SlideShare a Scribd company logo

iCloud keychain

A
Alexey Troshichev

IF YOU ARE CONCERNED ABOUT CLOUD SECURITY PLEASE READ http://blog.hackapp.com/2014/09/what-if-i-was-cloud.html

Internet
1 of 61
Download to read offline
iCloud Keychain and iOS 7 Data Protection Andrey Belenko Sr. Security Engineer @ viaForensics ! Alexey Troshichev @hackappcom founder
What is iCloud?
What’s inside? • Documents • Photos • Backups (SMS, application data, etc) • Keychain
Hacker’s view
Bruteforce protection?
Bruteforce protection?
Bruteforce protection?
Find My iPhone
Brought to you by hackapp.com ! github.com/hackappcom/ibrute @hackappcom
iCloud Keychain Image: Apple Inc.
Motivation http://support.apple.com/kb/HT4865
Intercepting SSL SSL Proxy (Burp, Charles, …) Root CA cert Proxy settings
Authentication GET /authenticate AppleID, Password DsID, mmeAuthToken, fmipAuthToken icloud.com
/getAccountSettings
/getAccountSettings
Setup Options
The Big Picture *.keyvalueservice.icloud.com *.escrowproxy.icloud.com Keychain items (encrypted) Keybag (encrypted) Some Secret
Key-Value Store • Not new • Used extensively by many apps e.g. to keep preferences in sync across devices • iCloud Keychain utilises two stores: • com.apple.security.cloudkeychainproxy3 • Syncing between devices • com.apple.sbd3 (securebackupd3) • Copy to restore if no other devices
Escrow Proxy • New; Designed to store precious secrets • Need to know iCSC to recover escrowed data • Need to receive SMS challenge • Must successfully complete SRP auth • User-Agent: com.apple.lakitu (iOS/OS X) Image: mariowiki.com
Key-Value Store com.apple.security.cloudkeychainproxy3 S(usrPwd, D2_pub) S(D2_priv, (D1_pub, D2_pub)) S(D1_priv, D1_pub) S(userPwd, D1_pub) S(D1_priv, (D1_pub, D2_pub)) S(userPwd, (D1_pub, D2_pub))
Key-Value Store com.apple.sbd3 Key Description com.apple.securebackup.enabled Is Keychain data saved in KVS? com.apple.securebackup.record Keychain records, encrypted SecureBackupMetadata iCSC complexity, timestamp, country BackupKeybag Keybag protecting Keychain records BackupUsesEscrow Is keybag password escrowed? BackupVersion Version, currently @“1” BackupUUID UUID of the backup
4-digit iCSC [Default]
4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit
4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394
4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394 *.keyvalueservice.icloud.com
4-digit iCSC [Default] iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394 *.keyvalueservice.icloud.com
4-digit iCSC [Default] iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394 *.keyvalueservice.icloud.com
Secure Remote Password • Zero-knowledge password proof scheme • Combats sniffing/MITM • One password guess per connection attempt • Password verifier is not sufficient for impersonation • Escrow Proxy uses SRP-6a
Key Negotiation a ← random, A ← g^a b ← random, B ← kv + g^b u ← H(A, B) u ← H(A, B) x ← H(SALT, Password) S ← (B - kg^x) ^ (a + ux) K ← H(S) S ← (Av^u) ^ b K ← H(S) Key Verification M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K) (Aborts if M is invalid) ID, A SALT, B M H(A, M, K) Password verifier: ! SALT ← random x ← H(SALT,Password) v ← g^x Agreed-upon parameters: ! H – one-way hash function N, g – group parameters k ← H(N, g)
Key Negotiation a ← random, A ← g^a b ← random, B ← kv + g^b u ← H(A, B) u ← H(A, B) x ← H(SALT, Password) S ← (B - kg^x) ^ (a + ux) K ← H(S) S ← (Av^u) ^ b K ← H(S) Key Verification M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K) (Aborts if M is invalid) ID, A, SMS CODE SALT, B M, SMS CODE H(A, M, K) Password verifier: ! SALT ← random x ← H(SALT,Password) v ← g^x Agreed-upon parameters: ! H – SHA-256 N, g – RFC 5054 w. 2048-bit group k ← H(N, g)
Escrowed Data Recovery *Display purposes only
Escrowed Data Recovery /get_records List of escrowed records *Display purposes only
Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* *Display purposes only
Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* /generate_sms_challenge OK *Display purposes only
Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* /generate_sms_challenge OK /srp_init [DsID, A, SMS CODE] [UUID, DsID, SALT, B] *Display purposes only
Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* /generate_sms_challenge OK /srp_init [DsID, A, SMS CODE] [UUID, DsID, SALT, B] /recover [UUID, DsID, M, SMS CODE] [IV, AES-CBC(KSRP, Escrowed Record)] *Display purposes only
Escrow Proxy Endpoints Endpoint Description get_club_cert [?] Obtain certificate enroll Submit escrow record get_records List escrowed records get_sms_targets List SMS numbers for escrowed records generate_sms_challenge Generate and send challenge code srp_init First step of SRP protocol recover Second step of SRP protocol alter_sms_target Change SMS number
Escrow Record iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com
Escrow Record iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword)
Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword)
Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple
Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple • iCSC is 4 digits by default
Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple • iCSC is 4 digits by default
Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple • iCSC is 4 digits by default Can you spot the problem yet?
Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) • Offline iCSC guessing is possible • Almost instant recovery [for default settings] • iCSC decrypts keybag password • Keybag password unlocks keybag keys • Keybag keys decrypt Keychain items
Apple, or other adversary with access to stored data, can near-instantly decrypt “master” password and read synced iCloud Keychain records ! (for default settings)
Setup Options
Complex iCSC correct horse battery staple PBKDF2 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb iCloud Security Code Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit Backup Keybag Key 1 Key 2 Key 3 *.escrowproxy.icloud.com AES-Wrap Keys RFC 3394 AES-GCM 256 bit *.keyvalueservice.icloud.com
Complex iCSC • Mechanics are the same as with simple iCSC • Offline password recovery attack is still possible, although pointless if password is complex enough
Setup Options
Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com iCloud Security Code correct horse battery staple PBKDF2 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Random iCSC
Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com iCloud Security Code correct horse battery staple PBKDF2 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Random iCSC
Random iCSC Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com
Random iCSC • Escrow Proxy is not used • Random iCSC (or derived key) stored on the device [haven’t verified]
Setup Options iCloud Keychain Keychain Sync Keychain Backup Master Password Escrow No iCloud Security Code Random iCloud Security Code Complex iCloud Security Code Simple iCloud Security Code
Conclusions Image: Apple Inc.
Conclusions • Trust your vendor but verify his claims • Never ever use simple iCloud Security Code • Do not think that SMS Apple sends you is a 2FA • Yet, iCK is reasonably well engineered although not without shortcomings
Thank You! Questions are welcome :-) ! ! @abelenko @hackappcom

