Security and Encryption on iOS
Upcoming SlideShare
Loading in...5
×
 

Security and Encryption on iOS

on

  • 11,593 views

Describing how to think about the security requirements for an iOS app, and taking a whistle-stop tour of encryption APIs and features in the iOS.

Describing how to think about the security requirements for an iOS app, and taking a whistle-stop tour of encryption APIs and features in the iOS.

Statistics

Views

Total Views
11,593
Views on SlideShare
11,555
Embed Views
38

Actions

Likes
6
Downloads
174
Comments
0

3 Embeds 38

http://coderwall.com 26
http://hackedios.com 11
http://www.docshut.com 1

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The subtitle is &#x201C;A guide to protecting your users on iOS&#x201D;. Who I am, where we&#x2019;re going. Start with security requirements. <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Even standalone apps have security requirements (most iOS devices can easily be lost), they just tend to get more complex as you add remote connections. However, no app on iOS is truly &#x201C;standalone&#x201D; - they all share data with iTunes. You can&#x2019;t (reliably) control whether users encrypt their backups, or use PIN locks, or avoid mistakes (or can you?). <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • Users and product managers will likely think that &#x201C;make it secure&#x201D; is an implicit requirement, or not fully understand the requirements. Find out security properties by asking questions about the assets - reflective questions are better than hypotheticals. Any potential problem is a disaster that needs to be avoided at all costs. <br />
  • There will also be regulatory/legal/contractual requirements in some fields. I&#x2019;m not picking on Citi here, but this is a good recent example of the fact that mobile app security is a real-world problem with real-world consequences. Let&#x2019;s look at some solutions to this problem. <br />
  • To avoid files appearing in iTunes backups (and therefore worrying about whether the backups are encrypted), put it in one of the cache folders. That&#x2019;s really only a reliable solution when you can easily recover the content. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Files created with iOS data protection are encrypted using the device key (the same key that protects the keychain), and only accessible when the device is unlocked. <br />
  • Create and encrypt the file in a single operation, don&#x2019;t protect an existing file (unless you can&#x2019;t help it, e.g. applying protection in an app version upgrade). That can die in a fire. <br />
  • Create and encrypt the file in a single operation, don&#x2019;t protect an existing file (unless you can&#x2019;t help it, e.g. applying protection in an app version upgrade). That can die in a fire. <br />
  • Create and encrypt the file in a single operation, don&#x2019;t protect an existing file (unless you can&#x2019;t help it, e.g. applying protection in an app version upgrade). That can die in a fire. <br />
  • Create and encrypt the file in a single operation, don&#x2019;t protect an existing file (unless you can&#x2019;t help it, e.g. applying protection in an app version upgrade). That can die in a fire. <br />
  • The keychain API on iOS is much simpler than the desktop one, but suffers from poor error reporting and lightly-documented failure conditions. The content is protected by the device key, and restricted to your app (unless you set up group entries). Keychain is great for small pieces of data like OAuth tokens and passwords. <br />
  • <br />
  • <br />
  • Both trusted and stable APIs, CC is Mac/iPhone while OpenSSL is available anywhere. Can be used to encrypt streams in addition to files. <br />
  • Key length affects the time (and battery) required to do the encryption, and the time taken for a brute-force attack to succeed. Keys and IVs must be protected. <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />

Security and Encryption on iOS Security and Encryption on iOS Presentation Transcript

