating system Application 1 File 1 Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 File system encryption Key Derivation Differences to iOS file-system encryption: PIN/passcode during boot process But no hardware chip is involved
IAIK Android - Brute Force Attacks For KeyChain and Device-Encryption System Basic steps: Extract file-system meta-information from encrypted device Run Brute-force tool No hardware chip involved: speed-up by using multiple instances (e.g., in the cloud) https://santoku-linux.com/howto/mobile-forensics/how-to-brute-force- android-encryption
IAIK Android - Brute Force Times (1 ECU) Time to derive the key from the password (ms) 15.38 1 Lock-Screen Type Time to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodes Standard numerical Passcode length Number of symbols Number of passcodes Minutes Hours Days Years 4 10 10000 2.6 0.0 0.0 0.0 Extended numerical 4 10 10000 2.6 0.0 0.0 0.0 5 10 100000 25.6 0.4 0.0 0.0 6 10 1000000 256.3 4.3 0.2 0.0 7 10 10000000 2,563.3 42.7 1.8 0.0 8 10 100000000 25,633.3 427.2 17.8 0.0 9 10 1000000000 256,333.3 4,272.2 178.0 0.5 10 10 1E+10 2,563,333.3 42,722.2 1,780.1 4.9 Alphanumerical 4 36 1679616 430.5 7.2 0.3 0.0 lowercase letters and numbers 5 36 60466176 15,499.5 258.3 10.8 0.0 10 numbers and 26 letters 6 36 2176782336 557,981.9 9,299.7 387.5 1.1 7 36 7.8364E+10 20,087,347.4 334,789.1 13,949.5 38.2 8 36 2.82111E+12 723,144,506.3 12,052,408.4 502,183.7 1,375.8 9 36 1.0156E+14 26,033,202,226.0 433,886,703.8 18,078,612.7 49,530.4 10 36 3.6562E+15 937,195,280,136.1 15,619,921,335.6 650,830,055.7 1,783,096.0 Alphanumerical 4 62 14776336 3,787.7 63.1 2.6 0.0 lower/uppercase letters and numbers 5 62 916132832 234,835.4 3,913.9 163.1 0.4 10 numbers and 52 letters 6 62 5.6800E+10 14,559,793.7 242,663.2 10,111.0 27.7 7 62 3.5216E+12 902,707,210.7 15,045,120.2 626,880.0 1,717.5 8 62 2.1834E+14 55,967,847,064.9 932,797,451.1 38,866,560.5 106,483.7 9 62 1.3537E+16 3,470,006,518,025.6 57,833,441,967.1 2,409,726,748.6 6,601,991.1 10 62 8.3930E+17 215,140,404,117,585.0 3,585,673,401,959.7 149,403,058,415.0 409,323,447.7 Complex 4 107 131079601 33,600.1 560.0 23.3 0.1 lower/uppercase letters and numbers 5 107 1.4026E+10 3,595,207.6 59,920.1 2,496.7 6.8 symbols 6 107 1.5007E+12 384,687,213.5 6,411,453.6 267,143.9 731.9 10 numbers, 52 letters and 45 symbols 7 107 1.6058E+14 41,161,531,847.1 686,025,530.8 28,584,397.1 78,313.4 8 107 1.7182E+16 4,404,283,907,635.8 73,404,731,793.9 3,058,530,491.4 8,379,535.6 9 107 1.8385E+18 471,258,378,117,033.0 7,854,306,301,950.6 327,262,762,581.3 896,610,308.4 10 107 1.9672E+20 50,424,646,458,522,500.0 840,410,774,308,709.0 35,017,115,596,196.2 95,937,303,003.3
IAIK Backup, SD-Card Backup: Depends on Android version, proprietery platform extentions Mobile Device Management: Fragmentation: Google, Samsung etc. SD card: not supported on every device encryption also depends on the platform
IAIK Summary Heteregeneous Mobile Device Encryption Systems Different systems, scope etc. require many security related considerations Worflows for Security Officers iOS worflow published Now we are working on all the details of the Android system
IAIK Android Problems: external brute force: extract salt, something that is encrypted, use a cluster... no protection classes, nor file based encryption, data is accessible even when device is locked (malicious apps in background???) Android is so nice to tell us the complexity of the PIN (no permission required) Advantage (in comparison to IOS): The device level encryption key is based on the PIN, does the PIN is needed to access the data (compare with device-level protection on
IAIK iOS standard iOS data protection Android > 3.x Blackberry Windows Phone Purpose? remote wipe data, credentials prot. data, cred. pr. data cred. pr. ? Scope? filesystem files filesystem ? WP7: files WP8: file-system Key storage? SE, RAM SE, RAM disk, RAM disk, RAM (?) ? (no) Encrytion keys available during lock? yes no yes no ? Key derivation? SE SE, PIN PIN PIN (?) ? Brute-Force? - on device off device off device ? Activated by? always developer/user (PIN) user (settings) policies, user developer ? User/admin? - no yes yes ? Issues jailbreak danger only for remote wipe developer decides! user does not know state manual activation keys remain in RAM no classes ? ? Encryption Overview
IAIK iOS - Data Protection - Files Key handling when locked/unlocked NSProtectionComplete: Keys are removed from memory when device is locked, thus the files are not available in the locked state NSFileProtectionCompleteUntilFirstUserAuthentication: files are available after first unlock NSFileProtectionCompleteUnlessOpen: symmetric keys are not available when the device is locked. How to encrypt incoming data? e.g. emails? by using asymmetric encryption (in this case: based on elliptic curves), private key is not available when locked
IAIK IOS - Data Protection
IAIK IOS - PINS Key derivation includes many iteration and requires the HSM key Further: brute forcing must be done on the device!!! The HSM key is only on the chip on the device... A real HSM: why doesn’t the chip implement some kind of exponential back- off, or even wipe the key when using the wrong PIN to often? After talking to some hardware experts at the IAIK: an HSM is quite complex, e.g. implementing the counter is quite difficult (where to store that?)
IAIK IOS - PINS PIN length: typically: numerical PINs with length 4: 10000 possible PINs... not much Brute force: not possible via GUI: option to wipe the device after several wrong entries however who is attacking this via the GUI :-) ? Jail breaking: access to API, brute forcing the PINs BUT: key derivation based on PIN and the key in the HSM