Recommended

2014.11 asfws
2014.11 asfws2014.11 asfws
2014.11 asfwsCyber Security Alliance
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹ShengWen Chiou
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
Mining legal texts with Python
Mining legal texts with PythonMining legal texts with Python
Mining legal texts with PythonFlávio Codeço Coelho
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Mediacurrent
 

Recommended

2014.11 asfws
2014.11 asfws2014.11 asfws
2014.11 asfwsCyber Security Alliance
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹ShengWen Chiou
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
Mining legal texts with Python
Mining legal texts with PythonMining legal texts with Python
Mining legal texts with PythonFlávio Codeço Coelho
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Mediacurrent
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
Azure ADアプリケーションを使用した認証のあれやこれ
Azure ADアプリケーションを使用した認証のあれやこれAzure ADアプリケーションを使用した認証のあれやこれ
Azure ADアプリケーションを使用した認証のあれやこれDevTakas
 
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]日本マイクロソフト株式会社
 
ID連携における仮名
ID連携における仮名ID連携における仮名
ID連携における仮名Naohiro Fujie
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
GPT and Graph Data Science to power your Knowledge Graph
GPT and Graph Data Science to power your Knowledge GraphGPT and Graph Data Science to power your Knowledge Graph
GPT and Graph Data Science to power your Knowledge GraphNeo4j
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Yusuke Kodama
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
 
