4MMSR-Network Security Student Seminar. iphone data protection in depth

Size: px

Start display at page:

Download "4MMSR-Network Security Student Seminar. iphone data protection in depth"

Vivian Douglas
6 years ago
Views:

1 4MMSR-Network Security Student Seminar iphone data protection in depth jean-baptiste.bedrune(at)sogeti.com jean.sigwald(at)sogeti.com Albin PETIT & Marion ROCARIES Ensimag April 30th, 2012 Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 1 / 26 >

2 Introduction (1) General information A lot of data in your smartphone Messages Access to Social Network (Facebook, Google +,... ) Bank account information Application of your company... Easier to stole or lost a smartphone since it s always with you Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 2 / 26 >

3 Introduction (2) iphone protections Passcode : Prevents casual device access Privilege Separation and Sanboxing : Limits access to system or other app data if local app compromised Code Signing : Only code of approved origins can execute Remote Wipe : Erase all data if phone is lost Encrypted Storage : Fast Remote Wipe Encrypted Backups : Protects data off the device Data Protection : Protects user s data when the device is locked Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 3 / 26 >

4 Outline 1 iphone Forensics ios Data Protection Storage Encryption itunes Backup 2 Attacks & Counter Measures 3 Conclusion Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 4 / 26 >

How is a data encrypted (Confidentiality) EMF Key File Meta Data User Passcode Key File Key Class Key Device Key File Key : randomly generated for every file that get

5 How is a data encrypted (Confidentiality) EMF Key File Meta Data User Passcode Key File Key Class Key Device Key File Key : randomly generated for every file that get created Class Key : randomly generated when a class is established Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 5 / 26 >

6 Device Key File System User Passcode Key Class Key 1 Class Key 2 Class Key 3 Meta Data Meta Data Meta Data Meta Data Meta Data Meta Data File Key 1 File Key 2 File Key 3 File Key 4 File Key 5 File Key 6 Class Key 1 can be NSProtectionComplete Class Key 2 can be NSFileProtectionCompleteUntilFirstUserAuthentication Class Key 3 can be NSProtectionNone Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 6 / 26 >

7 Definition Collection of Class Keys 3 types of Keybags System Backup Escrow System Keybag Keybags (1) Stored in /private/var/keybags/systembag.kb AES encrypted with a key 0x835 (this key is changed every time the user changes the passcode) Contain all the class keys for all protected data Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 7 / 26 >

8 Backup Keybag Created for each backup Keybags (2) Holds the class keys for data in the backup Class keys protected with backup password entered by user Escrow Keybag Copy of system keybag Protected with random 32 byte passcode stored on device /private/var/root/library/lockdown/escrow records Stored in the synchronized computer Allow synchronization without user have to enter his passcode (devices must have been paired) Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 8 / 26 >

9 Keychain Definition Where important information are saved (eg: Wi-fi password) Add the concept of migratable datas Every application have its own set of keychain items Protection for built-in application Item Wi-Fi passwords IMAP/POP/SMTP accounts Exchange accounts VPN itunes backup password Device certificate & private key Accessibility Always AfterFirstUnlock Always Always WhenUnlockedThisDeviceOnly AlwaysThisDeviceOnly Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 9 / 26 >

10 General Information 4 banks of 4100 blocks Each block has 128 pages ios Storage (iphone 16 Gb) Each page has 8610 bytes total Main disk partitioning Boot : Bootloader Plog : Effaceable area Nvrm : Environments variables Firm : Device tree and Boot logos Fsys : Filesystem partition (/dev/disk0) Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 10 / 26 >

11 ios 4 Key Hierachy Passcode UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage EMF! Dkey DAG1 System Keybag (locked) Class A Key Class B Key Class C Key Unlock systembag.kg Decrypt Class D Key Class Key... System Keybag (unlocked) Class Key Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 11 / 26 >

12 Plog partition (3 erasable lockers) EMF! Data partition encryption key, encrypted with key 0x89B Format : Length (0x20) + AES(key89B, emfkey) DKey NSProtectionNone Class key, wrapped with key 0x835 Allow to unwrap the System Keybag BAG1 System Keybag Key Format : Magic (BAG1) + IV + Key Allow to decrypt systembag.kb Erased at each passcode change Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 12 / 26 >

13 itunes Backup Backup storage One directory per backup %APPDATA%/Apple Computer/MobileSync/Backup/<udid> Can be protected by a password How does it work? File content is AES-256 encrypted (password is entered by user) Filenames are hashed (SHA1) A database contains all information (eg: Filenames, size, permissions, attributes) Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 13 / 26 >