Empfohlen

Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
How cloud computing work
How cloud computing workHow cloud computing work
How cloud computing work
icloud9
 
VIRTUAL REALITY DOCUMENTATION
VIRTUAL REALITY DOCUMENTATION VIRTUAL REALITY DOCUMENTATION
VIRTUAL REALITY DOCUMENTATION
PrashanthBeemanathi
 
New Trends in Cloud Computing
New Trends in Cloud ComputingNew Trends in Cloud Computing
New Trends in Cloud Computing
Ahmed Banafa
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Software as a service
Software as a serviceSoftware as a service
Software as a service
Divya korrapati
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Unify Internet Of Things with Clayster
Unify Internet Of Things with ClaysterUnify Internet Of Things with Clayster
Unify Internet Of Things with Clayster
claysterworld
 

Empfohlen

Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
How cloud computing work
How cloud computing workHow cloud computing work
How cloud computing work
icloud9
 
VIRTUAL REALITY DOCUMENTATION
VIRTUAL REALITY DOCUMENTATION VIRTUAL REALITY DOCUMENTATION
VIRTUAL REALITY DOCUMENTATION
PrashanthBeemanathi
 
New Trends in Cloud Computing
New Trends in Cloud ComputingNew Trends in Cloud Computing
New Trends in Cloud Computing
Ahmed Banafa
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Software as a service
Software as a serviceSoftware as a service
Software as a service
Divya korrapati
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Unify Internet Of Things with Clayster
Unify Internet Of Things with ClaysterUnify Internet Of Things with Clayster
Unify Internet Of Things with Clayster
claysterworld
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
 
Aplicaciones
AplicacionesAplicaciones
Aplicaciones
DANIELIVNPREZJUREZ
 
Cloud resilience, provisioning
Cloud resilience, provisioning Cloud resilience, provisioning
Cloud resilience, provisioning
Integral university, India
 