Sec007 条件付きアクセス
Sec007 条件付きアクセスSec007 条件付きアクセス
Sec007 条件付きアクセスTech Summit 2016
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfMike Felch
 
20231109_OpenID_TechNight_OpenID_Federation.pdf
20231109_OpenID_TechNight_OpenID_Federation.pdf20231109_OpenID_TechNight_OpenID_Federation.pdf
20231109_OpenID_TechNight_OpenID_Federation.pdfOpenID Foundation Japan
 
AWS の IoT 向けサービス
AWS の IoT 向けサービスAWS の IoT 向けサービス
AWS の IoT 向けサービスAmazon Web Services Japan
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesPeter Broadhurst
 
大学等におけるAzure AD B2Cを使用したSNS認証の活用
大学等におけるAzure AD B2Cを使用したSNS認証の活用大学等におけるAzure AD B2Cを使用したSNS認証の活用
大学等におけるAzure AD B2Cを使用したSNS認証の活用Naohiro Fujie
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~5 6
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
Web3 School
Web3 SchoolWeb3 School
Web3 SchoolTaiki Narita
 
Icloud seminar report
Icloud seminar reportIcloud seminar report
Icloud seminar reportRicha Dewani
 
iCloud - Apple Technology
iCloud - Apple TechnologyiCloud - Apple Technology
iCloud - Apple TechnologyAsmita Kalena
 

More Related Content

What's hot

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
Azure ADアプリケーションを使用した認証のあれやこれ
Azure ADアプリケーションを使用した認証のあれやこれAzure ADアプリケーションを使用した認証のあれやこれ
Azure ADアプリケーションを使用した認証のあれやこれDevTakas
 
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]日本マイクロソフト株式会社
 
ID連携における仮名
ID連携における仮名ID連携における仮名
ID連携における仮名Naohiro Fujie
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
GPT and Graph Data Science to power your Knowledge Graph
GPT and Graph Data Science to power your Knowledge GraphGPT and Graph Data Science to power your Knowledge Graph
GPT and Graph Data Science to power your Knowledge GraphNeo4j
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Yusuke Kodama
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
 
Sec007 条件付きアクセス
Sec007 条件付きアクセスSec007 条件付きアクセス
Sec007 条件付きアクセスTech Summit 2016
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfMike Felch
 
20231109_OpenID_TechNight_OpenID_Federation.pdf
20231109_OpenID_TechNight_OpenID_Federation.pdf20231109_OpenID_TechNight_OpenID_Federation.pdf
20231109_OpenID_TechNight_OpenID_Federation.pdfOpenID Foundation Japan
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesPeter Broadhurst
 
大学等におけるAzure AD B2Cを使用したSNS認証の活用
大学等におけるAzure AD B2Cを使用したSNS認証の活用大学等におけるAzure AD B2Cを使用したSNS認証の活用
大学等におけるAzure AD B2Cを使用したSNS認証の活用Naohiro Fujie
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~5 6
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 

What's hot (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
Azure ADアプリケーションを使用した認証のあれやこれ
Azure ADアプリケーションを使用した認証のあれやこれAzure ADアプリケーションを使用した認証のあれやこれ
Azure ADアプリケーションを使用した認証のあれやこれ
 
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
S12_Azure AD 活用術!アプリケーション認証を ADFS から移行しましょう。 [Microsoft Japan Digital Days]
 
ID連携における仮名
ID連携における仮名ID連携における仮名
ID連携における仮名
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
GPT and Graph Data Science to power your Knowledge Graph
GPT and Graph Data Science to power your Knowledge GraphGPT and Graph Data Science to power your Knowledge Graph
GPT and Graph Data Science to power your Knowledge Graph
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge Proof
 
Sec007 条件付きアクセス
Sec007 条件付きアクセスSec007 条件付きアクセス
Sec007 条件付きアクセス
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdf
 
