Security and Encryption
   16ccf74271895e611555bf1f00047944
Security Requirements
Security Requirements

        Documents
        High Scores
        Multiplayer
           Chat
Security Requirements

        Documents
        High Scores
        Multiplayer
           Chat
Security Requirements
                 Content
                  State
                   Ads
Security Requirements
         *
Security Requirements
Security Requirements

• Ask the user (or client, product
  manager…)
Security Requirements

• Ask the user (or client, product
  manager…)
• But don’t expect them to know the
  answer!
Security Requirements

• Ask the user (or client, product
  manager…)
• But don’t expect them to know the
  answer!
    Co...
Security Requirements

• Ask the user (or client, product
  manager…)
• But don’t expect them to know the
  answer!
    Co...
Security Requirements

• Ask the user (or client, product
  manager…)
• But don’t expect them to know the
  answer!
    Co...
Security Requirements
 “In an incident that highlights the growing
 security challenges around wireless apps,
 Citi said i...
Don’t copy me, bro
iTunes ignores:
•Library/Caches
•tmp
not:
•Documents
•Library/Preferences
•Library/Application Support
Use Data Protection
Use Data Protection
Use Data Protection
Use Data Protection
Use Data Protection
[myData writeToURL: location
 options: NSDataWritingFileProtectionComplete
 error: &error];
Use Data Protection
[myData writeToURL: location
 options: NSDataWritingFileProtectionComplete
 error: &error];

         ...
Use Data Protection
[myData writeToURL: location
 options: NSDataWritingFileProtectionComplete
 error: &error];
Use the Keychain

• mostly just works…
• kSecReturnRef usually fails
• kSecMatchItemList succeeds wrongly(!)
• easiest to ...
Finding a Keychain Item
NSDictionary *foundAttributes = nil;

NSDictionary *searchAttributes = [NSDictionary dictionaryWit...
Saving a Keychain Item
 attributesToStore = [searchAttributes mutableCopy];
 [attributesToStore setObject: self.userNameFi...
Encrypt Files Yourself


• CommonCrypto
• OpenSSL
Encrypt Files Yourself

• Choose appropriate algorithm, key size,
  mode
• Note the bootstrap problem
• Get randomness fro...
Encrypt Files Yourself
  size_t bytesNeeded = 0;
  CCCryptorStatus cryptResult = kCCSuccess;
  cryptResult = CCCrypt(kCCEn...
Non-solutions


• Write your own encryption algorithm
• Wait until someone reports the problem
iamleeg
iamleeg
Security and Encryption on iOS
Security and Encryption on iOS
Upcoming SlideShare
Loading in...5
×

Security and Encryption on iOS

11,376

Published on

Describing how to think about the security requirements for an iOS app, and taking a whistle-stop tour of encryption APIs and features in the iOS.

Published in: Technology
1 Comment
6 Likes
Statistics
Notes
  • The Speakinprivate is a consumer-grade smartphone built explicitly for privacy. It helps in preventing conversations, messages, Internet searches, Wi-Fi attacks and helps in keeping application data private. URL[s] : http://www.speakinprivate.com/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
11,376
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
179
Comments
1
Likes
6
Embeds 0
No embeds

No notes for slide
  • The subtitle is “A guide to protecting your users on iOS”. Who I am, where we’re going. Start with security requirements.
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
  • There will also be regulatory/legal/contractual requirements in some fields. I’m not picking on Citi here, but this is a good recent example of the fact that mobile app security is a real-world problem with real-world consequences. Let’s look at some solutions to this problem.
  • To avoid files appearing in iTunes backups (and therefore worrying about whether the backups are encrypted), put it in one of the cache folders. That’s really only a reliable solution when you can easily recover the content.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
  • Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
  • Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
  • Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
  • Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
  • The keychain API on iOS is much simpler than the desktop one, but suffers from poor error reporting and lightly-documented failure conditions. The content is protected by the device key, and restricted to your app (unless you set up group entries). Keychain is great for small pieces of data like OAuth tokens and passwords.


  • Both trusted and stable APIs, CC is Mac/iPhone while OpenSSL is available anywhere. Can be used to encrypt streams in addition to files.
  • Key length affects the time (and battery) required to do the encryption, and the time taken for a brute-force attack to succeed. Keys and IVs must be protected.