Report on mini project(Student database handling using RMI)
Report on mini project(Student database handling using RMI)Report on mini project(Student database handling using RMI)
Report on mini project(Student database handling using RMI)
shraddha mane
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
tmather
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide
Protect724manoj
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
What is network detection and response?
What is network detection and response?What is network detection and response?
What is network detection and response?
Vehere
 
Android Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndroid Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - Introduction
Andreas Jakl
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
Mike Kavis
 
Cloud computing benefits
Cloud computing benefitsCloud computing benefits
Cloud computing benefits
Madhukumar Vattipulusu
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Fog computing
Fog computingFog computing
Fog computing
Rishabh Kumar ☁️
 
Introduction to xamarin
Introduction to xamarinIntroduction to xamarin
Introduction to xamarin
Christos Matskas
 
Icloud seminar report
Icloud seminar reportIcloud seminar report
Icloud seminar report
Richa Dewani
 
Task programming
Task programmingTask programming
Task programming
Yogendra Tamang
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Amazon Web Services
 
MetaCDN
MetaCDNMetaCDN
MetaCDN
Cesare Pautasso
 
OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...
OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...
OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...
Edureka!
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
Urvashi Kataria
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
Graham Lee
 

Weitere ähnliche Inhalte

Was ist angesagt?

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
Icloud seminar report
Icloud seminar reportIcloud seminar report
Icloud seminar report
Richa Dewani
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Amazon Web Services
 

Was ist angesagt? (20)

Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Aplicaciones
AplicacionesAplicaciones
Aplicaciones
 
Cloud resilience, provisioning
Cloud resilience, provisioning Cloud resilience, provisioning
Cloud resilience, provisioning
 
Report on mini project(Student database handling using RMI)
Report on mini project(Student database handling using RMI)Report on mini project(Student database handling using RMI)
Report on mini project(Student database handling using RMI)
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
 
Mobile security
Mobile securityMobile security
Mobile security
 
Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide Firewall Monitoring 1.1 Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
What is network detection and response?
What is network detection and response?What is network detection and response?
What is network detection and response?
 
Android Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndroid Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - Introduction
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
 
Cloud computing benefits
Cloud computing benefitsCloud computing benefits
Cloud computing benefits
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Fog computing
Fog computingFog computing
Fog computing
 
Introduction to xamarin
Introduction to xamarinIntroduction to xamarin
Introduction to xamarin
 
Icloud seminar report
Icloud seminar reportIcloud seminar report
Icloud seminar report
 
Task programming
Task programmingTask programming
Task programming
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
 
MetaCDN
MetaCDNMetaCDN
MetaCDN
 
OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...
OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...
OpenStack Training | OpenStack Tutorial For Beginners | OpenStack Certificati...
 

Andere mochten auch

flashcache原理及改造
flashcache原理及改造flashcache原理及改造
flashcache原理及改造
Hao(Robin) Dong
 
Device mapper multipathing
Device mapper multipathingDevice mapper multipathing
Device mapper multipathing
Anand Loganathan
 
AES encryption on modern consumer architectures
AES encryption on modern consumer architecturesAES encryption on modern consumer architectures
AES encryption on modern consumer architectures
Grigore Lupescu
 
Data Decryption & Password Recovery
Data Decryption & Password RecoveryData Decryption & Password Recovery
Data Decryption & Password Recovery
Andrey Belenko
 
McAfee Encryption 2015
McAfee Encryption 2015McAfee Encryption 2015
McAfee Encryption 2015
Vladyslav Radetsky
 
Tuning android for low ram devices
Tuning android for low ram devicesTuning android for low ram devices
Tuning android for low ram devices
Droidcon Berlin
 
Rahmenbedingungen mobile security
Rahmenbedingungen mobile securityRahmenbedingungen mobile security
Rahmenbedingungen mobile security
Peter Teufl
 

Andere mochten auch (20)

iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
IOS Encryption Systems
IOS Encryption SystemsIOS Encryption Systems
IOS Encryption Systems
 
flashcache原理及改造
flashcache原理及改造flashcache原理及改造
flashcache原理及改造
 
Device mapper multipathing
Device mapper multipathingDevice mapper multipathing
Device mapper multipathing
 