20231109_OpenID_TechNight_OpenID_Federation.pdf
20231109_OpenID_TechNight_OpenID_Federation.pdf20231109_OpenID_TechNight_OpenID_Federation.pdf
20231109_OpenID_TechNight_OpenID_Federation.pdf
 
AWS の IoT 向けサービス
AWS の IoT 向けサービスAWS の IoT 向けサービス
AWS の IoT 向けサービス
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain Services
 
大学等におけるAzure AD B2Cを使用したSNS認証の活用
大学等におけるAzure AD B2Cを使用したSNS認証の活用大学等におけるAzure AD B2Cを使用したSNS認証の活用
大学等におけるAzure AD B2Cを使用したSNS認証の活用
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36
 
Web3 School
Web3 SchoolWeb3 School
Web3 School
 

Viewers also liked

Icloud seminar report
Icloud seminar reportIcloud seminar report
Icloud seminar reportRicha Dewani
 
iCloud - Apple Technology
iCloud - Apple TechnologyiCloud - Apple Technology
iCloud - Apple TechnologyAsmita Kalena
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
How apple can read your i messages
How apple can read your i messagesHow apple can read your i messages
How apple can read your i messagesArtem I. Baranov
 
SkyDrive vs. SkyDrive Pro - Hans Brender
SkyDrive vs. SkyDrive Pro - Hans Brender SkyDrive vs. SkyDrive Pro - Hans Brender
SkyDrive vs. SkyDrive Pro - Hans Brender Michael Greth
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5Satish b
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2avsorrent
 
Bio-Molecular Engineering is the Future of Molecular Biology
Bio-Molecular Engineering is the Future of Molecular BiologyBio-Molecular Engineering is the Future of Molecular Biology
Bio-Molecular Engineering is the Future of Molecular BiologyBob Eisenberg
 
soft-computing
soft-computing soft-computing
soft-computingstudent
 

Viewers also liked (17)

Icloud seminar report
Icloud seminar reportIcloud seminar report
Icloud seminar report
 
iCloud - Apple Technology
iCloud - Apple TechnologyiCloud - Apple Technology
iCloud - Apple Technology
 
iCloud by Apple
iCloud by AppleiCloud by Apple
iCloud by Apple
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
How apple can read your i messages
How apple can read your i messagesHow apple can read your i messages
How apple can read your i messages
 
SkyDrive vs. SkyDrive Pro - Hans Brender
SkyDrive vs. SkyDrive Pro - Hans Brender SkyDrive vs. SkyDrive Pro - Hans Brender
SkyDrive vs. SkyDrive Pro - Hans Brender
 
Icloud
IcloudIcloud
Icloud
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5
 
iCloud
iCloudiCloud
iCloud
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2
 
Bio-Molecular Engineering is the Future of Molecular Biology
Bio-Molecular Engineering is the Future of Molecular BiologyBio-Molecular Engineering is the Future of Molecular Biology
Bio-Molecular Engineering is the Future of Molecular Biology
 
icloud
icloudicloud
icloud
 
Apple iCloud
Apple iCloudApple iCloud
Apple iCloud
 
soft-computing
soft-computing soft-computing
soft-computing
 
SkyDrive
SkyDriveSkyDrive
SkyDrive
 
Bluejacking
BluejackingBluejacking
Bluejacking
 

Similar to iCloud keychain

Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13viaForensics
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2defconmoscow
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protectiondefconmoscow
 
Protect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreProtect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreStephane Carrez
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2ESUG
 
Encryption Boot Camp at Øredev
Encryption Boot Camp at ØredevEncryption Boot Camp at Øredev
Encryption Boot Camp at ØredevMatthew McCullough
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwordsFrancois Marier
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyRiscure
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
Overview and evolution of password-based authentication schemes
Overview and evolution of password-based authentication schemesOverview and evolution of password-based authentication schemes
Overview and evolution of password-based authentication schemesIgnat Korchagin
 
Cryptography for Smalltalkers
Cryptography for SmalltalkersCryptography for Smalltalkers
Cryptography for SmalltalkersESUG
 

Similar to iCloud keychain (20)

Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Protect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreProtect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada Keystore
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2
 
