Apple security guru lays out iOS security

Macworld Australia Staff
30 July, 2012
View more articles fromthe author

A top Apple security guru presented an in-depth view into the security architecture for iOS, the basis of iPhones and iPad tablets, underscoring the complex certificate-based encryption framework Apple has adopted on Friday.

Our attitude is security is an architecture, said Apple platform security manager Dallas De Atley, adding, Its not something you sprinkle over your code when its done.

In a description of how secure boot processes work, De Atley pointed out that firmware in each iOS device is digitally signed by Apple as part of the manufacturing process. But that’s just the start of a certificate encryption-based system Apple uses to try and prevent its products from becoming exploited if vulnerabilities are discovered and need to be remedied. Encryption is also embedded to enable users to take advantage of classes of encryption on their devices, according to De Atley.

By hitting a lock button, users can ensure their mail messages are encrypted at rest on the device, said De Attley. Files can also be automatically encrypted and not opened until a user enters a passcode.

The encryption classes include Complete Protection, where a passcode is required to decrypt; Protected with First Unlock, which De Atley said works like full-disk encryption on the desktop; and lastly, simply No Protection from the encryption mechanism if that’s what’s desired.

He said Apple has made additional efforts, including entangling the passcode with the devices unique identifier to try and deter attackers from making brute-force attacks. Other safeguards include enabling the device to automatically wipe after 10 failed attempts to enter a passcode.

The cryptography for this is fairly complicated, said DeAtley about the iOS design, with the company using a built encryption based on the 256-bit Advanced Encryption standard and the Secure Hash Algorithm into its processors. De Atley said neither Apple nor the manufacturers know the unique identifier, a safeguard he says makes sure the user has maximum protection. Apple maintains a global key as a top control point.

Basically, as is already known, apps from the Apple App Store will not run on users iOS devices unless they’re signed by Apple. Third-party developers can be issued a public-key certificate from Apple to make apps that run on Apple iOS. To build enterprise apps, developers can enrol in the iOS Developer Enterprise program. Each will find they receive an Enterprise Provisioning profile that is installed on devices they use. This provisioning profile expires annually, said De Atley.

The end result keeps Apple firmly in control over what’s going on in apps running on its devices, a fact that enterprises may find beneficial or not.

Apples DeAtley said the iOS architecture fosters the concept of a unique group of encryption-based controls for every device, and entitlement, which defines a crypto-determined way to decide what applications are allowed to access on each device, based on dynamic code-signing.

It all adds up to mean software running on devices is all known to come from a particular location, he said.

For erasing data, Apple devices don’t actually erase it but instead render it unobtainable because the necessary encryption key is erased. With what’s called Effaceable Storage, when the user triggers the function remotely, the keys are erased with the storage.

All this crypto processing can make performance and battery demands on a device, which is why Apple makes use of what it calls a suspended state for applications. Applications are suspended by default, until the user hits another button, De Atley said. It helps performance and battery life.


Leave a Comment

Please keep your comments friendly on the topic.

Contact us