  • Security and Encryption 16ccf74271895e611555bf1f00047944
  • Security Requirements
  • Security Requirements Documents High Scores Multiplayer Chat
  • Security Requirements Documents High Scores Multiplayer Chat
  • Security Requirements Content State Ads
  • Security Requirements *
  • Security Requirements
  • Security Requirements • Ask the user (or client, product manager…)
  • Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer!
  • Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer! Confidentiality Exposure
  • Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer! Confidentiality Exposure Integrity Tampering
  • Security Requirements • Ask the user (or client, product manager…) • But don’t expect them to know the answer! Confidentiality Exposure Integrity Tampering Availability Destruction
  • Security Requirements “In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.” http://www.nypost.com/p/news/business/citibank_admits_security_flaw_in_fDLT7l6VFdqKLLaTx75cYM
  • Don’t copy me, bro iTunes ignores: •Library/Caches •tmp not: •Documents •Library/Preferences •Library/Application Support
  • Use Data Protection
  • Use Data Protection
  • Use Data Protection
  • Use Data Protection
  • Use Data Protection [myData writeToURL: location options: NSDataWritingFileProtectionComplete error: &error];
  • Use Data Protection [myData writeToURL: location options: NSDataWritingFileProtectionComplete error: &error]; NOT [[NSFileManager defaultManager] setAttributes: [NSDictionary dictionaryWithObject: NSFileProtectionComplete forKey: NSFileProtectionKey] ofItemAtPath: [location path] error: &error];
  • Use Data Protection [myData writeToURL: location options: NSDataWritingFileProtectionComplete error: &error];
  • Use the Keychain • mostly just works… • kSecReturnRef usually fails • kSecMatchItemList succeeds wrongly(!) • easiest to use attributes/persistent refs and kSecReturnData
  • Finding a Keychain Item NSDictionary *foundAttributes = nil; NSDictionary *searchAttributes = [NSDictionary dictionaryWithObjectsAndKeys: [@"info.thaesofereode.samplepassword" dataUsingEncoding: NSUTF8StringEncoding], kSecAttrApplicationTag, kCFBooleanTrue, kSecReturnAttributes, nil]; OSStatus searchResult = SecItemCopyMatching(searchAttributes, &foundAttributes); if (noErr == searchResult) { // use the keychain item Source: Professional Cocoa Application Security
  • Saving a Keychain Item attributesToStore = [searchAttributes mutableCopy]; [attributesToStore setObject: self.userNameField.text forKey: kSecAttrAccount]; [attributesToStore setObject: passwordData forKey: kSecValueData]; [attributesToStore setObject: kSecClassInternetPassword forKey: kSecClass]; [attributesToStore setObject: @"www.example.com" forKey: kSecAttrServer]; [attributesToStore setObject: kCFBooleanTrue forKey: kSecReturnPersistentRef]; [attributesToStore setObject: @"Sample password" forKey: kSecAttrDescription]; [attributesToStore setObject: @"password label" forKey: kSecAttrLabel]; [attributesToStore removeObjectForKey: kSecReturnAttributes]; NSData *persistentRef = nil; OSStatus result = SecItemAdd(attributesToStore, &persistentRef); Source: Professional Cocoa Application Security
  • Encrypt Files Yourself • CommonCrypto • OpenSSL
  • Encrypt Files Yourself • Choose appropriate algorithm, key size, mode • Note the bootstrap problem • Get randomness from SecRandomCopyBytes()
  • Encrypt Files Yourself size_t bytesNeeded = 0; CCCryptorStatus cryptResult = kCCSuccess; cryptResult = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, [key bytes], [key length], kCCOptionPKCS7Padding, [iv bytes], [key bytes], [plainText bytes], [key length], [plainText length], [iv bytes], NULL, [plainText bytes], 0, [plainText length], &bytesNeeded); cipherBytes, if (kCCBufferTooSmall != cryptResult) { bufferLength, *error = [NSError errorWithDomain: &bytesNeeded); GLFileEncryptorErrorDomain if (kCCSuccess != cryptResult) { code: GLFileEncryptorCryptFailed *error = [NSError errorWithDomain: userInfo: nil]; GLFileEncryptorErrorDomain return nil; code: GLFileEncryptorCryptFailed } userInfo: nil]; char *cipherBytes = malloc(bytesNeeded); free(cipherBytes); size_t bufferLength = bytesNeeded; return nil; if (NULL == cipherBytes) { } *error = [NSError errorWithDomain: GLFileEncryptorErrorDomain code: GLFileEncryptorOutOfMemory userInfo: nil]; return nil; } // now actually encrypt the file cryptResult = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, Source: Professional Cocoa Application Security
  • Non-solutions • Write your own encryption algorithm • Wait until someone reports the problem
  • iamleeg
  • iamleeg