Manufacturers of Fire Detection Equipment
Manufacturers of Fire Detection EquipmentManufacturers of Fire Detection Equipment
Manufacturers of Fire Detection Equipment
 
AES encryption on modern consumer architectures
AES encryption on modern consumer architecturesAES encryption on modern consumer architectures
AES encryption on modern consumer architectures
 
Data Decryption & Password Recovery
Data Decryption & Password RecoveryData Decryption & Password Recovery
Data Decryption & Password Recovery
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
 
Защита данных безнеса с помощью шифрования
Защита данных безнеса с помощью шифрованияЗащита данных безнеса с помощью шифрования
Защита данных безнеса с помощью шифрования
 
McAfee Endpoint Security 10.1
McAfee Endpoint Security 10.1McAfee Endpoint Security 10.1
McAfee Endpoint Security 10.1
 
McAfee Encryption 2015
McAfee Encryption 2015McAfee Encryption 2015
McAfee Encryption 2015
 
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
 
Semantic Pattern Transformation
Semantic Pattern TransformationSemantic Pattern Transformation
Semantic Pattern Transformation
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app development
 
Tuning android for low ram devices
Tuning android for low ram devicesTuning android for low ram devices
Tuning android for low ram devices
 
Rahmenbedingungen mobile security
Rahmenbedingungen mobile securityRahmenbedingungen mobile security
Rahmenbedingungen mobile security
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 

Ähnlich wie Mobile Device Encryption Systems

Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
Satish b
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
JongWon Kim
 
ios device protection review
ios device protection reviewios device protection review
ios device protection review
nlog2n
 

Ähnlich wie Mobile Device Encryption Systems (20)

Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applications
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
iOS (Vulner)ability
iOS (Vulner)abilityiOS (Vulner)ability
iOS (Vulner)ability
 
IOS security
IOS securityIOS security
IOS security
 
Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)
 
osi semair.pptx
osi semair.pptxosi semair.pptx
osi semair.pptx
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
Synapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloud
 
Mbs r33 b
Mbs r33 bMbs r33 b
Mbs r33 b
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.
 
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovTroopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
 
Behind The Code // by Exness
Behind The Code // by ExnessBehind The Code // by Exness
Behind The Code // by Exness
 
ios device protection review
ios device protection reviewios device protection review
ios device protection review
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
 

Kürzlich hochgeladen

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Mobile Device Encryption Systems