  • Security and Encryption on iOS

    1. 1. Security and Encryption 16ccf74271895e611555bf1f00047944
    2. 2. Security Requirements
    3. 3. Security Requirements Documents High Scores Multiplayer Chat
    4. 4. Security Requirements Documents High Scores Multiplayer Chat
    5. 5. Security Requirements Content State Ads
    6. 6. Security Requirements *
    7. 7. Security Requirements
    8. 8. Security Requirements • Ask the user (or client, product manager…)
    9. 9. Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer!
    10. 10. Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer! Confidentiality Exposure
    11. 11. Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer! Confidentiality Exposure Integrity Tampering
    12. 12. Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer! Confidentiality Exposure Integrity Tampering Availability Destruction
    13. 13. Security Requirements “In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.” http://www.nypost.com/p/news/business/citibank_admits_security_flaw_in_fDLT7l6VFdqKLLaTx75cYM
    14. 14. Don’t copy me, bro iTunes ignores: •Library/Caches •tmp not: •Documents •Library/Preferences •Library/Application Support
    15. 15. Use Data Protection
    16. 16. Use Data Protection
    17. 17. Use Data Protection
    18. 18. Use Data Protection
    19. 19. Use Data Protection [myData writeToURL: location options: NSDataWritingFileProtectionComplete error: &error];
    20. 20. Use Data Protection [myData writeToURL: location options: NSDataWritingFileProtectionComplete error: &error]; NOT [[NSFileManager defaultManager] setAttributes: [NSDictionary dictionaryWithObject: NSFileProtectionComplete forKey: NSFileProtectionKey] ofItemAtPath: [location path] error: &error];
    21. 21. Use Data Protection [myData writeToURL: location options: NSDataWritingFileProtectionComplete error: &error];
    22. 22. Use the Keychain • mostly just works… • kSecReturnRef usually fails • kSecMatchItemList succeeds wrongly(!) • easiest to use attributes/persistent refs and kSecReturnData
    23. 23. Finding a Keychain Item NSDictionary *foundAttributes = nil; NSDictionary *searchAttributes = [NSDictionary dictionaryWithObjectsAndKeys: [@"info.thaesofereode.samplepassword" dataUsingEncoding: NSUTF8StringEncoding], kSecAttrApplicationTag, kCFBooleanTrue, kSecReturnAttributes, nil]; OSStatus searchResult = SecItemCopyMatching(searchAttributes, &foundAttributes); if (noErr == searchResult) { // use the keychain item Source: Professional Cocoa Application Security
    24. 24. Saving a Keychain Item attributesToStore = [searchAttributes mutableCopy]; [attributesToStore setObject: self.userNameField.text forKey: kSecAttrAccount]; [attributesToStore setObject: passwordData forKey: kSecValueData]; [attributesToStore setObject: kSecClassInternetPassword forKey: kSecClass]; [attributesToStore setObject: @"www.example.com" forKey: kSecAttrServer]; [attributesToStore setObject: kCFBooleanTrue forKey: kSecReturnPersistentRef]; [attributesToStore setObject: @"Sample password" forKey: kSecAttrDescription]; [attributesToStore setObject: @"password label" forKey: kSecAttrLabel]; [attributesToStore removeObjectForKey: kSecReturnAttributes]; NSData *persistentRef = nil; OSStatus result = SecItemAdd(attributesToStore, &persistentRef); Source: Professional Cocoa Application Security
    25. 25. Encrypt Files Yourself • CommonCrypto • OpenSSL
    26. 26. Encrypt Files Yourself • Choose appropriate algorithm, key size, mode • Note the bootstrap problem • Get randomness from SecRandomCopyBytes()
    27. 27. Encrypt Files Yourself size_t bytesNeeded = 0; CCCryptorStatus cryptResult = kCCSuccess; cryptResult = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, [key bytes], [key length], kCCOptionPKCS7Padding, [iv bytes], [key bytes], [plainText bytes], [key length], [plainText length], [iv bytes], NULL, [plainText bytes], 0, [plainText length], &bytesNeeded); cipherBytes, if (kCCBufferTooSmall != cryptResult) { bufferLength, *error = [NSError errorWithDomain: &bytesNeeded); GLFileEncryptorErrorDomain if (kCCSuccess != cryptResult) { code: GLFileEncryptorCryptFailed *error = [NSError errorWithDomain: userInfo: nil]; GLFileEncryptorErrorDomain return nil; code: GLFileEncryptorCryptFailed } userInfo: nil]; char *cipherBytes = malloc(bytesNeeded); free(cipherBytes); size_t bufferLength = bytesNeeded; return nil; if (NULL == cipherBytes) { } *error = [NSError errorWithDomain: GLFileEncryptorErrorDomain code: GLFileEncryptorOutOfMemory userInfo: nil]; return nil; } // now actually encrypt the file cryptResult = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, Source: Professional Cocoa Application Security
    28. 28. Non-solutions • Write your own encryption algorithm • Wait until someone reports the problem
    29. 29. iamleeg
    30. 30. iamleeg
    1. Gostou de algum slide específico?

      Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

    ×