9. Security Requirements
• Ask the user (or client, product
manager…)
• But don’t expect them to know the
answer!
10. Security Requirements
• Ask the user (or client, product
manager…)
• But don’t expect them to know the
answer!
Confidentiality Exposure
11. Security Requirements
• Ask the user (or client, product
manager…)
• But don’t expect them to know the
answer!
Confidentiality Exposure
Integrity Tampering
12. Security Requirements
• Ask the user (or client, product
manager…)
• But don’t expect them to know the
answer!
Confidentiality Exposure
Integrity Tampering
Availability Destruction
13. Security Requirements
“In an incident that highlights the growing
security challenges around wireless apps,
Citi said its iPhone app accidentally saved
personal account information in a hidden
file on users' iPhones. Information that may
have been stored includes their account
numbers, bill payments and security access
codes.”
http://www.nypost.com/p/news/business/citibank_admits_security_flaw_in_fDLT7l6VFdqKLLaTx75cYM
19. Use Data Protection
[myData writeToURL: location
options: NSDataWritingFileProtectionComplete
error: &error];
20. Use Data Protection
[myData writeToURL: location
options: NSDataWritingFileProtectionComplete
error: &error];
NOT
[[NSFileManager defaultManager]
setAttributes: [NSDictionary
dictionaryWithObject:
NSFileProtectionComplete
forKey:
NSFileProtectionKey]
ofItemAtPath: [location path]
error: &error];
21. Use Data Protection
[myData writeToURL: location
options: NSDataWritingFileProtectionComplete
error: &error];
22. Use the Keychain
• mostly just works…
• kSecReturnRef usually fails
• kSecMatchItemList succeeds wrongly(!)
• easiest to use attributes/persistent refs and
kSecReturnData
23. Finding a Keychain Item
NSDictionary *foundAttributes = nil;
NSDictionary *searchAttributes = [NSDictionary dictionaryWithObjectsAndKeys:
[@"info.thaesofereode.samplepassword"
dataUsingEncoding: NSUTF8StringEncoding],
kSecAttrApplicationTag,
kCFBooleanTrue, kSecReturnAttributes,
nil];
OSStatus searchResult = SecItemCopyMatching(searchAttributes,
&foundAttributes);
if (noErr == searchResult) {
// use the keychain item
Source: Professional Cocoa Application Security
The subtitle is “A guide to protecting your users on iOS”. Who I am, where we’re going. Start with security requirements.
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly “standalone” - they all share data with iTunes. You can’t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?).
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
Users and product managers will likely think that “make it secure” is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs.
There will also be regulatory/legal/contractual requirements in some fields. I’m not picking on Citi here, but this is a good recent example of the fact that mobile app security is a real-world problem with real-world consequences. Let’s look at some solutions to this problem.
To avoid files appearing in iTunes backups (and therefore worrying about whether the backups are encrypted), put it in one of the cache folders. That’s really only a reliable solution when you can easily recover the content.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked.
Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
Create and encrypt the file in a single operation, don’t protect an existing file (unless you can’t help it, e.g. applying protection in an app version upgrade). That can die in a fire.
The keychain API on iOS is much simpler than the desktop one, but suffers from poor error reporting and lightly-documented failure conditions. The content is protected by the device key, and restricted to your app (unless you set up group entries). Keychain is great for small pieces of data like OAuth tokens and passwords.
Both trusted and stable APIs, CC is Mac/iPhone while OpenSSL is available anywhere. Can be used to encrypt streams in addition to files.
Key length affects the time (and battery) required to do the encryption, and the time taken for a brute-force attack to succeed. Keys and IVs must be protected.