  • 1. IAIK Mobile Device Encryption Systems SEC 2013 Bernd Zwattendorfer, Peter Teufl
  • 2. IAIK TOC Smartphone Encryption Encryption Scope iOS Encryption Systems: Device encryption (file-system) Data Protection (files, credentials) Backup (iTunes plain, iTunes encrypted, iCloud) Android Encryption Systems
  • 3. IAIK Encryption on Smartphones Why do we need it? Data protection (application files and credentials) Remote Wiping: without encryption not feasible (takes too much time) Where to place the encryption system? Operating system: iOS, Windows Phone, QNX, Android Smartphone applications: container applications, BYOD!
  • 4. IAIK Encryption support: iOS, Blackberry OS, Android (>= 3.x), Windows Phone Well fine, every platform supports it... Done?
  • 5. IAIK There is More Than Marketing Purpose: What’s the purpose of the encryption system? Encryption scope: Which data is encrypted, and how many keys are used? Key details: Where is the key, and how is it derived? Locked state: How does the encryption system behave when the phone is locked? How does the system handle incoming data? Implementation: Hardware? Software? Attacks: How can the system be attacked? Where are the weak points? MDM: Mobile Device Management: enforce encryption, manage its PINs Security: Complex systems, many mistakes can be made, key escrow???
  • 6. IAIK iOS - Encryption Two encryption systems: Device encryption (file-system): Introduced with IOS 3 and the iPhone 3GS, based on a chip Data protection (individual files and credentials): Introduced with IOS 4, is an addition to the first one, improved in IOS 5 (new classes, better keychain protection) Backup: iTunes, iCloud: Encrypting backups and its consequences
  • 7. IAIK iOS - Encryption Secure Element AES Key Filesystem Key File system Operating system Application 1 File 1 JailBreak Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 Data protection class keys File system encryption Not dependent on PIN/Passcode Data Protection Per-file, dependent on PIN/Passcode and Secure Element key Key Derivation Developer's Choice!!! file-system encryption Data Protection system
  • 8. IAIK iOS - Device Encryption First system: file-system encryption File-system encryption keys protected via key that is stored on hardware chip PIN/Passcode is NOT used for key derivation When the phone is stolen: apply jailbreak to circumvent PIN protection, the system decrypts the data for you Thus: Only makes sense for fast remote wiping
  • 9. IAIK iOS - Data Protection - Files Second system: Data Protection In addition to device encryption Protecting specific application files (e.g. emails, the PDF files within a PDF reader application etc.) Unique file keys, stored encrypted in the extended attributes of the file Different protection classes defined by the developer (!)
  • 10. IAIK iOS - Data Protection - Files Protection classes: NSProtectionNone: File encryption keys protected with “Device Encryption keys”, thus no real protection For all the others: File encryption keys are encrypted with a key that is derived from the UID key and from the PIN/passcode: Thus, without the PIN, jailbreaking etc. does not reveal the encrypted data NSProtection: Complete, UntilFirstUserAuthentication, UnlessOpen
  • 11. IAIK iOS - Data Protection - Files Problem: Protection Class choice is handled by the developer. The user/admin does not know which apps encrypt their data Consider: Getting an email with a PDF (email app uses data protection), and opening the email in an PDF reader that does not encrypt the data...
  • 12. IAIK iOS - Data Protection - Keychain Keychain: used to store credentials (passwords, private keys, certificates etc.) Protection Classes: Always (!) (similar to NONE for files) AfterFirstUnlock (UntilFirstUserAuthentication) WhenUnlocked (Complete) also in a “ThisDeviceOnly” version (not included in backups) IOS 4: only the secret was protected, not the usernames etc. since IOS 5: every aspect is encrypted
  • 13. IAIK iOS - Data Protection - Brute Force PIN plays a vital role for Data Protection Keys are derived from hardware chip and PIN code Properties: PIN length Brute force attacks: Rely on the availability of a jailbreak Estimated time for brute-force attacks?