14 itunes Backup (3) Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 14 / 26 >

15 Outline 1 iphone Forensics 2 Attacks & Counter Measures Stealing an ios device Bruteforce attack Escrow Keybag itunes Backup Decrypter 3 Conclusion Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 15 / 26 >

16 Violated security property Confidentiality Attack Steal an ios device Steal an ios device not password protected Counter-Measures Set a passcode Erase data after n invalid passcode attempts Erase Dkey and EMF Reformat data partition Generate new system key bag Use Find My iphone to : Use location services to find it Erase data (as already mentioned) Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 16 / 26 >

17 Bruteforce attack (1) Violated security property Confidentiality Requirements The ios device stolen Time and Patience Attack Try all 4-digit passcodes Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 17 / 26 >

18 Bruteforce attack (2) Consequenses If bruteforce succeeds Passcode, Passcode key Protected files access through modified HFSExplorer Unwrapped class keys Counter-measures Set an arbitrary complex passcode by turning off the simple password Use a configuration profiles to force data protection Require password length and complexity Require maximum password grace Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 18 / 26 >

19 Escrow Keybag (1) Violated security property Confidentiality Requirements Steal the Escrow Keybag from the victim s computer Read the Escrow Keybag Key from the victim s ios device Attack Compute passcode key Decrypt the Escrow Keybag Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 19 / 26 >

20 Escrow Keybag (2) Consequences Get all the class keys Have access to all the data in ios device Counter-measures Don t give access to your computer where the Escrow Keybag is installed (eg: no physical access, download the latest updates, use a firewall) Delete the Escrow Keybag Key stored on the device Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 20 / 26 >

21 Requirements itunes Backup Decrypter A basic backup (no encryption) Attack Extract files for the backup Access to all the data Counter-measures Encrypt your backup on itunes Don t give access to your computer (eg: no physical access, download the latest updates, use a firewall) Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 21 / 26 >

22 Outline 1 iphone Forensics 2 Attacks & Counter Measures 3 Conclusion Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 22 / 26 >

23 Conclusion Conclusion Apple has improved ios security : Data are encrypted on the ios device ios file protection is a complex system with multiple keys and protection level BUT this protection can be compromised if : A user does not put a password A developper does not use the correct Class Key (NSProtectionComplete vs NSProtectionNone ) A developper does not saved sensitive information in the keychain Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 23 / 26 >

24 Questions? Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 24 / 26 >

25 References Talks iphone data protection in depth (2011) - Jean-Baptiste BEDRUNE & Jean SIGWALD ios Forensics: Overcoming iphone Data Protection (Septembre 2011) - Andrey Belenko Overcoming ios data protection to re-enable iphone forensics (2011) - Andrey BELENKO Video Apple WWDC 2010, Session Securing Application Data Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 25 / 26 >

26 References Papers Lost iphone? Lost Passwords! (February 9, 2011) - Jens Heider, Matthias Boll ios Keychain Weakness FAQ (February 27, 2012) - Jens Heider, Matthias Boll Overcoming ios data protection to re-enable iphone forensics (2011)- Andrey BELENKO Software iphone Backup Browser iphone Backup Extractor Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 26 / 26 >

27 Class keys identifiers Id Class name 1 NSProtectionComplete 2 (NSFileProtectionWriteOnly) 3 NSFileProtectionCompleteUntilUserAuthentication 4 NSProtectionNone (stored in effaceable area) 5 NSFileProtectionRecovery 6 ksecattraccessiblewhenunlocked 7 ksecattraccessibleafterfirstunlock 8 ksecattraccessiblealways 9 ksecattraccessiblewhenunlockedthisdeviceonly 10 ksecattraccessibleafterfirstunlockthisdeviceonly 11 ksecattraccessiblealwaysthisdeviceonly Albin Petit & Marion Rocaries (Ensimag) iphone data protection in depth April 30th, 2012 < 27 / 26 >

SECURIMAG IOS DATA PROTECTION 1. Albin PETIT. Grenoble INP Ensimag. DRUNE (Sogeti) and Jean SIGWALD (ESEC)

SECURIMAG IOS DATA PROTECTION 1 Albin PETIT firstname.name@ensimag.fr Grenoble INP Ensimag 1 inspired by the presentation : iphone data protection in depth by Jean-Baptiste BÉ- DRUNE (Sogeti) and Jean