Encryption Boot Camp at Øredev
Encryption Boot Camp at ØredevEncryption Boot Camp at Øredev
Encryption Boot Camp at Øredev
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
Overview and evolution of password-based authentication schemes
Overview and evolution of password-based authentication schemesOverview and evolution of password-based authentication schemes
Overview and evolution of password-based authentication schemes
 
Cryptography for Smalltalkers
Cryptography for SmalltalkersCryptography for Smalltalkers
Cryptography for Smalltalkers
 

Recently uploaded

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 

Recently uploaded (20)

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 

iCloud keychain

  • 1. iCloud Keychain and iOS 7 Data Protection Andrey Belenko Sr. Security Engineer @ viaForensics ! Alexey Troshichev @hackappcom founder
  • 3. What’s inside? • Documents • Photos • Backups (SMS, application data, etc) • Keychain
  • 9. Brought to you by hackapp.com ! github.com/hackappcom/ibrute @hackappcom
  • 12. Intercepting SSL SSL Proxy (Burp, Charles, …) Root CA cert Proxy settings
  • 13. Authentication GET /authenticate AppleID, Password DsID, mmeAuthToken, fmipAuthToken icloud.com
  • 16.
  • 17.
  • 19. The Big Picture *.keyvalueservice.icloud.com *.escrowproxy.icloud.com Keychain items (encrypted) Keybag (encrypted) Some Secret
  • 20. Key-Value Store • Not new • Used extensively by many apps e.g. to keep preferences in sync across devices • iCloud Keychain utilises two stores: • com.apple.security.cloudkeychainproxy3 • Syncing between devices • com.apple.sbd3 (securebackupd3) • Copy to restore if no other devices
  • 21. Escrow Proxy • New; Designed to store precious secrets • Need to know iCSC to recover escrowed data • Need to receive SMS challenge • Must successfully complete SRP auth • User-Agent: com.apple.lakitu (iOS/OS X) Image: mariowiki.com
  • 22. Key-Value Store com.apple.security.cloudkeychainproxy3 S(usrPwd, D2_pub) S(D2_priv, (D1_pub, D2_pub)) S(D1_priv, D1_pub) S(userPwd, D1_pub) S(D1_priv, (D1_pub, D2_pub)) S(userPwd, (D1_pub, D2_pub))
  • 23. Key-Value Store com.apple.sbd3 Key Description com.apple.securebackup.enabled Is Keychain data saved in KVS? com.apple.securebackup.record Keychain records, encrypted SecureBackupMetadata iCSC complexity, timestamp, country BackupKeybag Keybag protecting Keychain records BackupUsesEscrow Is keybag password escrowed? BackupVersion Version, currently @“1” BackupUUID UUID of the backup
  • 25. 4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
  • 26. 4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit
  • 27. 4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394
  • 28. 4-digit iCSC [Default] Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394 *.keyvalueservice.icloud.com
  • 29. 4-digit iCSC [Default] iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394 *.keyvalueservice.icloud.com
  • 30. 4-digit iCSC [Default] iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit AES-Wrap Keys RFC 3394 *.keyvalueservice.icloud.com
  • 31. Secure Remote Password • Zero-knowledge password proof scheme • Combats sniffing/MITM • One password guess per connection attempt • Password verifier is not sufficient for impersonation • Escrow Proxy uses SRP-6a
  • 32. Key Negotiation a ← random, A ← g^a b ← random, B ← kv + g^b u ← H(A, B) u ← H(A, B) x ← H(SALT, Password) S ← (B - kg^x) ^ (a + ux) K ← H(S) S ← (Av^u) ^ b K ← H(S) Key Verification M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K) (Aborts if M is invalid) ID, A SALT, B M H(A, M, K) Password verifier: ! SALT ← random x ← H(SALT,Password) v ← g^x Agreed-upon parameters: ! H – one-way hash function N, g – group parameters k ← H(N, g)
  • 33. Key Negotiation a ← random, A ← g^a b ← random, B ← kv + g^b u ← H(A, B) u ← H(A, B) x ← H(SALT, Password) S ← (B - kg^x) ^ (a + ux) K ← H(S) S ← (Av^u) ^ b K ← H(S) Key Verification M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K) (Aborts if M is invalid) ID, A, SMS CODE SALT, B M, SMS CODE H(A, M, K) Password verifier: ! SALT ← random x ← H(SALT,Password) v ← g^x Agreed-upon parameters: ! H – SHA-256 N, g – RFC 5054 w. 2048-bit group k ← H(N, g)