  • 14. IAIK iOS - Data Protection - Brute ForceTime to derive the key from the password (ms) 80 1 Lock-Screen Type Time to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodes Standard numerical Passcode length Number of symbols Number of passcodes Minutes Hours Days Years 4 10 10000 13.3 0.2 0.0 0.0 Extended numerical 4 10 10000 13.3 0.2 0.0 0.0 5 10 100000 133.3 2.2 0.1 0.0 6 10 1000000 1,333.3 22.2 0.9 0.0 7 10 10000000 13,333.3 222.2 9.3 0.0 8 10 100000000 133,333.3 2,222.2 92.6 0.3 9 10 1000000000 1,333,333.3 22,222.2 925.9 2.5 10 10 1E+10 13,333,333.3 222,222.2 9,259.3 25.4 Alphanumerical 4 36 1679616 2,239.5 37.3 1.6 0.0 lowercase letters and numbers 5 36 60466176 80,621.6 1,343.7 56.0 0.2 10 numbers and 26 letters 6 36 2176782336 2,902,376.4 48,372.9 2,015.5 5.5 7 36 7.8364E+10 104,485,552.1 1,741,425.9 72,559.4 198.8 8 36 2.82111E+12 3,761,479,876.6 62,691,331.3 2,612,138.8 7,156.5 9 36 1.0156E+14 135,413,275,557.9 2,256,887,926.0 94,036,996.9 257,635.6 10 36 3.6562E+15 4,874,877,920,084.0 81,247,965,334.7 3,385,331,888.9 9,274,881.9 Alphanumerical 4 62 14776336 19,701.8 328.4 13.7 0.0 lower/uppercase letters and numbers 5 62 916132832 1,221,510.4 20,358.5 848.3 2.3 10 numbers and 52 letters 6 62 5.6800E+10 75,733,647.4 1,262,227.5 52,592.8 144.1 7 62 3.5216E+12 4,695,486,141.6 78,258,102.4 3,260,754.3 8,933.6 8 62 2.1834E+14 291,120,140,779.9 4,852,002,346.3 202,166,764.4 553,881.5 9 62 1.3537E+16 18,049,448,728,351.4 300,824,145,472.5 12,534,339,394.7 34,340,655.9 10 62 8.3930E+17 1,119,065,821,157,790.0 18,651,097,019,296.4 777,129,042,470.7 2,129,120,664.3 Complex 4 107 131079601 174,772.8 2,912.9 121.4 0.3 lower/uppercase letters and numbers 5 107 1.4026E+10 18,700,689.7 311,678.2 12,986.6 35.6 symbols 6 107 1.5007E+12 2,000,973,802.5 33,349,563.4 1,389,565.1 3,807.0 10 numbers, 52 letters and 45 symbols 7 107 1.6058E+14 214,104,196,863.8 3,568,403,281.1 148,683,470.0 407,352.0 8 107 1.7182E+16 22,909,149,064,425.6 381,819,151,073.8 15,909,131,294.7 43,586,661.1 9 107 1.8385E+18 2,451,278,949,893,540.0 40,854,649,164,892.3 1,702,277,048,537.2 4,663,772,735.7 10 107 1.9672E+20 262,286,847,638,609,000.0 4,371,447,460,643,480.0182,143,644,193,478.0499,023,682,721.9
  • 15. IAIK iOS - Backups ITunes encrypted backups, plain backups iCloud somehow encrypted... How to mark a file for Backup? Developer’s choice Default is “yes” Marked files are transferred to iTunes, iCloud backups when activated
  • 16. IAIK iTunes - Plain Backups Files stored in plain Credentials are also stored encrypted! Encryption key is stored on the iOS device Thus: Credentials in plain backups cannot be restored on other devices As a result: credentials are better protected in unencrypted iTunes backups than in encrypted ones! Files Credentials Encryption Key Plain iTunes BackupiOS Device Files Credentials marked for backup
  • 17. IAIK iTunes - Encrypted Backups Key is derived from a password selected by the user (no MDM influence) Files and credentials in Backup are protected via the derived key Credentials can be restored on other iOS device (with the right protection class) Problem: Brute-force attack on weak passwords, when backup is stolen Protection for keys is acutally weaker than in plain iTunes Backups (!!!) Files Credentials Plain iTunes BackupiOS Device Files Credentials marked for backup Backup Encryption Key User Password Derived Encryption Key KDF
  • 18. IAIK iCloud - Backups iCloud backups and iCloud sync Protection via passcode selected by the user (no MDM influence, except for deactivating iCloud backups and sync) If attacker gains access to this account, the backup can be restored Details about the iCloud encryption process are not known Data on iCloud: similar to security considerations required as for other cloud providers (DropBox etc.)
  • 19. IAIK iOS Backups Tool: https://github.com/ciso/ios-dataprotection/ Analyzes the iTunes backup (encrypted and plain) and lists all the contained files and... ...the protection classes of the application files Allows to decide whether the right protection class was chosen by a developer!
  • 20. IAIK iOS - Summary Good protection by iOS encryption systems However: interactions of the systems is manifold implications for deployments in security-criticial deployment scenarios: In- depth knowledge of the involved systems is required! Developer influence! Outlook: Paper at SECRYPT 2013 (Workflow for Deploying iOS devices)
  • 21. IAIK iOS - Workflow Application File protection class analysis KeyChain protection class analysis Files with class NsFileProtectionNone Files with other classes Passcode circumvention via Jailbreaking/ Rooting KeyChain entries with Always/ AlwaysDeviceOnly Passcode circumvention via Jailbreaking/ Rooting On-device brute-force attack No-off device attacks possible KeyChain entries with safe classes On-device brute-force attack File backup state analysis Files in backupNo files in backup No-off device attacks possible KeyChain backup state analysis All credentials with thisDeviceOnly classes Credentials with transferable classes iCloud account security Standard iTunes backup? iCloud backup? Encrypted iTunes backup? Critical data at cloud provider iCloud account security Standard iTunes backup? iCloud Backup? Encrypted iTunes backup? Off-device brute-force attack Critical data at cloud provider ApplicationApplication System Security Analysis Passcode selection based on brute- force times Passcode selection based on brute- force times Off-device brute-force attack Minor risk Medium risk High risk Analysis/Tool No access to credentials Direct file access on backup device
  • 22. IAIK iOS Encryption - Sources http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords-faq.pdf http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates http://esec-lab.sogeti.com/dotclear/public/publications/11- hitbamsterdam-iphonedataprotection.pdf https://media.blackhat.com/bh-us-11/DaiZovi/ BH_US_11_DaiZovi_iOS_Security_WP.pdf http://trailofbits.files.wordpress.com/2011/08/ios-security- evaluation.pdf http://www.elcomsoft.com/eift.html
  • 23. IAIK Android Two systems: DM-Crypt based file-system encryption system On SD card: depends on version, platform Android KeyChain - for storing credentials: Same PIN/Passcode and key derivation function as for the file- system Stores as file in the file-system
  • 24. IAIK Android - Device Encryption Android versions: Tablets: Since Android 3.x Smartphones: Since Android ICS (4.x) Even if 4.x, not supported on every platform Not activated by default Uses dm-crypt (Linux) as an encryption layer when data is written/read to the storage device No hardware module used (brute-force attacks!)
  • 25. IAIK Android - Device Encryption PIN entry before system boot-up, key derivation based on PIN and salt stored in the dm-crypt meta-data When device is booted, system can access every file (no protection classes...) Pattern/Face lock systems deactivated... Passcode for file-encryption is same as used for locking the phone (shoulder surfing)
  • 26. IAIK Android - Device Encryption Filesystem Key File system Operating system Application 1 File 1 Remote Wipe PIN/Passcode File 2 Application 2 Application 3 File 3 File 4 File 5 File system encryption Key Derivation Differences to iOS file-system encryption: PIN/passcode during boot process But no hardware chip is involved
  • 27. IAIK Android - Brute Force Attacks For KeyChain and Device-Encryption System Basic steps: Extract file-system meta-information from encrypted device Run Brute-force tool No hardware chip involved: speed-up by using multiple instances (e.g., in the cloud) https://santoku-linux.com/howto/mobile-forensics/how-to-brute-force- android-encryption
  • 28. IAIK Android - Brute Force Times (1 ECU) Time to derive the key from the password (ms) 15.38 1 Lock-Screen Type Time to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodesTime to try out 100% of the possible passcodes Standard numerical Passcode length Number of symbols Number of passcodes Minutes Hours Days Years 4 10 10000 2.6 0.0 0.0 0.0 Extended numerical 4 10 10000 2.6 0.0 0.0 0.0 5 10 100000 25.6 0.4 0.0 0.0 6 10 1000000 256.3 4.3 0.2 0.0 7 10 10000000 2,563.3 42.7 1.8 0.0 8 10 100000000 25,633.3 427.2 17.8 0.0 9 10 1000000000 256,333.3 4,272.2 178.0 0.5 10 10 1E+10 2,563,333.3 42,722.2 1,780.1 4.9 Alphanumerical 4 36 1679616 430.5 7.2 0.3 0.0 lowercase letters and numbers 5 36 60466176 15,499.5 258.3 10.8 0.0 10 numbers and 26 letters 6 36 2176782336 557,981.9 9,299.7 387.5 1.1 7 36 7.8364E+10 20,087,347.4 334,789.1 13,949.5 38.2 8 36 2.82111E+12 723,144,506.3 12,052,408.4 502,183.7 1,375.8 9 36 1.0156E+14 26,033,202,226.0 