  • 34. Escrowed Data Recovery *Display purposes only
  • 35. Escrowed Data Recovery /get_records List of escrowed records *Display purposes only
  • 36. Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* *Display purposes only
  • 37. Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* /generate_sms_challenge OK *Display purposes only
  • 38. Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* /generate_sms_challenge OK /srp_init [DsID, A, SMS CODE] [UUID, DsID, SALT, B] *Display purposes only
  • 39. Escrowed Data Recovery /get_records List of escrowed records /get_sms_targets List of phone numbers* /generate_sms_challenge OK /srp_init [DsID, A, SMS CODE] [UUID, DsID, SALT, B] /recover [UUID, DsID, M, SMS CODE] [IV, AES-CBC(KSRP, Escrowed Record)] *Display purposes only
  • 40. Escrow Proxy Endpoints Endpoint Description get_club_cert [?] Obtain certificate enroll Submit escrow record get_records List escrowed records get_sms_targets List SMS numbers for escrowed records generate_sms_challenge Generate and send challenge code srp_init First step of SRP protocol recover Second step of SRP protocol alter_sms_target Change SMS number
  • 41. Escrow Record iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com
  • 42. Escrow Record iCloud Security Code 1234 PBKDF2 Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword)
  • 43. Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword)
  • 44. Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple
  • 45. Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple • iCSC is 4 digits by default
  • 46. Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple • iCSC is 4 digits by default
  • 47. Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) EscrowRecord ← AES-CBC(Key, RandomPassword) • This is stored by Apple • iCSC is 4 digits by default Can you spot the problem yet?
  • 48. Escrow Record Key ← PBKDF2-SHA256(iCSC, 10’000) • Offline iCSC guessing is possible • Almost instant recovery [for default settings] • iCSC decrypts keybag password • Keybag password unlocks keybag keys • Keybag keys decrypt Keychain items
  • 49. Apple, or other adversary with access to stored data, can near-instantly decrypt “master” password and read synced iCloud Keychain records ! (for default settings)
  • 51. Complex iCSC correct horse battery staple PBKDF2 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb iCloud Security Code Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 SHA-256 x 10’000 AES-CBC 256 bit Backup Keybag Key 1 Key 2 Key 3 *.escrowproxy.icloud.com AES-Wrap Keys RFC 3394 AES-GCM 256 bit *.keyvalueservice.icloud.com
  • 52. Complex iCSC • Mechanics are the same as with simple iCSC • Offline password recovery attack is still possible, although pointless if password is complex enough
  • 54. Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com iCloud Security Code correct horse battery staple PBKDF2 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Random iCSC
  • 55. Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com iCloud Security Code correct horse battery staple PBKDF2 SHA-256 x 10’000 AES-CBC 256 bit *.escrowproxy.icloud.com Random iCSC
  • 56. Random iCSC Random Password BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4 Keychain Passwords yMa9ohCJ tzzcVhE7 sDVoCnb AES-Wrap Keys RFC 3394 Backup Keybag Key 1 Key 2 Key 3 AES-GCM 256 bit *.keyvalueservice.icloud.com
  • 57. Random iCSC • Escrow Proxy is not used • Random iCSC (or derived key) stored on the device [haven’t verified]
  • 58. Setup Options iCloud Keychain Keychain Sync Keychain Backup Master Password Escrow No iCloud Security Code Random iCloud Security Code Complex iCloud Security Code Simple iCloud Security Code
  • 60. Conclusions • Trust your vendor but verify his claims • Never ever use simple iCloud Security Code • Do not think that SMS Apple sends you is a 2FA • Yet, iCK is reasonably well engineered although not without shortcomings
  • 61. Thank You! Questions are welcome :-) ! ! @abelenko @hackappcom