433,886,703.8 18,078,612.7 49,530.4 10 36 3.6562E+15 937,195,280,136.1 15,619,921,335.6 650,830,055.7 1,783,096.0 Alphanumerical 4 62 14776336 3,787.7 63.1 2.6 0.0 lower/uppercase letters and numbers 5 62 916132832 234,835.4 3,913.9 163.1 0.4 10 numbers and 52 letters 6 62 5.6800E+10 14,559,793.7 242,663.2 10,111.0 27.7 7 62 3.5216E+12 902,707,210.7 15,045,120.2 626,880.0 1,717.5 8 62 2.1834E+14 55,967,847,064.9 932,797,451.1 38,866,560.5 106,483.7 9 62 1.3537E+16 3,470,006,518,025.6 57,833,441,967.1 2,409,726,748.6 6,601,991.1 10 62 8.3930E+17 215,140,404,117,585.0 3,585,673,401,959.7 149,403,058,415.0 409,323,447.7 Complex 4 107 131079601 33,600.1 560.0 23.3 0.1 lower/uppercase letters and numbers 5 107 1.4026E+10 3,595,207.6 59,920.1 2,496.7 6.8 symbols 6 107 1.5007E+12 384,687,213.5 6,411,453.6 267,143.9 731.9 10 numbers, 52 letters and 45 symbols 7 107 1.6058E+14 41,161,531,847.1 686,025,530.8 28,584,397.1 78,313.4 8 107 1.7182E+16 4,404,283,907,635.8 73,404,731,793.9 3,058,530,491.4 8,379,535.6 9 107 1.8385E+18 471,258,378,117,033.0 7,854,306,301,950.6 327,262,762,581.3 896,610,308.4 10 107 1.9672E+20 50,424,646,458,522,500.0 840,410,774,308,709.0 35,017,115,596,196.2 95,937,303,003.3
  • 29. IAIK Backup, SD-Card Backup: Depends on Android version, proprietery platform extentions Mobile Device Management: Fragmentation: Google, Samsung etc. SD card: not supported on every device encryption also depends on the platform
  • 30. IAIK Summary Heteregeneous Mobile Device Encryption Systems Different systems, scope etc. require many security related considerations Worflows for Security Officers iOS worflow published Now we are working on all the details of the Android system
  • 31. IAIK Android Problems: external brute force: extract salt, something that is encrypted, use a cluster... no protection classes, nor file based encryption, data is accessible even when device is locked (malicious apps in background???) Android is so nice to tell us the complexity of the PIN (no permission required) Advantage (in comparison to IOS): The device level encryption key is based on the PIN, does the PIN is needed to access the data (compare with device-level protection on
  • 32. IAIK iOS standard iOS data protection Android > 3.x Blackberry Windows Phone Purpose? remote wipe data, credentials prot. data, cred. pr. data cred. pr. ? Scope? filesystem files filesystem ? WP7: files WP8: file-system Key storage? SE, RAM SE, RAM disk, RAM disk, RAM (?) ? (no) Encrytion keys available during lock? yes no yes no ? Key derivation? SE SE, PIN PIN PIN (?) ? Brute-Force? - on device off device off device ? Activated by? always developer/user (PIN) user (settings) policies, user developer ? User/admin? - no yes yes ? Issues jailbreak danger only for remote wipe developer decides! user does not know state manual activation keys remain in RAM no classes ? ? Encryption Overview
  • 33. IAIK iOS - Data Protection - Files Key handling when locked/unlocked NSProtectionComplete: Keys are removed from memory when device is locked, thus the files are not available in the locked state NSFileProtectionCompleteUntilFirstUserAuthentication: files are available after first unlock NSFileProtectionCompleteUnlessOpen: symmetric keys are not available when the device is locked. How to encrypt incoming data? e.g. emails? by using asymmetric encryption (in this case: based on elliptic curves), private key is not available when locked
  • 34. IAIK IOS - Data Protection
  • 35. IAIK IOS - PINS Key derivation includes many iteration and requires the HSM key Further: brute forcing must be done on the device!!! The HSM key is only on the chip on the device... A real HSM: why doesn’t the chip implement some kind of exponential back- off, or even wipe the key when using the wrong PIN to often? After talking to some hardware experts at the IAIK: an HSM is quite complex, e.g. implementing the counter is quite difficult (where to store that?)
  • 36. IAIK IOS - PINS PIN length: typically: numerical PINs with length 4: 10000 possible PINs... not much Brute force: not possible via GUI: option to wipe the device after several wrong entries however who is attacking this via the GUI :-) ? Jail breaking: access to API, brute forcing the PINs BUT: key derivation based on PIN and the key in the HSM